Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-53108 (GCVE-0-2024-53108)
Vulnerability from cvelistv5 – Published: 2024-12-02 13:44 – Updated: 2025-10-01 20:17
VLAI?
EPSS
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Adjust VSDB parser for replay feature
At some point, the IEEE ID identification for the replay check in the
AMD EDID was added. However, this check causes the following
out-of-bounds issues when using KASAN:
[ 27.804016] BUG: KASAN: slab-out-of-bounds in amdgpu_dm_update_freesync_caps+0xefa/0x17a0 [amdgpu]
[ 27.804788] Read of size 1 at addr ffff8881647fdb00 by task systemd-udevd/383
...
[ 27.821207] Memory state around the buggy address:
[ 27.821215] ffff8881647fda00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 27.821224] ffff8881647fda80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 27.821234] >ffff8881647fdb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 27.821243] ^
[ 27.821250] ffff8881647fdb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 27.821259] ffff8881647fdc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 27.821268] ==================================================================
This is caused because the ID extraction happens outside of the range of
the edid lenght. This commit addresses this issue by considering the
amd_vsdb_block size.
(cherry picked from commit b7e381b1ccd5e778e3d9c44c669ad38439a861d8)
Severity ?
7.1 (High)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
ec8e59cb4e0c1a52d5a541fff9dcec398b48f7b4 , < 0a326fbc8f72a320051f27328d4d4e7abdfe68d7
(git)
Affected: ec8e59cb4e0c1a52d5a541fff9dcec398b48f7b4 , < 8db867061f4c76505ad62422b65d666b45289217 (git) Affected: ec8e59cb4e0c1a52d5a541fff9dcec398b48f7b4 , < 16dd2825c23530f2259fc671960a3a65d2af69bd (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-53108",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T20:10:47.739124Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T20:17:11.628Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0a326fbc8f72a320051f27328d4d4e7abdfe68d7",
"status": "affected",
"version": "ec8e59cb4e0c1a52d5a541fff9dcec398b48f7b4",
"versionType": "git"
},
{
"lessThan": "8db867061f4c76505ad62422b65d666b45289217",
"status": "affected",
"version": "ec8e59cb4e0c1a52d5a541fff9dcec398b48f7b4",
"versionType": "git"
},
{
"lessThan": "16dd2825c23530f2259fc671960a3a65d2af69bd",
"status": "affected",
"version": "ec8e59cb4e0c1a52d5a541fff9dcec398b48f7b4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.6"
},
{
"lessThan": "6.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.63",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.10",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "6.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Adjust VSDB parser for replay feature\n\nAt some point, the IEEE ID identification for the replay check in the\nAMD EDID was added. However, this check causes the following\nout-of-bounds issues when using KASAN:\n\n[ 27.804016] BUG: KASAN: slab-out-of-bounds in amdgpu_dm_update_freesync_caps+0xefa/0x17a0 [amdgpu]\n[ 27.804788] Read of size 1 at addr ffff8881647fdb00 by task systemd-udevd/383\n\n...\n\n[ 27.821207] Memory state around the buggy address:\n[ 27.821215] ffff8881647fda00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 27.821224] ffff8881647fda80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 27.821234] \u003effff8881647fdb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[ 27.821243] ^\n[ 27.821250] ffff8881647fdb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[ 27.821259] ffff8881647fdc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 27.821268] ==================================================================\n\nThis is caused because the ID extraction happens outside of the range of\nthe edid lenght. This commit addresses this issue by considering the\namd_vsdb_block size.\n\n(cherry picked from commit b7e381b1ccd5e778e3d9c44c669ad38439a861d8)"
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T13:06:43.676Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0a326fbc8f72a320051f27328d4d4e7abdfe68d7"
},
{
"url": "https://git.kernel.org/stable/c/8db867061f4c76505ad62422b65d666b45289217"
},
{
"url": "https://git.kernel.org/stable/c/16dd2825c23530f2259fc671960a3a65d2af69bd"
}
],
"title": "drm/amd/display: Adjust VSDB parser for replay feature",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-53108",
"datePublished": "2024-12-02T13:44:40.707Z",
"dateReserved": "2024-11-19T17:17:24.992Z",
"dateUpdated": "2025-10-01T20:17:11.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"6.6.63\", \"matchCriteriaId\": \"A8662D29-FAB3-4AA7-9D78-4CE4E4C2EC98\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.7\", \"versionEndExcluding\": \"6.11.10\", \"matchCriteriaId\": \"C256F46A-AFDD-4B99-AA4F-67D9D9D2C55A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F361E1D-580F-4A2D-A509-7615F73167A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"925478D0-3E3D-4E6F-ACD5-09F28D5DF82C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C95E234-D335-4B6C-96BF-E2CEBD8654ED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0F717D8-3014-4F84-8086-0124B2111379\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*\", \"matchCriteriaId\": \"24DBE6C7-2AAE-4818-AED2-E131F153D2FA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*\", \"matchCriteriaId\": \"24B88717-53F5-42AA-9B72-14C707639E3F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.12:rc7:*:*:*:*:*:*\", \"matchCriteriaId\": \"1EF8CD82-1EAE-4254-9545-F85AB94CF90F\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\ndrm/amd/display: Adjust VSDB parser for replay feature\\n\\nAt some point, the IEEE ID identification for the replay check in the\\nAMD EDID was added. However, this check causes the following\\nout-of-bounds issues when using KASAN:\\n\\n[ 27.804016] BUG: KASAN: slab-out-of-bounds in amdgpu_dm_update_freesync_caps+0xefa/0x17a0 [amdgpu]\\n[ 27.804788] Read of size 1 at addr ffff8881647fdb00 by task systemd-udevd/383\\n\\n...\\n\\n[ 27.821207] Memory state around the buggy address:\\n[ 27.821215] ffff8881647fda00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\\n[ 27.821224] ffff8881647fda80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\\n[ 27.821234] \u003effff8881647fdb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\\n[ 27.821243] ^\\n[ 27.821250] ffff8881647fdb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\\n[ 27.821259] ffff8881647fdc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\\n[ 27.821268] ==================================================================\\n\\nThis is caused because the ID extraction happens outside of the range of\\nthe edid lenght. This commit addresses this issue by considering the\\namd_vsdb_block size.\\n\\n(cherry picked from commit b7e381b1ccd5e778e3d9c44c669ad38439a861d8)\"}, {\"lang\": \"es\", \"value\": \"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Ajustar el analizador VSDB para la funci\\u00f3n de reproducci\\u00f3n En alg\\u00fan momento, se agreg\\u00f3 la identificaci\\u00f3n IEEE ID para la comprobaci\\u00f3n de reproducci\\u00f3n en AMD EDID. Sin embargo, esta comprobaci\\u00f3n provoca los siguientes problemas fuera de los l\\u00edmites al utilizar KASAN: [ 27.804016] ERROR: KASAN: slab-out-of-bounds en amdgpu_dm_update_freesync_caps+0xefa/0x17a0 [amdgpu] [ 27.804788] Lectura de tama\\u00f1o 1 en la direcci\\u00f3n ffff8881647fdb00 por la tarea systemd-udevd/383 ... [ 27.821207] Estado de la memoria alrededor de la direcci\\u00f3n con errores: [ 27.821215] ffff8881647fda00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821224] ffff8881647fda80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821234] \u0026gt;ffff8881647fdb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.821243] ^ [ 27.821250] ffff8881647fdb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.821259] ffff8881647fdc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821268] ===================================================================== Esto se debe a que la extracci\\u00f3n de ID se realiza fuera del rango de longitud de edid. Esta confirmaci\\u00f3n soluciona este problema al considerar el tama\\u00f1o de amd_vsdb_block. (seleccionado de el commit b7e381b1ccd5e778e3d9c44c669ad38439a861d8)\"}]",
"id": "CVE-2024-53108",
"lastModified": "2024-12-12T16:11:02.677",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\", \"baseScore\": 7.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.2}]}",
"published": "2024-12-02T14:15:11.617",
"references": "[{\"url\": \"https://git.kernel.org/stable/c/0a326fbc8f72a320051f27328d4d4e7abdfe68d7\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/16dd2825c23530f2259fc671960a3a65d2af69bd\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/8db867061f4c76505ad62422b65d666b45289217\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}]",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Analyzed",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-125\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-53108\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-12-02T14:15:11.617\",\"lastModified\":\"2025-10-01T21:16:31.870\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ndrm/amd/display: Adjust VSDB parser for replay feature\\n\\nAt some point, the IEEE ID identification for the replay check in the\\nAMD EDID was added. However, this check causes the following\\nout-of-bounds issues when using KASAN:\\n\\n[ 27.804016] BUG: KASAN: slab-out-of-bounds in amdgpu_dm_update_freesync_caps+0xefa/0x17a0 [amdgpu]\\n[ 27.804788] Read of size 1 at addr ffff8881647fdb00 by task systemd-udevd/383\\n\\n...\\n\\n[ 27.821207] Memory state around the buggy address:\\n[ 27.821215] ffff8881647fda00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\\n[ 27.821224] ffff8881647fda80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\\n[ 27.821234] \u003effff8881647fdb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\\n[ 27.821243] ^\\n[ 27.821250] ffff8881647fdb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\\n[ 27.821259] ffff8881647fdc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\\n[ 27.821268] ==================================================================\\n\\nThis is caused because the ID extraction happens outside of the range of\\nthe edid lenght. This commit addresses this issue by considering the\\namd_vsdb_block size.\\n\\n(cherry picked from commit b7e381b1ccd5e778e3d9c44c669ad38439a861d8)\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Ajustar el analizador VSDB para la funci\u00f3n de reproducci\u00f3n En alg\u00fan momento, se agreg\u00f3 la identificaci\u00f3n IEEE ID para la comprobaci\u00f3n de reproducci\u00f3n en AMD EDID. Sin embargo, esta comprobaci\u00f3n provoca los siguientes problemas fuera de los l\u00edmites al utilizar KASAN: [ 27.804016] ERROR: KASAN: slab-out-of-bounds en amdgpu_dm_update_freesync_caps+0xefa/0x17a0 [amdgpu] [ 27.804788] Lectura de tama\u00f1o 1 en la direcci\u00f3n ffff8881647fdb00 por la tarea systemd-udevd/383 ... [ 27.821207] Estado de la memoria alrededor de la direcci\u00f3n con errores: [ 27.821215] ffff8881647fda00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821224] ffff8881647fda80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821234] \u0026gt;ffff8881647fdb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.821243] ^ [ 27.821250] ffff8881647fdb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.821259] ffff8881647fdc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821268] ===================================================================== Esto se debe a que la extracci\u00f3n de ID se realiza fuera del rango de longitud de edid. Esta confirmaci\u00f3n soluciona este problema al considerar el tama\u00f1o de amd_vsdb_block. (seleccionado de el commit b7e381b1ccd5e778e3d9c44c669ad38439a861d8)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.2},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.6.63\",\"matchCriteriaId\":\"A8662D29-FAB3-4AA7-9D78-4CE4E4C2EC98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.11.10\",\"matchCriteriaId\":\"C256F46A-AFDD-4B99-AA4F-67D9D9D2C55A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F361E1D-580F-4A2D-A509-7615F73167A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"925478D0-3E3D-4E6F-ACD5-09F28D5DF82C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C95E234-D335-4B6C-96BF-E2CEBD8654ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0F717D8-3014-4F84-8086-0124B2111379\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"24DBE6C7-2AAE-4818-AED2-E131F153D2FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"24B88717-53F5-42AA-9B72-14C707639E3F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc7:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EF8CD82-1EAE-4254-9545-F85AB94CF90F\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0a326fbc8f72a320051f27328d4d4e7abdfe68d7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/16dd2825c23530f2259fc671960a3a65d2af69bd\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/8db867061f4c76505ad62422b65d666b45289217\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
}
}
FKIE_CVE-2024-53108
Vulnerability from fkie_nvd - Published: 2024-12-02 14:15 - Updated: 2025-10-01 21:16
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Adjust VSDB parser for replay feature
At some point, the IEEE ID identification for the replay check in the
AMD EDID was added. However, this check causes the following
out-of-bounds issues when using KASAN:
[ 27.804016] BUG: KASAN: slab-out-of-bounds in amdgpu_dm_update_freesync_caps+0xefa/0x17a0 [amdgpu]
[ 27.804788] Read of size 1 at addr ffff8881647fdb00 by task systemd-udevd/383
...
[ 27.821207] Memory state around the buggy address:
[ 27.821215] ffff8881647fda00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 27.821224] ffff8881647fda80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 27.821234] >ffff8881647fdb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 27.821243] ^
[ 27.821250] ffff8881647fdb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 27.821259] ffff8881647fdc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 27.821268] ==================================================================
This is caused because the ID extraction happens outside of the range of
the edid lenght. This commit addresses this issue by considering the
amd_vsdb_block size.
(cherry picked from commit b7e381b1ccd5e778e3d9c44c669ad38439a861d8)
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | 6.12 | |
| linux | linux_kernel | 6.12 | |
| linux | linux_kernel | 6.12 | |
| linux | linux_kernel | 6.12 | |
| linux | linux_kernel | 6.12 | |
| linux | linux_kernel | 6.12 | |
| linux | linux_kernel | 6.12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8662D29-FAB3-4AA7-9D78-4CE4E4C2EC98",
"versionEndExcluding": "6.6.63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C256F46A-AFDD-4B99-AA4F-67D9D9D2C55A",
"versionEndExcluding": "6.11.10",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*",
"matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*",
"matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*",
"matchCriteriaId": "24DBE6C7-2AAE-4818-AED2-E131F153D2FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*",
"matchCriteriaId": "24B88717-53F5-42AA-9B72-14C707639E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc7:*:*:*:*:*:*",
"matchCriteriaId": "1EF8CD82-1EAE-4254-9545-F85AB94CF90F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Adjust VSDB parser for replay feature\n\nAt some point, the IEEE ID identification for the replay check in the\nAMD EDID was added. However, this check causes the following\nout-of-bounds issues when using KASAN:\n\n[ 27.804016] BUG: KASAN: slab-out-of-bounds in amdgpu_dm_update_freesync_caps+0xefa/0x17a0 [amdgpu]\n[ 27.804788] Read of size 1 at addr ffff8881647fdb00 by task systemd-udevd/383\n\n...\n\n[ 27.821207] Memory state around the buggy address:\n[ 27.821215] ffff8881647fda00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 27.821224] ffff8881647fda80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 27.821234] \u003effff8881647fdb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[ 27.821243] ^\n[ 27.821250] ffff8881647fdb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[ 27.821259] ffff8881647fdc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 27.821268] ==================================================================\n\nThis is caused because the ID extraction happens outside of the range of\nthe edid lenght. This commit addresses this issue by considering the\namd_vsdb_block size.\n\n(cherry picked from commit b7e381b1ccd5e778e3d9c44c669ad38439a861d8)"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Ajustar el analizador VSDB para la funci\u00f3n de reproducci\u00f3n En alg\u00fan momento, se agreg\u00f3 la identificaci\u00f3n IEEE ID para la comprobaci\u00f3n de reproducci\u00f3n en AMD EDID. Sin embargo, esta comprobaci\u00f3n provoca los siguientes problemas fuera de los l\u00edmites al utilizar KASAN: [ 27.804016] ERROR: KASAN: slab-out-of-bounds en amdgpu_dm_update_freesync_caps+0xefa/0x17a0 [amdgpu] [ 27.804788] Lectura de tama\u00f1o 1 en la direcci\u00f3n ffff8881647fdb00 por la tarea systemd-udevd/383 ... [ 27.821207] Estado de la memoria alrededor de la direcci\u00f3n con errores: [ 27.821215] ffff8881647fda00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821224] ffff8881647fda80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821234] \u0026gt;ffff8881647fdb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.821243] ^ [ 27.821250] ffff8881647fdb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.821259] ffff8881647fdc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821268] ===================================================================== Esto se debe a que la extracci\u00f3n de ID se realiza fuera del rango de longitud de edid. Esta confirmaci\u00f3n soluciona este problema al considerar el tama\u00f1o de amd_vsdb_block. (seleccionado de el commit b7e381b1ccd5e778e3d9c44c669ad38439a861d8)"
}
],
"id": "CVE-2024-53108",
"lastModified": "2025-10-01T21:16:31.870",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-12-02T14:15:11.617",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/0a326fbc8f72a320051f27328d4d4e7abdfe68d7"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/16dd2825c23530f2259fc671960a3a65d2af69bd"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/8db867061f4c76505ad62422b65d666b45289217"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
SUSE-SU-2025:20246-1
Vulnerability from csaf_suse - Published: 2025-03-27 12:56 - Updated: 2025-03-27 12:56Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-52778: mptcp: deal with large GSO size (bsc#1224948).
- CVE-2023-52920: bpf: support non-r10 register spill/fill to/from stack in precision tracking (bsc#1232823).
- CVE-2024-26596: net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events (bsc#1220355).
- CVE-2024-26741: dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished() (bsc#1222587).
- CVE-2024-26782: mptcp: fix double-free on socket dismantle (bsc#1222590).
- CVE-2024-26953: net: esp: fix bad handling of pages from page_pool (bsc#1223656).
- CVE-2024-27017: netfilter: nft_set_pipapo: walk over current view on netlink dump (bsc#1223733).
- CVE-2024-35888: erspan: make sure erspan_base_hdr is present in skb->head (bsc#1224518).
- CVE-2024-36000: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (bsc#1224548).
- CVE-2024-36244: net/sched: taprio: extend minimum interval restriction to entire cycle too (bsc#1226797).
- CVE-2024-36883: net: fix out-of-bounds access in ops_init (bsc#1225725).
- CVE-2024-36886: tipc: fix UAF in error path (bsc#1225730).
- CVE-2024-36905: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (bsc#1225742).
- CVE-2024-36927: ipv4: Fix uninit-value access in __ip_make_skb() (bsc#1225813).
- CVE-2024-36954: tipc: fix a possible memleak in tipc_buf_append (bsc#1225764).
- CVE-2024-36968: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() (bsc#1226130).
- CVE-2024-38589: netrom: fix possible dead-lock in nr_rt_ioctl() (bsc#1226748).
- CVE-2024-40914: mm/huge_memory: do not unpoison huge_zero_folio (bsc#1227842).
- CVE-2024-41023: sched/deadline: Fix task_struct reference leak (bsc#1228430).
- CVE-2024-41031: mm/filemap: skip to create PMD-sized page cache if needed (bsc#1228454).
- CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620).
- CVE-2024-42102: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" (bsc#1233132).
- CVE-2024-44958: sched/smt: Fix unbalance sched_smt_present dec/inc (bsc#1230179).
- CVE-2024-44995: net: hns3: fix a deadlock problem when config TC during resetting (bsc#1230231).
- CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429).
- CVE-2024-45025: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (bsc#1230456).
- CVE-2024-46678: bonding: change ipsec_lock from spin lock to mutex (bsc#1230550).
- CVE-2024-46680: Bluetooth: btnxpuart: Fix random crash seen while removing driver (bsc#1230557).
- CVE-2024-46681: pktgen: use cpus_read_lock() in pg_net_init() (bsc#1230558).
- CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710)
- CVE-2024-46754: bpf: Remove tst_run from lwt_seg6local_prog_ops (bsc#1230801).
- CVE-2024-46765: ice: protect XDP configuration with a mutex (bsc#1230807).
- CVE-2024-46766: ice: move netif_queue_set_napi to rtnl-protected sections (bsc#1230762).
- CVE-2024-46770: ice: Add netif_device_attach/detach into PF reset flow (bsc#1230763).
- CVE-2024-46775: drm/amd/display: Validate function returns (bsc#1230774).
- CVE-2024-46777: udf: Avoid excessive partition lengths (bsc#1230773).
- CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827).
- CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191).
- CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197).
- CVE-2024-46826: ELF: fix kernel.randomize_va_space double read (bsc#1231115).
- CVE-2024-46831: net: microchip: vcap: Fix use-after-free error in kunit test (bsc#1231117).
- CVE-2024-46834: ethtool: fail closed if we can't get max channel used in indirection tables (bsc#1231096).
- CVE-2024-46840: btrfs: clean up our handling of refs == 0 in snapshot delete (bsc#1231105).
- CVE-2024-46841: btrfs: do not BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() (bsc#1231094).
- CVE-2024-46843: scsi: ufs: core: Remove SCSI host only if added (bsc#1231100).
- CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084).
- CVE-2024-46855: netfilter: nft_socket: fix sk refcount leaks (bsc#1231085).
- CVE-2024-46857: net/mlx5: Fix bridge mode operations when there are no VFs (bsc#1231087).
- CVE-2024-46870: drm/amd/display: Disable DMCUB timeout for DCN35 (bsc#1231435).
- CVE-2024-47658: crypto: stm32/cryp - call finalize with bh disabled (bsc#1231436).
- CVE-2024-47660: fsnotify: clear PARENT_WATCHED flags lazily (bsc#1231439).
- CVE-2024-47664: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware (bsc#1231442).
- CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673).
- CVE-2024-47679: vfs: fix race between evice_inodes() and find_inode()&iput() (bsc#1231930).
- CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987).
- CVE-2024-47685: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (bsc#1231998).
- CVE-2024-47687: vdpa/mlx5: Fix invalid mr resource destroy (bsc#1232003).
- CVE-2024-47692: nfsd: return -EINVAL when namelen is 0 (bsc#1231857).
- CVE-2024-47701: ext4: avoid OOB when system.data xattr changes underneath the filesystem (bsc#1231920).
- CVE-2024-47703: bpf, lsm: add check for BPF LSM return value (bsc#1231946).
- CVE-2024-47704: drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944).
- CVE-2024-47705: block: fix potential invalid pointer dereference in blk_add_partition (bsc#1231872).
- CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942).
- CVE-2024-47707: ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (bsc#1231935).
- CVE-2024-47710: sock_map: Add a cond_resched() in sock_hash_free() (bsc#1232049).
- CVE-2024-47727: x86/tdx: Fix "in-kernel MMIO" check (bsc#1232116).
- CVE-2024-47730: crypto: hisilicon/qm - inject error before stopping queue (bsc#1232075).
- CVE-2024-47731: drivers/perf: Fix ali_drw_pmu driver interrupt status clearing (bsc#1232117).
- CVE-2024-47739: padata: use integer wrap around to prevent deadlock on seq_nr overflow (bsc#1232124).
- CVE-2024-47741: btrfs: fix race setting file private on concurrent lseek using same fd (bsc#1231869).
- CVE-2024-47745: mm: call the security_mmap_file() LSM hook in remap_file_pages() (bsc#1232135).
- CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145).
- CVE-2024-47752: media: mediatek: vcodec: Fix H264 stateless decoder smatch warning (bsc#1232130).
- CVE-2024-47753: media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning (bsc#1231868).
- CVE-2024-47754: media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning (bsc#1232131).
- CVE-2024-49852: scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() (bsc#1232819).
- CVE-2024-49864: rxrpc: Fix a race between socket set up and I/O thread creation (bsc#1232256).
- CVE-2024-49867: btrfs: wait for fixup workers before stopping cleaner kthread during umount (bsc#1232262).
- CVE-2024-49868: btrfs: fix a NULL pointer dereference when failed to start a new trasacntion (bsc#1232272).
- CVE-2024-49881: ext4: update orig_path in ext4_find_extent() (bsc#1232201).
- CVE-2024-49882: ext4: fix double brelse() the buffer of the extents path (bsc#1232200).
- CVE-2024-49883: ext4: aovid use-after-free in ext4_ext_insert_extent() (bsc#1232199).
- CVE-2024-49888: bpf: Fix a sdiv overflow issue (bsc#1232208).
- CVE-2024-49890: drm/amd/pm: ensure the fw_info is not null before using it (bsc#1232217).
- CVE-2024-49892: drm/amd/display: Initialize get_bytes_per_element's default to 1 (bsc#1232220).
- CVE-2024-49894: drm/amd/display: Fix index out of bounds in degamma hardware format translation (bsc#1232354).
- CVE-2024-49895: drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation (bsc#1232352).
- CVE-2024-49896: drm/amd/display: Check stream before comparing them (bsc#1232221).
- CVE-2024-49897: drm/amd/display: Check phantom_stream before it is used (bsc#1232355).
- CVE-2024-49898: drm/amd/display: Check null-initialized variables (bsc#1232222).
- CVE-2024-49899: drm/amd/display: Initialize denominators' default to 1 (bsc#1232358).
- CVE-2024-49901: drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs (bsc#1232305).
- CVE-2024-49906: drm/amd/display: Check null pointer before try to access it (bsc#1232332).
- CVE-2024-49907: drm/amd/display: Check null pointers before using dc->clk_mgr (bsc#1232334).
- CVE-2024-49909: drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func (bsc#1232337).
- CVE-2024-49911: drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func (bsc#1232366).
- CVE-2024-49912: drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream' (bsc#1232367).
- CVE-2024-49913: drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream (bsc#1232307).
- CVE-2024-49914: drm/amd/display: Add null check for pipe_ctx->plane_state in (bsc#1232369).
- CVE-2024-49917: drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn30_init_hw (bsc#1231965).
- CVE-2024-49918: drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer (bsc#1231967).
- CVE-2024-49919: drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer (bsc#1231968).
- CVE-2024-49920: drm/amd/display: Check null pointers before multiple uses (bsc#1232313).
- CVE-2024-49921: drm/amd/display: Check null pointers before used (bsc#1232371).
- CVE-2024-49922: drm/amd/display: Check null pointers before using them (bsc#1232374).
- CVE-2024-49923: drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags (bsc#1232361).
- CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224)
- CVE-2024-49933: blk_iocost: fix more out of bound shifts (bsc#1232368).
- CVE-2024-49934: fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name (bsc#1232387).
- CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424).
- CVE-2024-49944: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start (bsc#1232166).
- CVE-2024-49945: net/ncsi: Disable the ncsi work before freeing the associated structure (bsc#1232165).
- CVE-2024-49946: ppp: do not assume bh is held in ppp_channel_bridge_input() (bsc#1232164).
- CVE-2024-49949: net: avoid potential underflow in qdisc_pkt_len_init() with UFO (bsc#1232160).
- CVE-2024-49950: Bluetooth: L2CAP: Fix uaf in l2cap_connect (bsc#1232159).
- CVE-2024-49952: netfilter: nf_tables: prevent nf_skb_duplicated corruption (bsc#1232157).
- CVE-2024-49953: net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice (bsc#1232156).
- CVE-2024-49954: static_call: Replace pointless WARN_ON() in static_call_module_notify() (bsc#1232155).
- CVE-2024-49958: ocfs2: reserve space for inline xattr before attaching reflink tree (bsc#1232151).
- CVE-2024-49959: jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (bsc#1232149).
- CVE-2024-49960: ext4: fix timer use-after-free on failed mount (bsc#1232395).
- CVE-2024-49967: ext4: no need to continue when the number of entries is 1 (bsc#1232140).
- CVE-2024-49968: ext4: filesystems without casefold feature cannot be mounted with siphash (bsc#1232264).
- CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519).
- CVE-2024-49972: drm/amd/display: Deallocate DML memory if allocation fails (bsc#1232315).
- CVE-2024-49973: r8169: add tally counter fields added with RTL8125 (bsc#1232105).
- CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383).
- CVE-2024-49983: ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free (bsc#1232096).
- CVE-2024-49986: platform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors (bsc#1232093).
- CVE-2024-49987: bpftool: Fix undefined behavior in qsort(NULL, 0, ...) (bsc#1232258).
- CVE-2024-49989: drm/amd/display: fix double free issue during amdgpu module unload (bsc#1232483).
- CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282).
- CVE-2024-49993: iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count (bsc#1232316).
- CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432).
- CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points (bsc#1232089).
- CVE-2024-50000: net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (bsc#1232085).
- CVE-2024-50001: net/mlx5: Fix error path in multi-packet WQE transmit (bsc#1232084).
- CVE-2024-50002: static_call: Handle module init failure correctly in static_call_del_module() (bsc#1232083).
- CVE-2024-50003: drm/amd/display: Fix system hang while resume with TBT monitor (bsc#1232385).
- CVE-2024-50004: drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35 (bsc#1232396).
- CVE-2024-50006: ext4: fix i_data_sem unlock order in ext4_ind_migrate() (bsc#1232442).
- CVE-2024-50009: cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value (bsc#1232318).
- CVE-2024-50012: cpufreq: Avoid a bad reference count on CPU node (bsc#1232386).
- CVE-2024-50014: ext4: fix access to uninitialised lock in fc replay path (bsc#1232446).
- CVE-2024-50015: ext4: dax: fix overflowing extents beyond inode size when partially writing (bsc#1232079).
- CVE-2024-50020: ice: Fix improper handling of refcount in ice_sriov_set_msix_vec_count() (bsc#1231989).
- CVE-2024-50021: ice: Fix improper handling of refcount in ice_dpll_init_rclk_pins() (bsc#1231957).
- CVE-2024-50022: device-dax: correct pgoff align in dax_set_mapping() (bsc#1231956).
- CVE-2024-50024: net: Fix an unsafe loop on the list (bsc#1231954).
- CVE-2024-50027: thermal: core: Free tzp copy along with the thermal zone (bsc#1231951).
- CVE-2024-50028: thermal: core: Reference count the zone in thermal_zone_get_by_id() (bsc#1231950).
- CVE-2024-50033: slip: make slhc_remember() more robust against malicious packets (bsc#1231914).
- CVE-2024-50035: ppp: fix ppp_async_encode() illegal access (bsc#1232392).
- CVE-2024-50040: igb: Do not bring the device up after non-fatal error (bsc#1231908).
- CVE-2024-50041: i40e: Fix macvlan leak by synchronizing access to mac_filter_hash (bsc#1231907).
- CVE-2024-50042: ice: Fix increasing MSI-X on VF (bsc#1231906).
- CVE-2024-50045: netfilter: br_netfilter: fix panic with metadata_dst skb (bsc#1231903).
- CVE-2024-50046: NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() (bsc#1231902).
- CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418).
- CVE-2024-50059: ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition (bsc#1232345).
- CVE-2024-50060: io_uring: check if we need to reschedule during overflow flush (bsc#1232417).
- CVE-2024-50063: bpf: Prevent tail call between progs attached to different hooks (bsc#1232435).
- CVE-2024-50064: zram: free secondary algorithms names (bsc#1231901).
- CVE-2024-50080: ublk: do not allow user copy for unprivileged device (bsc#1232502).
- CVE-2024-50081: blk-mq: setup queue ->tag_set before initializing hctx (bsc#1232501).
- CVE-2024-50082: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (bsc#1232500).
- CVE-2024-50084: net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test() (bsc#1232494).
- CVE-2024-50087: btrfs: fix uninitialized pointer free on read_alloc_one_name() error (bsc#1232499).
- CVE-2024-50088: btrfs: fix uninitialized pointer free in add_inode_ref() (bsc#1232498).
- CVE-2024-50098: scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down (bsc#1232881).
- CVE-2024-50110: xfrm: fix one more kernel-infoleak in algo dumping (bsc#1232885).
- CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919).
- CVE-2024-50124: Bluetooth: ISO: Fix UAF on iso_sock_timeout (bsc#1232926).
- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928).
- CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907).
- CVE-2024-50128: net: wwan: fix global oob in wwan_rtnl_policy (bsc#1232905).
- CVE-2024-50130: netfilter: bpf: must hold reference on net namespace (bsc#1232894).
- CVE-2024-50138: bpf: Use raw_spinlock_t in ringbuf (bsc#1232935).
- CVE-2024-50139: KVM: arm64: Fix shift-out-of-bounds bug (bsc#1233062).
- CVE-2024-50145: octeon_ep: add SKB allocation failures handling in __octep_oq_process_rx() (bsc#1233044).
- CVE-2024-50153: scsi: target: core: Fix null-ptr-deref in target_alloc_device() (bsc#1233061).
- CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233070).
- CVE-2024-50166: fsl/fman: Fix refcount handling of fman-related devices (bsc#1233050).
- CVE-2024-50167: be2net: fix potential memory leak in be_xmit() (bsc#1233049).
- CVE-2024-50169: vsock: Update rx_bytes on read_skb() (bsc#1233320).
- CVE-2024-50171: net: systemport: fix potential memory leak in bcm_sysport_xmit() (bsc#1233057).
- CVE-2024-50177: drm/amd/display: fix a UBSAN warning in DML2.1 (bsc#1233115).
- CVE-2024-50182: secretmem: disable memfd_secret() if arch cannot set direct map (bsc#1233129).
- CVE-2024-50184: virtio_pmem: Check device status before requesting flush (bsc#1233135).
- CVE-2024-50186: net: explicitly clear the sk pointer, when pf->create fails (bsc#1233110).
- CVE-2024-50192: irqchip/gic-v4: Do not allow a VMOVP on a dying VPE (bsc#1233106).
- CVE-2024-50225: btrfs: fix error propagation of split bios (bsc#1233193).
- CVE-2024-50228: mm: shmem: fix data-race in shmem_getattr() (bsc#1233204).
- CVE-2024-50230: nilfs2: fix kernel bug due to missing clearing of checked flag (bsc#1233206).
- CVE-2024-50245: fs/ntfs3: Fix possible deadlock in mi_read (bsc#1233203).
- CVE-2024-50246: fs/ntfs3: Add rough attr alloc_size check (bsc#1233207).
- CVE-2024-50250: fsdax: dax_unshare_iter needs to copy entire blocks (bsc#1233226).
- CVE-2024-50252: mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address (bsc#1233201).
- CVE-2024-50257: netfilter: Fix use-after-free in get_info() (bsc#1233244).
- CVE-2024-50261: macsec: Fix use-after-free while sending the offloading packet (bsc#1233253).
- CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453).
- CVE-2024-50271: signal: restore the override_rlimit logic (bsc#1233460).
- CVE-2024-50273: btrfs: reinitialize delayed ref list after deleting it from the list (bsc#1233462).
- CVE-2024-50274: idpf: avoid vport access in idpf_get_link_ksettings (bsc#1233463).
- CVE-2024-50275: arm64/sve: Discard stale CPU state when handling SVE traps (bsc#1233464).
- CVE-2024-50276: net: vertexcom: mse102x: Fix possible double free of TX skb (bsc#1233465).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
- CVE-2024-50289: media: av7110: fix a spectre vulnerability (bsc#1233478).
- CVE-2024-50295: net: arc: fix the device for dma_map_single/dma_unmap_single (bsc#1233484).
- CVE-2024-50296: net: hns3: fix kernel crash when uninstalling driver (bsc#1233485).
- CVE-2024-50298: net: enetc: allocate vf_state during PF probes (bsc#1233487).
- CVE-2024-53042: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() (bsc#1233540).
- CVE-2024-53043: mctp i2c: handle NULL header address (bsc#1233523).
- CVE-2024-53048: ice: fix crash on probe for DPLL enabled E810 LOM (bsc#1233721).
- CVE-2024-53051: drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability (bsc#1233547).
- CVE-2024-53055: wifi: iwlwifi: mvm: fix 6 GHz scan construction (bsc#1233550).
- CVE-2024-53056: drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy() (bsc#1233568).
- CVE-2024-53058: net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data (bsc#1233552).
- CVE-2024-53079: mm/thp: fix deferred split unqueue naming and locking (bsc#1233570).
- CVE-2024-53082: virtio_net: Add hash_key_length check (bsc#1233573).
- CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642).
- CVE-2024-53110: vp_vdpa: fix id_table array not null terminated error (bsc#1234085).
- CVE-2024-53121: net/mlx5: fs, lock FTE when checking if active (bsc#1234078).
- CVE-2024-53138: net/mlx5e: kTLS, Fix incorrect page refcounting (bsc#1234223).
The following non-security bugs were fixed:
- 9p: explicitly deny setlease attempts (git-fixes).
- ACPI: CPPC: Add support for setting EPP register in FFH (stable-fixes).
- ACPI: CPPC: Fix _CPC register setting issue (git-fixes).
- ACPI: CPPC: Make rmw_lock a raw_spin_lock (git-fixes).
- ACPI: EC: Do not release locks during operation region accesses (stable-fixes).
- ACPI: PAD: fix crash in exit_round_robin() (stable-fixes).
- ACPI: PRM: Clean up guid type in struct prm_handler_info (git-fixes).
- ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context (git-fixes).
- ACPI: battery: Fix possible crash when unregistering a battery hook (git-fixes).
- ACPI: battery: Simplify battery hook locking (stable-fixes).
- ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue (stable-fixes).
- ACPI: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[] (stable-fixes).
- ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[] (stable-fixes).
- ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[] (stable-fixes).
- ACPI: resource: Add another DMI match for the TongFang GMxXGxx (stable-fixes).
- ACPI: video: Add force_vendor quirk for Panasonic Toughbook CF-18 (stable-fixes).
- ACPICA: Fix memory leak if acpi_ps_get_next_field() fails (stable-fixes).
- ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails (stable-fixes).
- ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() (stable-fixes).
- ACPICA: iasl: handle empty connection_node (stable-fixes).
- ALSA/hda: intel-sdw-acpi: cleanup sdw_intel_scan_controller (stable-fixes).
- ALSA/hda: intel-sdw-acpi: fetch fwnode once in sdw_intel_scan_controller() (stable-fixes).
- ALSA/hda: intel-sdw-acpi: simplify sdw-master-count property read (stable-fixes).
- ALSA: 6fire: Release resources at card release (git-fixes).
- ALSA: Reorganize kerneldoc parameter names (stable-fixes).
- ALSA: ac97: bus: Fix the mistake in the comment (git-fixes).
- ALSA: asihpi: Fix potential OOB array access (stable-fixes).
- ALSA: caiaq: Use snd_card_free_when_closed() at disconnection (git-fixes).
- ALSA: core: add isascii() check to card ID generator (stable-fixes).
- ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (git-fixes).
- ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init() (git-fixes).
- ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2 (stable-fixes).
- ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne 1000 G2 (git-fixes).
- ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin (git-fixes).
- ALSA: hda/conexant: fix Z60MR100 startup pop issue (stable-fixes).
- ALSA: hda/conexant: fix some typos (stable-fixes).
- ALSA: hda/cs8409: Fix possible NULL dereference (git-fixes).
- ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs (bsc#1219803).
- ALSA: hda/realtek - Fixed Clevo platform headset Mic issue (stable-fixes).
- ALSA: hda/realtek - update set GPIO3 to default for Thinkpad with ALC1318 (git-fixes).
- ALSA: hda/realtek: Add a quirk for HP Pavilion 15z-ec200 (stable-fixes).
- ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9 (stable-fixes).
- ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593 (stable-fixes).
- ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13 (stable-fixes).
- ALSA: hda/realtek: Add support for Samsung Galaxy Book3 360 (NP730QFG) (stable-fixes).
- ALSA: hda/realtek: Apply quirk for Medion E15433 (bsc#1233298).
- ALSA: hda/realtek: Enable mic on Vaio VJFH52 (stable-fixes).
- ALSA: hda/realtek: Enable mute and micmute LED on HP ProBook 430 G8 (stable-fixes).
- ALSA: hda/realtek: Enable speaker pins for Medion E15443 platform (bsc#1233298).
- ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max (bsc#1233298).
- ALSA: hda/realtek: Fix headset mic on TUXEDO Gemini 17 Gen3 (stable-fixes).
- ALSA: hda/realtek: Fix headset mic on TUXEDO Stellaris 16 Gen6 mb1 (stable-fixes).
- ALSA: hda/realtek: Fix the push button function for the ALC257 (git-fixes).
- ALSA: hda/realtek: Limit internal Mic boost on Dell platform (stable-fixes).
- ALSA: hda/realtek: Refactor and simplify Samsung Galaxy Book init (stable-fixes).
- ALSA: hda/realtek: Set PCBeep to default value for ALC274 (stable-fixes).
- ALSA: hda/realtek: Update ALC225 depop procedure (git-fixes).
- ALSA: hda/realtek: Update ALC256 depop procedure (git-fixes).
- ALSA: hda/realtek: Update default depop procedure (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LED for HP mt645 G8 (stable-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP EliteBook 645 G10 (stable-fixes).
- ALSA: hda/realtek: tas2781: Fix ROG ALLY X audio (stable-fixes).
- ALSA: hda/tas2781: Add new quirk for Lenovo Y990 Laptop (stable-fixes).
- ALSA: hda/tas2781: Add new quirk for Lenovo, ASUS, Dell projects (stable-fixes).
- ALSA: hda/tas2781: select CRC32 instead of CRC32_SARWATE (git-fixes).
- ALSA: hda: Poll jack events for LS7A HD-Audio (stable-fixes).
- ALSA: hda: Show the codec quirk info at probing (stable-fixes).
- ALSA: hda: Sound support for HP Spectre x360 16 inch model 2024 (stable-fixes).
- ALSA: hda: tas2781: Fix missing setup at runtime PM (bsc#1230132).
- ALSA: hdsp: Break infinite MIDI input flush loop (stable-fixes).
- ALSA: ice1712: Remove redundant code in stac9460_dac_vol_put (stable-fixes).
- ALSA: line6: add hw monitor volume control to POD HD500X (stable-fixes).
- ALSA: line6: update contact information (stable-fixes).
- ALSA: mixer_oss: Remove some incorrect kfree_const() usages (git-fixes).
- ALSA: pcm: Add sanity NULL check for the default mmap fault handler (stable-fixes).
- ALSA: silence integer wrapping warning (stable-fixes).
- ALSA: ump: Fix evaluation of MIDI 1.0 FB info (git-fixes).
- ALSA: us122l: Use snd_card_free_when_closed() at disconnection (git-fixes).
- ALSA: usb-audio: Add Pioneer DJ/AlphaTheta DJM-A9 Mixer (stable-fixes).
- ALSA: usb-audio: Add delay quirk for VIVO USB-C HEADSET (stable-fixes).
- ALSA: usb-audio: Add input value sanity checks for standard types (stable-fixes).
- ALSA: usb-audio: Add logitech Audio profile quirk (stable-fixes).
- ALSA: usb-audio: Add native DSD support for Luxman D-08u (stable-fixes).
- ALSA: usb-audio: Add quirk for HP 320 FHD Webcam (bsc#1232768).
- ALSA: usb-audio: Add quirks for Dell WD19 dock (stable-fixes).
- ALSA: usb-audio: Define macros for quirk table entries (stable-fixes).
- ALSA: usb-audio: Fix Yamaha P-125 Quirk Entry (stable-fixes).
- ALSA: usb-audio: Fix a DMA to stack memory bug (git-fixes).
- ALSA: usb-audio: Fix out of bounds reads when finding clock sources (stable-fixes).
- ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices (git-fixes).
- ALSA: usb-audio: Make mic volume workarounds globally applicable (stable-fixes).
- ALSA: usb-audio: Replace complex quirk lines with macros (stable-fixes).
- ALSA: usb-audio: Use snprintf instead of sprintf in build_mixer_unit_ctl (stable-fixes).
- ALSA: usb-audio: add mixer mapping for Corsair HS80 (stable-fixes).
- ALSA: usx2y: Use snd_card_free_when_closed() at disconnection (git-fixes).
- ASoC: Intel: avs: da7219: Remove suspend_pre() and resume_post() (stable-fixes).
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet (stable-fixes).
- ASoC: Intel: bytcr_rt5640: Add support for non ACPI instantiated codec (stable-fixes).
- ASoC: Intel: sst: Fix used of uninitialized ctx to log an error (git-fixes).
- ASoC: Intel: sst: Support LPE0F28 ACPI HID (stable-fixes).
- ASoC: SOF: Add i2s bt dai configuration support for AMD platforms (bsc#1233305).
- ASoC: SOF: Add support for configuring PDM interface from topology (bsc#1233305).
- ASoC: SOF: Deprecate invalid enums in IPC3 (bsc#1233305).
- ASoC: SOF: IPC4: get pipeline priority from topology (bsc#1233305).
- ASoC: SOF: IPC4: synchronize fw_config_params with fw definitions (bsc#1233305).
- ASoC: SOF: Refactor sof_i2s_tokens reading to update acpbt dai (bsc#1233305).
- ASoC: SOF: Rename amd_bt sof_dai_type (bsc#1233305).
- ASoC: SOF: Wire up buffer flags (bsc#1233305).
- ASoC: SOF: add alignment for topology header file struct definition (bsc#1233305).
- ASoC: SOF: align topology header file with sof topology header (bsc#1233305).
- ASoC: SOF: ipc3-topology: Convert the topology pin index to ALH dai index (git-fixes).
- ASoC: SOF: ipc3-topology: fix resource leaks in sof_ipc3_widget_setup_comp_dai() (git-fixes).
- ASoC: SOF: ipc4-control: Add support for ALSA enum control (bsc#1233305).
- ASoC: SOF: ipc4-control: Add support for ALSA switch control (bsc#1233305).
- ASoC: SOF: ipc4-mtrace: move debug slot related definitions to header.h (bsc#1233305).
- ASoC: SOF: ipc4-topology: Add deep buffer size to debug prints (bsc#1233305).
- ASoC: SOF: ipc4-topology: Add definition for generic switch/enum control (bsc#1233305).
- ASoC: SOF: ipc4-topology: Add module ID print during module set up (bsc#1233305).
- ASoC: SOF: ipc4-topology: Helper to find an swidget by module/instance id (bsc#1233305).
- ASoC: SOF: ipc4-topology: Only handle dai_config with HW_PARAMS for ChainDMA (bsc#1233305).
- ASoC: SOF: ipc4-topology: change chain_dma handling in dai_config (bsc#1233305).
- ASoC: SOF: ipc4-topology: export sof_ipc4_copier_is_single_format (bsc#1233305).
- ASoC: SOF: ipc4-topology: set config_length based on device_count (bsc#1233305).
- ASoC: SOF: ipc4: Add data struct for module notification message from firmware (bsc#1233305).
- ASoC: SOF: ipc4: Add new message type: SOF_IPC4_GLB_LOAD_LIBRARY_PREPARE (bsc#1233305).
- ASoC: SOF: sof-client-probes-ipc4: Set param_size extension bits (git-fixes).
- ASoC: SOF: topology: Parse DAI type token for dspless mode (bsc#1233305).
- ASoC: SOF: topology: dynamically allocate and store DAI widget->private (bsc#1233305).
- ASoC: amd: yc: Add quirk for ASUS Vivobook S15 M3502RA (stable-fixes).
- ASoC: amd: yc: Add quirk for HP Dragonfly pro one (stable-fixes).
- ASoC: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry (git-fixes).
- ASoC: amd: yc: Fix non-functional mic on ASUS E1404FA (stable-fixes).
- ASoC: amd: yc: Support dmic on another model of Lenovo Thinkpad E14 Gen 6 (stable-fixes).
- ASoC: amd: yc: fix internal mic on Xiaomi Book Pro 14 2022 (stable-fixes).
- ASoC: atmel: mchp-pdmc: Skip ALSA restoration if substream runtime is uninitialized (git-fixes).
- ASoC: audio-graph-card2: Purge absent supplies for device tree nodes (stable-fixes).
- ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() (git-fixes).
- ASoC: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to default regs values (stable-fixes).
- ASoC: codecs: rt5640: Always disable IRQs from rt5640_cancel_work() (stable-fixes).
- ASoC: codecs: wsa883x: Handle reading version failure (stable-fixes).
- ASoC: cs42l51: Fix some error handling paths in cs42l51_probe() (git-fixes).
- ASoC: dapm: fix bounds checker error in dapm_widget_list_create (git-fixes).
- ASoC: fsl_micfil: Add sample rate constraint (stable-fixes).
- ASoC: fsl_micfil: fix regmap_write_bits usage (git-fixes).
- ASoC: fsl_sai: Enable 'FIFO continue on error' FCONT bit (stable-fixes).
- ASoC: imx-card: Set card.owner to avoid a warning calltrace if SND=m (git-fixes).
- ASoC: max98388: Fix missing increment of variable slot_found (git-fixes).
- ASoC: mediatek: mt8188-mt6359: Remove hardcoded dmic codec (git-fixes).
- ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() (git-fixes).
- ASoC: qcom: sm8250: add qrb4210-rb2-sndcard compatible string (stable-fixes).
- ASoC: rt722-sdca: Remove logically deadcode in rt722-sdca.c (git-fixes).
- ASoC: rt722-sdca: increase clk_stop_timeout to fix clock stop issue (stable-fixes).
- ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove (git-fixes).
- ASoC: stm: Prevent potential division by zero in stm32_sai_get_clk_div() (stable-fixes).
- ASoC: stm: Prevent potential division by zero in stm32_sai_mclk_round_rate() (stable-fixes).
- ASoC: tas2781: Add new driver version for tas2563 & tas2781 qfn chip (stable-fixes).
- ASoC: tas2781: Use of_property_read_reg() (stable-fixes).
- Bluetooth: Call iso_exit() on module unload (git-fixes).
- Bluetooth: ISO: Fix multiple init when debugfs is disabled (git-fixes).
- Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync (git-fixes).
- Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change (git-fixes).
- Bluetooth: Remove debugfs directory on module init failure (git-fixes).
- Bluetooth: bnep: fix wild-memory-access in proto_unregister (git-fixes).
- Bluetooth: btintel: Direct exception event to bluetooth stack (git-fixes).
- Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test (bsc#1230557)
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0489:0xe122 (stable-fixes).
- Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 (git-fixes).
- Bluetooth: fix use-after-free in device_for_each_child() (git-fixes).
- Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs (git-fixes).
- Bluetooth: hci_core: Fix calling mgmt_device_connected (git-fixes).
- Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (git-fixes).
- Documentation: kgdb: Correct parameter error (git-fixes).
- HID: Ignore battery for all ELAN I2C-HID devices (stable-fixes).
- HID: amd_sfh: Switch to device-managed dmam_alloc_coherent() (git-fixes).
- HID: core: zero-initialize the report buffer (git-fixes).
- HID: i2c-hid: Remove I2C_HID_QUIRK_SET_PWR_WAKEUP_DEV quirk (stable-fixes).
- HID: lenovo: Add support for Thinkpad X1 Tablet Gen 3 keyboard (stable-fixes).
- HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad (stable-fixes).
- HID: multitouch: Add quirk for Logitech Bolt receiver w/ Casa touchpad (stable-fixes).
- HID: multitouch: Add support for B2402FVA track point (stable-fixes).
- HID: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio (stable-fixes).
- HID: multitouch: Add support for lenovo Y9000P Touchpad (stable-fixes).
- HID: plantronics: Workaround for an unexcepted opposite volume key (stable-fixes).
- HID: wacom: Interpret tilt data from Intuos Pro BT as signed values (git-fixes).
- HID: wacom: fix when get product name maybe null pointer (git-fixes).
- Input: adp5589-keys - fix NULL pointer dereference (git-fixes).
- Input: adp5589-keys - fix adp5589_gpio_get_value() (git-fixes).
- Input: edt-ft5x06 - fix regmap leak when probe fails (git-fixes).
- Input: hideep - add missing dependency on REGMAP_I2C (git-fixes).
- Input: hycon-hy46xx - add missing dependency on REGMAP_I2C (git-fixes).
- Input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk table (stable-fixes).
- Input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk table (stable-fixes).
- Input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD line (stable-fixes).
- Input: xpad - add GameSir T4 Kaleid Controller support (git-fixes).
- Input: xpad - add GameSir VID for Xbox One controllers (git-fixes).
- Input: xpad - add support for 8BitDo Ultimate 2C Wireless Controller (git-fixes).
- Input: xpad - add support for MSI Claw A1M (git-fixes).
- Input: xpad - add support for Machenike G5 Pro Controller (git-fixes).
- Input: xpad - fix support for some third-party controllers (git-fixes).
- Input: xpad - sort xpad_device by vendor and product ID (git-fixes).
- Input: xpad - spelling fixes for "Xbox" (git-fixes).
- KVM: Fix coalesced_mmio_has_room() to avoid premature userspace exit (git-fixes).
- KVM: PPC: Book3S HV: Avoid returning to nested hypervisor on pending doorbells (bsc#1215199).
- KVM: PPC: Book3S HV: Stop using vc->dpdes for nested KVM guests (bsc#1215199).
- KVM: PPC: Book3S HV: remove unused varible (bsc#1194869).
- KVM: SEV-ES: Fix svm_get_msr()/svm_set_msr() for KVM_SEV_ES_INIT guests (bsc#1232207).
- KVM: SEV-ES: Prevent MSR access post VMSA encryption (bsc#1232207).
- KVM: SVM: Disallow guest from changing userspace's MSR_AMD64_DE_CFG value (git-fixes).
- KVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock (git-fixes).
- KVM: VMX: Also clear SGX EDECCSSA in KVM CPU caps when SGX is disabled (git-fixes).
- KVM: VMX: Set PFERR_GUEST_{FINAL,PAGE}_MASK if and only if the GVA is valid (git-fixes).
- KVM: Write the per-page "segment" when clearing (part of) a guest page (git-fixes).
- KVM: s390: Change virtual to physical address access in diag 0x258 handler (git-fixes bsc#1232626).
- KVM: s390: Fix SORTL and DFLTCC instruction format error in __insn32_query (git-fixes bsc#1231276).
- KVM: s390: gaccess: Check if guest address is in memslot (git-fixes bsc#1232623).
- KVM: x86/mmu: Skip emulation on page fault iff 1+ SPs were unprotected (git-fixes).
- KVM: x86/mmu: Trigger unprotect logic only on write-protection page faults (git-fixes).
- KVM: x86: Dedup fastpath MSR post-handling logic (git-fixes).
- KVM: x86: Enforce x2APIC's must-be-zero reserved ICR bits (git-fixes).
- KVM: x86: Exit to userspace if fastpath triggers one on instruction skip (git-fixes).
- KVM: x86: Move x2APIC ICR helper above kvm_apic_write_nodecode() (git-fixes).
- KVM: x86: Re-enter guest if WRMSR(X2APIC_ICR) fastpath is successful (git-fixes).
- KVM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC) (git-fixes).
- NFS: Avoid unnecessary rescanning of the per-server delegation list (git-fixes).
- NFS: remove revoked delegation from server's delegation list (git-fixes).
- NFSD: Fix NFSv4's PUTPUBFH operation (git-fixes).
- NFSD: Mark filecache "down" if init fails (git-fixes).
- NFSv3: only use NFS timeout for MOUNT when protocols are compatible (bsc#1231016).
- NFSv4: Fix clearing of layout segments in layoutreturn (git-fixes).
- PCI: Add ACS quirk for Qualcomm SA8775P (stable-fixes).
- PCI: Add T_PVPERL macro (git-fixes).
- PCI: Add function 0 DMA alias quirk for Glenfly Arise chip (stable-fixes).
- PCI: Fix pci_enable_acs() support for the ACS quirks (bsc#1229019).
- PCI: Fix reset_method_store() memory leak (git-fixes).
- PCI: Mark Creative Labs EMU20k2 INTx masking as broken (stable-fixes).
- PCI: endpoint: Clear secondary (not primary) EPC in pci_epc_remove_epf() (git-fixes).
- PCI: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds (git-fixes).
- PCI: keystone: Add link up check to ks_pcie_other_map_bus() (git-fixes).
- PCI: keystone: Set mode as Root Complex for "ti,keystone-pcie" compatible (git-fixes).
- PCI: rockchip-ep: Fix address translation unit programming (git-fixes).
- RAS/AMD/ATL: Add amd_atl pr_fmt() prefix (jsc#PED-10559).
- RAS/AMD/ATL: Expand helpers for adding and removing base and hole (jsc#PED-10559).
- RAS/AMD/ATL: Implement DF 4.5 NP2 denormalization (jsc#PED-10559).
- RAS/AMD/ATL: Read DRAM hole base early (jsc#PED-10559).
- RAS/AMD/ATL: Validate address map when information is gathered (jsc#PED-10559).
- RDMA/bnxt_re: Add a check for memory allocation (git-fixes)
- RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop (git-fixes)
- RDMA/bnxt_re: Change the sequence of updating the CQ toggle value (git-fixes)
- RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey (git-fixes)
- RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (git-fixes)
- RDMA/bnxt_re: Fix a possible memory leak (git-fixes)
- RDMA/bnxt_re: Fix incorrect AVID type in WQE structure (git-fixes)
- RDMA/bnxt_re: Fix incorrect dereference of srq in async event (git-fixes)
- RDMA/bnxt_re: Fix out of bound check (git-fixes)
- RDMA/bnxt_re: Fix the GID table length (git-fixes)
- RDMA/bnxt_re: Fix the max CQ WQEs for older adapters (git-fixes)
- RDMA/bnxt_re: Fix the usage of control path spin locks (git-fixes)
- RDMA/bnxt_re: Return more meaningful error (git-fixes)
- RDMA/bnxt_re: synchronize the qp-handle table array (git-fixes)
- RDMA/core: Fix ENODEV error for iWARP test over vlan (git-fixes)
- RDMA/cxgb4: Dump vendor specific QP details (git-fixes)
- RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP (git-fixes)
- RDMA/hns: Add mutex_destroy() (git-fixes)
- RDMA/hns: Disassociate mmap pages for all uctx when HW is being reset (git-fixes)
- RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (git-fixes)
- RDMA/hns: Fix an AEQE overflow error caused by untimely update of eq_db_ci (git-fixes)
- RDMA/hns: Fix cpu stuck caused by printings during reset (git-fixes)
- RDMA/hns: Fix different dgids mapping to the same dip_idx (git-fixes)
- RDMA/hns: Fix flush cqe error when racing with destroy qp (git-fixes)
- RDMA/hns: Fix out-of-order issue of requester when setting FENCE (git-fixes)
- RDMA/hns: Use dev_* printings in hem code instead of ibdev_* (git-fixes)
- RDMA/hns: Use macro instead of magic number (git-fixes)
- RDMA/irdma: Fix misspelling of "accept*" (git-fixes)
- RDMA/mad: Improve handling of timed out WRs of mad agent (git-fixes)
- RDMA/mana_ib: use the correct page size for mapping user-mode doorbell page (git-fixes).
- RDMA/mana_ib: use the correct page table index based on hardware page size (git-fixes).
- RDMA/mlx5: Enforce umem boundaries for explicit ODP page faults (git-fixes)
- RDMA/mlx5: Move events notifier registration to be after device registration (git-fixes)
- RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down (git-fixes)
- RDMA/mlx5: Use sq timestamp as QP timestamp when RoCE is disabled (git-fixes).
- RDMA/rtrs-srv: Avoid null pointer deref during path establishment (git-fixes)
- RDMA/rxe: Fix the qp flush warnings in req (git-fixes)
- RDMA/rxe: Set queue pair cur_qp_state when being queried (git-fixes)
- RDMA/siw: Add sendpage_ok() check to disable MSG_SPLICE_PAGES (git-fixes)
- RDMA/srpt: Make slab cache names unique (git-fixes)
- Revert "ALSA: hda/conexant: Mute speakers at suspend / shutdown" (bsc#1228269).
- Revert "ALSA: hda: Conditionally use snooping for AMD HDMI" (stable-fixes).
- Revert "KEYS: encrypted: Add check for strsep" (git-fixes).
- Revert "KVM: PPC: Book3S HV Nested: Stop forwarding all HFUs to L1" (bsc#1215199).
- Revert "RDMA/core: Fix ENODEV error for iWARP test over vlan" (git-fixes)
- Revert "cgroup: Fix memory leak caused by missing cgroup_bpf_offline" (bsc#1234108).
- Revert "cpufreq: brcmstb-avs-cpufreq: Fix initial command check" (stable-fixes).
- Revert "driver core: Fix uevent_show() vs driver detach race" (git-fixes).
- Revert "ixgbe: Manual AN-37 for troublesome link partners for X550 SFI" (git-fixes).
- Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" (git-fixes).
- Revert "ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path" (git-fixes).
- Revert "usb: gadget: composite: fix OS descriptors w_value logic" (git-fixes).
- Revert "wifi: iwlwifi: remove retry loops in start" (git-fixes).
- SUNRPC: Fix integer overflow in decode_rc_list() (git-fixes).
- SUNRPC: Fixup gss_status tracepoint error output (git-fixes).
- SUNRPC: Remove BUG_ON call sites (git-fixes).
- SUNRPC: clnt.c: Remove misleading comment (git-fixes).
- USB: appledisplay: close race between probe and completion handler (git-fixes).
- USB: chaoskey: Fix possible deadlock chaoskey_list_lock (git-fixes).
- USB: chaoskey: fail open after removal (git-fixes).
- USB: gadget: dummy-hcd: Fix "task hung" problem (git-fixes).
- USB: misc: cypress_cy7c63: check for short transfer (git-fixes).
- USB: misc: yurex: fix race between read and write (git-fixes).
- USB: serial: ftdi_sio: Fix atomicity violation in get_serial_info() (git-fixes).
- USB: serial: io_edgeport: fix use after free in debug printk (git-fixes).
- USB: serial: option: add Fibocom FG132 0x0112 composition (stable-fixes).
- USB: serial: option: add Quectel RG650V (stable-fixes).
- USB: serial: option: add Telit FN920C04 MBIM compositions (stable-fixes).
- USB: serial: option: add support for Quectel EG916Q-GL (stable-fixes).
- USB: serial: qcserial: add support for Sierra Wireless EM86xx (stable-fixes).
- accel/qaic: Fix the for loop used to walk SG table (git-fixes).
- accel: Use XArray instead of IDR for minors (jsc#PED-11580).
- acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() (git-fixes).
- ad7780: fix division by zero in ad7780_write_raw() (git-fixes).
- aes-gcm-p10: Use the correct bit to test for P10 (bsc#1232704).
- amd-pstate: Set min_perf to nominal_perf for active mode performance gov (git-fixes).
- apparmor: fix 'Do simple duplicate message elimination' (git-fixes).
- apparmor: test: Fix memory leak for aa_unpack_strdup() (git-fixes).
- apparmor: use kvfree_sensitive to free data->data (git-fixes).
- arm64: Subscribe Microsoft Azure Cobalt 100 to erratum 3194386 (git-fixes)
- arm64: cputype: Add Neoverse-N3 definitions (git-fixes)
- arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer (git-fixes)
- arm64: dts: freescale: imx8mm-verdin: Fix SD regulator startup delay (git-fixes)
- arm64: dts: freescale: imx8mp-verdin: Fix SD regulator startup delay (git-fixes)
- arm64: dts: imx8-ss-vpu: Fix imx8qm VPU IRQs (git-fixes)
- arm64: dts: imx8qxp: Add VPU subsystem file (git-fixes)
- arm64: dts: imx93: add nvmem property for eqos (git-fixes)
- arm64: dts: imx93: add nvmem property for fec1 (git-fixes)
- arm64: dts: imx93: add ocotp node (git-fixes)
- arm64: dts: rockchip: Add DTS for FriendlyARM NanoPi R2S Plus (git-fixes)
- arm64: dts: rockchip: Correct GPIO polarity on brcm BT nodes (git-fixes)
- arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc (git-fixes)
- arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards (git-fixes)
- arm64: dts: rockchip: Fix bluetooth properties on rk3566 box demo (git-fixes)
- arm64: dts: rockchip: Fix reset-gpios property on brcm BT nodes (git-fixes)
- arm64: dts: rockchip: Fix rt5651 compatible value on (git-fixes)
- arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-eaidk-610 (git-fixes)
- arm64: dts: rockchip: Fix wakeup prop names on PineNote BT node (git-fixes)
- arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma (git-fixes)
- arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328 (git-fixes)
- arm64: dts: rockchip: Remove undocumented supports-emmc property (git-fixes)
- arm64: dts: rockchip: fix i2c2 pinctrl-names property on (git-fixes)
- arm64: dts: rockchip: remove num-slots property from (git-fixes)
- arm64: dts: rockchip: remove orphaned pinctrl-names from pinephone (git-fixes)
- arm64: errata: Enable the AC03_CPU_38 workaround for ampere1a (git-fixes).
- arm64: errata: Expand speculative SSBS workaround once more (git-fixes)
- arm64: esr: Define ESR_ELx_EC_* constants as UL (git-fixes)
- arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG (git-fixes)
- arm64: fix selection of HAVE_DYNAMIC_FTRACE_WITH_ARGS (git-fixes).
- arm64: probes: Fix simulate_ldr*_literal() (git-fixes)
- arm64: probes: Fix uprobes for big-endian kernels (git-fixes)
- arm64: probes: Remove broken LDR (literal) uprobe support (git-fixes)
- arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint (git-fixes)
- arm64: smccc: replace custom COUNT_ARGS() & CONCATENATE() (git-fixes)
- arm64: tegra: Move AGX Orin nodes to correct location (git-fixes)
- arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled (git-fixes)
- ata: libata: Set DID_TIME_OUT for commands that actually timed out (git-fixes).
- ata: libata: avoid superfluous disk spin down + spin up during hibernation (git-fixes).
- audit: do not WARN_ON_ONCE(!current->mm) in audit_exe_compare() (git-fixes).
- audit: do not take task_lock() in audit_exe_compare() code path (git-fixes).
- block: print symbolic error name instead of error code (bsc#1231872).
- block: sed-opal: add ioctl IOC_OPAL_SET_SID_PW (bsc#1229677).
- bnxt_en: Cap the size of HWRM_PORT_PHY_QCFG forwarded response (git-fixes).
- bnxt_en: Fix error recovery for 5760X (P7) chips (git-fixes).
- bnxt_en: Fix the PCI-AER routines (git-fixes).
- bnxt_en: Restore PTP tx_avail count in case of skb_pad() error (git-fixes).
- bnxt_en: refactor reset close code (git-fixes).
- bpf, arm64: Fix address emission with tag-based KASAN enabled (git-fixes)
- bpf, arm64: Remove garbage frame for struct_ops trampoline (git-fixes)
- bpf, lsm: Add disabled BPF LSM hook list (git-fixes).
- bpf, net: Fix a potential race in do_sock_getsockopt() (git-fixes).
- bpf, sockmap: SK_DROP on attempted redirects of unsupported af_vsock (git-fixes).
- bpf, verifier: Correct tail_call_reachable for bpf prog (git-fixes).
- bpf, vsock: Drop static vsock_bpf_prot initialization (git-fixes).
- bpf, x64: Remove tail call detection (git-fixes).
- bpf,perf: Fix perf_event_detach_bpf_prog error handling (git-fixes).
- bpf: Fail verification for sign-extension of packet data/data_end/data_meta (git-fixes).
- bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit (git-fixes).
- bpf: Fix error message on kfunc arg type mismatch (git-fixes).
- bpf: Fix helper writes to read-only maps (git-fixes).
- bpf: Fix tailcall cases in test_bpf (git-fixes).
- bpf: Fix truncation bug in coerce_reg_to_size_sx() (git-fixes).
- bpf: Improve check_raw_mode_ok test for MEM_UNINIT-tagged types (git-fixes).
- bpf: Remove truncation test in bpf_strtol and bpf_strtoul helpers (git-fixes).
- bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error (git-fixes).
- bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos (git-fixes).
- btf, scripts: rust: drop is_rust_module.sh (bsc#1230414 bsc#1229450).
- btrfs: merge btrfs_orig_bbio_end_io() into btrfs_bio_end_io() (bsc#1233193)
- btrfs: send: fix invalid clone operation for file that got its size decreased (git-fixes).
- can: c_can: c_can_handle_bus_err(): update statistics if skb allocation fails (git-fixes).
- can: c_can: fix {rx,tx}_errors statistics (git-fixes).
- can: dev: can_set_termination(): allow sleeping GPIOs (git-fixes).
- can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: hi311x: hi3110_can_ist(): fix potential use-after-free (git-fixes).
- can: hi311x: hi3110_can_ist(): fix {rx,tx}_errors statistics (git-fixes).
- can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: j1939: j1939_session_new(): fix skb reference counting (git-fixes).
- can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: mcp251xfd: mcp251xfd_get_tef_len(): fix length calculation (git-fixes).
- can: mcp251xfd: mcp251xfd_get_tef_len(): work around erratum DS80000789E 6 (git-fixes).
- can: mcp251xfd: mcp251xfd_ring_alloc(): fix coalescing configuration when switching CAN modes (git-fixes).
- can: netlink: avoid call to do_set_data_bittiming callback with stale can_priv::ctrlmode (stable-fixes).
- can: sja1000: sja1000_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL (git-fixes).
- can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics (git-fixes).
- ceph: fix cap ref leak via netfs init_request (bsc#1231384).
- cgroup/bpf: only cgroup v2 can be attached by bpf programs (bsc#1234108).
- clk: bcm: bcm53573: fix OF node leak in init (stable-fixes).
- clk: clk-apple-nco: Add NULL check in applnco_probe (git-fixes).
- clk: clk-axi-clkgen: make sure to enable the AXI bus clock (git-fixes).
- clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D (stable-fixes).
- clk: imx: clk-scu: fix clk enable state save and restore (git-fixes).
- clk: imx: fracn-gppll: correct PLL initialization flow (git-fixes).
- clk: imx: fracn-gppll: fix pll power up (git-fixes).
- clk: imx: lpcg-scu: SW workaround for errata (e10858) (git-fixes).
- clk: qcom: clk-alpha-pll: drop lucid-evo pll enabled warning (git-fixes).
- clk: qcom: clk-alpha-pll: fix lucid 5lpe pll enabled check (git-fixes).
- clk: qcom: gcc-qcs404: fix initial rate of GPLL3 (git-fixes).
- clk: renesas: rzg2l: Fix FOUTPOSTDIV clk (git-fixes).
- clk: sunxi-ng: d1: Fix PLL_AUDIO0 preset (git-fixes).
- comedi: Flush partial mappings in error case (git-fixes).
- comedi: ni_routing: tools: Check when the file could not be opened (stable-fixes).
- config s390x: build ultravisor userspace access into the kernel (bsc#1232090).
- config.sh: Remove Arm build project, we do not build armv7 configs
- config: Disable LAM on x86 (bsc#1217845).
- cpufreq/amd-pstate: Fix amd_pstate mode switch on shared memory systems (git-fixes).
- cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost() (git-fixes).
- cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw() (git-fixes).
- cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_cost() (git-fixes).
- cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_power() (git-fixes).
- cpufreq: loongson2: Unregister platform_driver on failure (git-fixes).
- cpufreq: mediatek-hw: Fix wrong return value in mtk_cpufreq_get_cpu_power() (git-fixes).
- crypto: aes-gcm-p10 - Use the correct bit to test for P10 (bsc#1232704).
- crypto: api - Fix liveliness check in crypto_alg_tested (stable-fixes).
- crypto: bcm - add error check in the ahash_hmac_init function (git-fixes).
- crypto: caam - Fix the pointer passed to caam_qi_shutdown() (git-fixes).
- crypto: caam - add error check to caam_rsa_set_priv_key_form (git-fixes).
- crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() (git-fixes).
- crypto: cavium - Fix the if condition to exit loop after timeout (git-fixes).
- crypto: hisilicon/qm - flush all work before driver removed (bsc#1232075)
- crypto: inside-secure - Fix the return value of safexcel_xcbcmac_cra_init() (git-fixes).
- crypto: octeontx - Fix authenc setkey (stable-fixes).
- crypto: octeontx* - Select CRYPTO_AUTHENC (git-fixes).
- crypto: octeontx2 - Fix authenc setkey (stable-fixes).
- crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY (git-fixes).
- crypto: powerpc/p10-aes-gcm - Add dependency on CRYPTO_SIMD and re-enable CRYPTO_AES_GCM_P10 (bsc#1230501 ltc#208632).
- crypto: powerpc/p10-aes-gcm - Disable CRYPTO_AES_GCM_P10 (bsc#1230501 ltc#208632).
- crypto: powerpc/p10-aes-gcm - Re-write AES/GCM stitched implementation (bsc#1230501 ltc#208632).
- crypto: powerpc/p10-aes-gcm - Register modules as SIMD (bsc#1230501 ltc#208632).
- crypto: qat - remove check after debugfs_create_dir() (git-fixes).
- crypto: qat - remove faulty arbiter config reset (git-fixes).
- crypto: qat/qat_4xxx - fix off by one in uof_get_name() (git-fixes).
- crypto: x86/aegis128 - access 32-bit arguments as 32-bit (git-fixes).
- cxgb4: Properly lock TX queue for the selftest (git-fixes).
- cxgb4: add forgotten u64 ivlan cast before shift (git-fixes).
- cxgb4: unnecessary check for 0 in the free_sge_txq_uld() function (git-fixes).
- cxl: downgrade a warning message to debug level in cxl_probe_component_regs() (bsc#1229165).
- dcache: keep dentry_hashtable or d_hash_shift even when not used (git-fixes).
- debugfs: fix automount d_fsdata usage (git-fixes).
- devlink: Fix command annotation documentation (git-fixes).
- dma-fence: Fix reference leak on fence merge failure path (git-fixes).
- dma-fence: Use kernel's sort for merging fences (git-fixes).
- dmaengine: sh: rz-dmac: handle configs where one address is zero (git-fixes).
- dmaengine: ti: k3-udma: Set EOP for all TRs in cyclic BCDMA transfer (git-fixes).
- doc: rcu: update printed dynticks counter bits (git-fixes).
- driver core: bus: Fix double free in driver API bus_register() (stable-fixes).
- driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute (stable-fixes).
- drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend() (git-fixes).
- drm/amd/amdgpu: Fix double unlock in amdgpu_mes_add_ring (git-fixes).
- drm/amd/display: Add HDMI DSC native YCbCr422 support (stable-fixes).
- drm/amd/display: Add disable timeout option (bsc#1231435)
- drm/amd/display: Adjust VSDB parser for replay feature (stable-fixes).
- drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944)
- drm/amd/display: Check null pointer before dereferencing se (stable-fixes).
- drm/amd/display: Clean up dsc blocks in accelerated mode (stable-fixes).
- drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too (stable-fixes).
- drm/amd/display: Fix brightness level not retained over reboot (git-fixes).
- drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe (git-fixes).
- drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp (git-fixes).
- drm/amd/display: Remove a redundant check in authenticated_dp (stable-fixes).
- drm/amd/display: Revert "Check HDCP returned status" (stable-fixes).
- drm/amd/display: Round calculated vtotal (stable-fixes).
- drm/amd/display: Skip to enable dsc if it has been off (stable-fixes).
- drm/amd/display: Validate backlight caps are sane (stable-fixes).
- drm/amd/pm: Vangogh: Fix kernel memory out of bounds write (git-fixes).
- drm/amd: Add some missing straps from NBIO 7.11.0 (git-fixes).
- drm/amd: Fix initialization mistake for NBIO 7.7.0 (stable-fixes).
- drm/amd: Guard against bad data for ATIF ACPI method (git-fixes).
- drm/amdgpu/swsmu: Only force workload setup on init (git-fixes).
- drm/amdgpu/vcn: enable AV1 on both instances (stable-fixes).
- drm/amdgpu: Adjust debugfs eviction and IB access permissions (stable-fixes).
- drm/amdgpu: Adjust debugfs register access permissions (stable-fixes).
- drm/amdgpu: Fix DPX valid mode check on GC 9.4.3 (git-fixes).
- drm/amdgpu: Fix JPEG v4.0.3 register write (git-fixes).
- drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() (stable-fixes).
- drm/amdgpu: fix check in gmc_v9_0_get_vm_pte() (git-fixes).
- drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported (git-fixes).
- drm/amdkfd: Accounting pdd vram_usage for svm (stable-fixes).
- drm/amdkfd: Fix wrong usage of INIT_WORK() (git-fixes).
- drm/bridge: anx7625: Drop EDID cache on bridge power off (git-fixes).
- drm/bridge: it6505: Drop EDID cache on bridge power off (git-fixes).
- drm/bridge: tc358767: Fix link properties discovery (git-fixes).
- drm/bridge: tc358768: Fix DSI command tx (git-fixes).
- drm/etnaviv: Request pages from DMA32 zone on addressing_limited (git-fixes).
- drm/etnaviv: hold GPU lock across perfmon sampling (git-fixes).
- drm/i915/gem: fix bitwise and logical AND mixup (git-fixes).
- drm/i915/hdcp: fix connector refcounting (git-fixes).
- drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- drm/mediatek: Fix child node refcount handling in early exit (git-fixes).
- drm/mediatek: Fix get efuse issue for MT8188 DPTX (git-fixes).
- drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused (git-fixes).
- drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk() (git-fixes).
- drm/msm/dpu: check for overflow in _dpu_crtc_setup_lm_bounds() (git-fixes).
- drm/msm/dpu: do not always program merge_3d block (git-fixes).
- drm/msm/dpu: drop LM_3 / LM_4 on MSM8998 (git-fixes).
- drm/msm/dpu: drop LM_3 / LM_4 on SDM845 (git-fixes).
- drm/msm/dpu: make sure phys resources are properly initialized (git-fixes).
- drm/msm/dpu: move CRTC resource assignment to dpu_encoder_virt_atomic_check (git-fixes).
- drm/msm/dpu: on SDM845 move DSPP_3 to LM_5 block (git-fixes).
- drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation (git-fixes).
- drm/msm/dsi: improve/fix dsc pclk calculation (git-fixes).
- drm/msm/gpu: Check the status of registration to PM QoS (git-fixes).
- drm/msm: Allocate memory for disp snapshot with kvzalloc() (git-fixes).
- drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() (git-fixes).
- drm/msm: Fix some typos in comment (git-fixes).
- drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new() (git-fixes).
- drm/omap: Fix locking in omap_gem_new_dmabuf() (git-fixes).
- drm/omap: Fix possible NULL dereference (git-fixes).
- drm/panfrost: Add missing OPP table refcnt decremental (git-fixes).
- drm/panfrost: Remove unused id_mask from struct panfrost_model (git-fixes).
- drm/radeon: Fix encoder->possible_clones (git-fixes).
- drm/rockchip: vop: Fix a dereferenced before check warning (git-fixes).
- drm/sched: Add locking to drm_sched_entity_modify_sched (git-fixes).
- drm/sched: Always wake up correct scheduler in drm_sched_entity_push_job (git-fixes).
- drm/sti: Add __iomem for mixer_dbg_mxn's parameter (git-fixes).
- drm/sti: avoid potential dereference of error pointers (git-fixes).
- drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check (git-fixes).
- drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check (git-fixes).
- drm/v3d: Address race-condition in MMU flush (git-fixes).
- drm/v3d: Enable Performance Counters before clearing them (git-fixes).
- drm/v3d: Stop the active perfmon before being destroyed (git-fixes).
- drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA (stable-fixes).
- drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_atomic_flush (git-fixes).
- drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_lut_load (git-fixes).
- drm/vc4: Stop the active perfmon before being destroyed (git-fixes).
- drm/vc4: hdmi: Avoid hang with debug registers when suspended (git-fixes).
- drm/vc4: hvs: Correct logic on stopping an HVS channel (git-fixes).
- drm/vc4: hvs: Do not write gamma luts on 2711 (git-fixes).
- drm/vc4: hvs: Fix dlist debug not resetting the next entry pointer (git-fixes).
- drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs function (git-fixes).
- drm/vkms: Drop unnecessary call to drm_crtc_cleanup() (git-fixes).
- drm/vmwgfx: Handle surface check failure correctly (git-fixes).
- drm/vmwgfx: Limit display layout ioctl array size to VMWGFX_NUM_DISPLAY_UNITS (stable-fixes).
- drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS (git-fixes).
- drm: Expand max DRM device number to full MINORBITS (jsc#PED-11580).
- drm: Use XArray instead of IDR for minors (jsc#PED-11580).
- drm: use ATOMIC64_INIT() for atomic64_t (git-fixes).
- drm: xlnx: zynqmp_dpsub: fix hotplug detection (git-fixes).
- drm: zynqmp_kms: Unplug DRM device before removal (git-fixes).
- dwc2: Drop USB dwc2 patch that caused a regression on RPi3 (bsc#1232342)
- e1000e: Fix S0ix residency on corporate systems (git-fixes).
- e1000e: Remove Meteor Lake SMBUS workarounds (git-fixes).
- e1000e: change I219 (19) devices to ADP (git-fixes).
- e1000e: fix force smbus during suspend flow (git-fixes).
- e1000e: move force SMBUS near the end of enable_ulp function (git-fixes).
- efi/libstub: Free correct pointer on failure (git-fixes).
- efi/libstub: fix efi_parse_options() ignoring the default command line (git-fixes).
- efi/libstub: zboot.lds: Discard .discard sections (stable-fixes).
- efi/memattr: Ignore table if the size is clearly bogus (bsc#1231465).
- efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption (stable-fixes).
- eth: bnxt: fix counting packets discarded due to OOM and netpoll (git-fixes).
- ext4: do not track ranges in fast_commit if inode has inlined data (bsc#1231635).
- ext4: fix fast commit inode enqueueing during a full journal commit (bsc#1231636).
- ext4: fix incorrect tid assumption in ext4_fc_mark_ineligible() (bsc#1231637).
- ext4: fix possible tid_t sequence overflows (bsc#1231634).
- ext4: fix slab-use-after-free in ext4_split_extent_at() (bsc#1232201)
- ext4: fix unttached inode after power cut with orphan file feature enabled (bsc#1234009).
- ext4: mark fc as ineligible using an handle in ext4_xattr_set() (bsc#1231640).
- ext4: use handle to mark fc as ineligible in __track_dentry_update() (bsc#1231639).
- f2fs: get out of a repeat loop when getting a locked data page (bsc#1234011).
- fat: fix uninitialized variable (git-fixes).
- fbcon: Fix a NULL pointer dereference issue in fbcon_putcs (stable-fixes).
- fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() (git-fixes).
- fbdev: sisfb: Fix strbuf array overflow (stable-fixes).
- fgraph: Change the name of cpuhp state to "fgraph:online" (git-fixes).
- fgraph: Fix missing unlock in register_ftrace_graph() (git-fixes).
- fgraph: Use CPU hotplug mechanism to initialize idle shadow stacks (git-fixes).
- filemap: remove use of wait bookmarks (bsc#1224088).
- firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() (git-fixes).
- firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup() (git-fixes).
- firmware: arm_scpi: Check the DVFS OPP count returned by the firmware (git-fixes).
- firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state() (git-fixes).
- firmware: google: Unregister driver_info on failure (git-fixes).
- firmware_loader: Fix possible resource leak in fw_log_firmware_info() (git-fixes).
- fs/9p: drop inodes immediately on non-.L too (git-fixes).
- fs/9p: fix the cache always being enabled on files with qid flags (git-fixes).
- fs/ntfs3: Add more attributes checks in mi_enum_attr() (bsc#1233207)
- fs/ntfs3: Fixed overflow check in mi_enum_attr() (bsc#1233207)
- fs/ntfs3: Sequential field availability check in mi_enum_attr() (bsc#1233207)
- fs: Fix uninitialized value issue in from_kuid and from_kgid (git-fixes).
- genirq/msi: Fix off-by-one error in msi_domain_alloc() (git-fixes).
- goldfish: Fix unused const variable 'goldfish_pipe_acpi_match' (git-fixes).
- gpio: aspeed: Add the flush write to ensure the write complete (git-fixes).
- gpio: aspeed: Use devm_clk api to manage clock source (git-fixes).
- gpio: davinci: fix lazy disable (git-fixes).
- gpio: exar: set value when external pull-up or pull-down is present (git-fixes).
- gpio: zevio: Add missed label initialisation (git-fixes).
- gve: Fix XDP TX completion handling when counters overflow (git-fixes).
- gve: Fix an edge case for TSO skb validity check (git-fixes).
- gve: ignore nonrelevant GSO type bits when processing TSO headers (git-fixes).
- hid: intel-ish-hid: Fix uninitialized variable 'rv' in ish_fw_xfer_direct_dma (git-fixes).
- hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event (git-fixes).
- hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer (git-fixes).
- hwmon: (adm9240) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (adt7470) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (max16065) Fix alarm attributes (git-fixes).
- hwmon: (max16065) Remove use of i2c_match_id() (stable-fixes).
- hwmon: (mc34vr500) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (nct6775) add G15CF to ASUS WMI monitoring list (stable-fixes).
- hwmon: (nct6775-core) Fix overflows seen when writing limit attributes (git-fixes).
- hwmon: (tmp513) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (tps23861) Fix reporting of negative temperatures (git-fixes).
- hwmon: intel-m10-bmc-hwmon: relabel Columbiaville to CVL Die Temperature (git-fixes).
- i2c: core: Setup i2c_adapter runtime-pm before calling device_add() (git-fixes).
- i2c: core: fix lockdep warning for sparsely nested adapter chain (git-fixes).
- i2c: cpm: Remove linux,i2c-index conversion from be32 (git-fixes).
- i2c: designware: do not hold SCL low when I2C_DYNAMIC_TAR_UPDATE is not set (git-fixes).
- i2c: exynos5: Calculate t_scl_l, t_scl_h according to i2c spec (git-fixes).
- i2c: i801: Add lis3lv02d for Dell Precision 3540 (git-fixes).
- i2c: i801: Add lis3lv02d for Dell XPS 15 7590 (git-fixes).
- i2c: i801: Use a different adapter-name for IDF adapters (stable-fixes).
- i2c: i801: add helper i801_restore_regs (git-fixes).
- i2c: ismt: kill transaction in hardware on timeout (git-fixes).
- i2c: ocores: Move system PM hooks to the NOIRQ phase (git-fixes).
- i2c: ocores: Remove #ifdef guards for PM related functions (git-fixes).
- i2c: omap: switch to NOIRQ_SYSTEM_SLEEP_PM_OPS() and RUNTIME_PM_OPS() (git-fixes).
- i2c: omap: wakeup the controller during suspend() callback (git-fixes).
- i2c: rcar: properly format a debug output (git-fixes).
- i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume (git-fixes).
- i2c: stm32f7: perform most of irq job in threaded handler (git-fixes).
- i2c: synquacer: Deal with optional PCLK correctly (git-fixes).
- i2c: synquacer: Remove a clk reference from struct synquacer_i2c (stable-fixes).
- i2c: xiic: Try re-initialization on bus busy timeout (git-fixes).
- i2c: xiic: improve error message when transfer fails to start (stable-fixes).
- i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() (git-fixes).
- i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition (stable-fixes).
- i3c: master: svc: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- i40e: Fix XDP program unloading while removing the driver (git-fixes).
- i40e: Report MFS in decimal base instead of hex (git-fixes).
- i40e: fix race condition by adding filter's intermediate sync state (git-fixes).
- iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call (git-fixes).
- iavf: Fix TC config comparison with existing adapter TC config (git-fixes).
- ice: Fix VSI list rule with ICE_SW_LKUP_LAST type (git-fixes).
- ice: Fix checking for unsupported keys on non-tunnel device (git-fixes).
- ice: Fix lldp packets dropping after changing the number of channels (git-fixes).
- ice: Fix netif_is_ice() in Safe Mode (git-fixes).
- ice: Fix package download algorithm (git-fixes).
- ice: Fix recipe read procedure (git-fixes).
- ice: Fix reset handler (git-fixes).
- ice: Flush FDB entries before reset (git-fixes).
- ice: Interpret .set_channels() input differently (git-fixes).
- ice: Rebuild TC queues on VSI queue reconfiguration (git-fixes).
- ice: Reject pin requests with unsupported flags (git-fixes).
- ice: add flag to distinguish reset from .ndo_bpf in XDP rings config (git-fixes).
- ice: add missing WRITE_ONCE when clearing ice_rx_ring::xdp_prog (git-fixes).
- ice: avoid IRQ collision to fix init failure on ACPI S3 resume (git-fixes).
- ice: clear port vlan config during reset (git-fixes).
- ice: disallow DPLL_PIN_STATE_SELECTABLE for dpll output pins (git-fixes).
- ice: do not bring the VSI up, if it was down before the XDP setup (git-fixes).
- ice: do not busy wait for Rx queue disable in ice_qp_dis() (git-fixes).
- ice: fix 200G PHY types to link speed mapping (git-fixes).
- ice: fix 200G link speed message log (git-fixes).
- ice: fix ICE_LAST_OFFSET formula (git-fixes).
- ice: fix VLAN replay after reset (git-fixes).
- ice: fix VSI lists confusion when adding VLANs (git-fixes).
- ice: fix accounting for filters shared by multiple VSIs (git-fixes).
- ice: fix accounting if a VLAN already exists (git-fixes).
- ice: fix iteration of TLVs in Preserved Fields Area (git-fixes).
- ice: fix page reuse when PAGE_SIZE is over 8k (git-fixes).
- ice: fix reads from NVM Shadow RAM on E830 and E825-C devices (git-fixes).
- ice: fix truesize operations for PAGE_SIZE >= 8192 (git-fixes).
- ice: implement AQ download pkg retry (git-fixes).
- ice: map XDP queues to vectors in ice_vsi_map_rings_to_vectors() (git-fixes).
- ice: remove af_xdp_zc_qps bitmap (git-fixes).
- ice: replace synchronize_rcu with synchronize_net (git-fixes).
- ice: respect netif readiness in AF_XDP ZC related ndo's (git-fixes).
- ice: set correct dst VSI in only LAN filters (git-fixes).
- ice: tc: allow zero flags in parsing tc flower (git-fixes).
- ice: tc: check src_vsi in case of traffic from VF (git-fixes).
- ice: use proper macro for testing bit (git-fixes).
- idpf: Interpret .set_channels() input differently (git-fixes).
- idpf: avoid bloating &idpf_q_vector with big %NR_CPUS (git-fixes).
- idpf: do not enable NAPI and interrupts prior to allocating Rx buffers (git-fixes).
- idpf: do not skip over ethtool tcp-data-split setting (git-fixes).
- idpf: fix UAFs when destroying the queues (git-fixes).
- idpf: fix memleak in vport interrupt configuration (git-fixes).
- idpf: fix memory leaks and crashes while performing a soft reset (git-fixes).
- ieee802154: Fix build error (git-fixes).
- igb: Always call igb_xdp_ring_update_tail() under Tx lock (git-fixes).
- igb: Disable threaded IRQ for igb_msix_other (git-fixes).
- igb: Fix not clearing TimeSync interrupts for 82580 (git-fixes).
- igc: Fix double reset adapter triggered from a single taprio cmd (git-fixes).
- igc: Fix packet still tx after gate close by reducing i226 MAC retry buffer (git-fixes).
- igc: Fix qbv tx latency by setting gtxoffset (git-fixes).
- igc: Fix qbv_config_change_errors logics (git-fixes).
- igc: Fix reset adapter logics when tx mode change (git-fixes).
- igc: Unlock on error in igc_io_resume() (git-fixes).
- iio: Fix fwnode_handle in __fwnode_iio_channel_get_by_name() (git-fixes).
- iio: accel: bma400: Fix uninitialized variable field_value in tap event handling (git-fixes).
- iio: accel: kx022a: Fix raw read format (git-fixes).
- iio: accel: kx022a: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() (git-fixes).
- iio: adc: ad7606: Fix typo in the driver name (git-fixes).
- iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer (git-fixes).
- iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- iio: adc: ti-lmp92064: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: amplifiers: ada4250: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: dac: ad3552r: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- iio: dac: ad5766: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig (git-fixes).
- iio: frequency: adf4377: add missing select REMAP_SPI in Kconfig (git-fixes).
- iio: frequency: admv4420: fix missing select REMAP_SPI in Kconfig (git-fixes).
- iio: gts-helper: Fix memory leaks for the error path of iio_gts_build_avail_scale_table() (git-fixes).
- iio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table() (git-fixes).
- iio: gts: Fix uninitialized symbol 'ret' (git-fixes).
- iio: gts: fix infinite loop for gain_to_scaletables() (git-fixes).
- iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() (git-fixes).
- iio: light: al3010: Fix an error handling path in al3010_probe() (git-fixes).
- iio: light: opt3001: add missing full-scale range value (git-fixes).
- iio: light: veml6030: fix ALS sensor resolution (git-fixes).
- iio: light: veml6030: fix IIO device retrieval from embedded device (git-fixes).
- iio: light: veml6030: fix microlux value calculation (git-fixes).
- iio: magnetometer: ak8975: Convert enum->pointer for data in the match tables (stable-fixes).
- iio: magnetometer: ak8975: Fix 'Unexpected device' error (git-fixes).
- iio: magnetometer: ak8975: drop incorrect AK09116 compatible (git-fixes).
- iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- ima: fix buffer overrun in ima_eventdigest_init_common (git-fixes).
- initramfs: avoid filename buffer overrun (bsc#1232436).
- intel_idle: add Granite Rapids Xeon support (bsc#1231630).
- intel_idle: fix ACPI _CST matching for newer Xeon platforms (bsc#1231630).
- io_uring/eventfd: move to more idiomatic RCU free usage (git-fixes).
- io_uring/io-wq: do not allow pinning outside of cpuset (git-fixes).
- io_uring/io-wq: inherit cpuset of cgroup in io worker (git-fixes).
- io_uring/net: harden multishot termination case for recv (git-fixes).
- io_uring/rw: fix cflags posting for single issue multishot read (git-fixes).
- io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (git-fixes).
- io_uring/rw: treat -EOPNOTSUPP for IOCB_NOWAIT like -EAGAIN (git-fixes).
- io_uring/sqpoll: close race on waiting for sqring entries (git-fixes).
- io_uring/sqpoll: do not allow pinning outside of cpuset (git-fixes).
- io_uring/sqpoll: do not put cpumask on stack (git-fixes).
- io_uring/sqpoll: retain test for whether the CPU is valid (git-fixes).
- io_uring: check for presence of task_work rather than TIF_NOTIFY_SIGNAL (git-fixes).
- iommu/amd: Allocate the page table root using GFP_KERNEL (git-fixes).
- iommu/amd: Do not set the D bit on AMD v2 table entries (git-fixes).
- iommu/amd: Fix typo of , instead of ; (git-fixes).
- iommu/vt-d: Always reserve a domain ID for identity setup (git-fixes).
- iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices (git-fixes).
- iommufd: Check the domain owner of the parent before creating a nesting domain (git-fixes).
- iommufd: Protect against overflow of ALIGN() during iova allocation (git-fixes).
- irqchip/gic-v3-its: Avoid explicit cpumask allocation on stack (git-fixes).
- jbd2: Move j_transaction_overhead_buffers into a hole (bsc#1234042).
- jbd2: avoid infinite transaction commit loop (bsc#1234039).
- jbd2: avoid memleak in jbd2_journal_write_metadata_buffer (bsc#1234043).
- jbd2: avoid mount failed when commit block is partial submitted (bsc#1234040).
- jbd2: correct the printing of write_flags in jbd2_write_superblock() (bsc#1234045).
- jbd2: correctly compare tids with tid_geq function in jbd2_fc_begin_commit (bsc#1231638).
- jbd2: fix kernel-doc for j_transaction_overhead_buffers (bsc#1234042).
- jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev (bsc#1234044).
- jbd2: fix soft lockup in journal_finish_inode_data_buffers() (bsc#1234046).
- jbd2: make jbd2_journal_get_max_txn_bufs() internal (bsc#1234041).
- jbd2: precompute number of transaction descriptor blocks (bsc#1234042).
- jfs: Fix sanity check in dbMount (git-fixes).
- jfs: Fix uaf in dbFreeBits (git-fixes).
- jfs: Fix uninit-value access of new_ea in ea_buffer (git-fixes).
- jfs: UBSAN: shift-out-of-bounds in dbFindBits (git-fixes).
- jfs: check if leafidx greater than num leaves per dmap tree (git-fixes).
- jump_label: Fix static_key_slow_dec() yet again (git-fixes).
- kABI fix of VM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC) (git-fixes).
- kABI workaround for ASoC SOF (bsc#1233305).
- kABI: Restore exported __arm_smccc_sve_check (git-fixes)
- kABI: bpf: enum bpf_{type_flag,arg_type} kABI workaround (git-fixes).
- kABI: bpf: struct bpf_insn_acces_aux kABI workaround (git-fixes).
- kabi, mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling (git-fixes kabi).
- kasan: Fix Software Tag-Based KASAN with GCC (git-fixes).
- kasan: move checks to do_strncpy_from_user (git-fixes).
- kbuild, bpf: Use test-ge check for v1.25-only pahole (bsc#1230414 bsc#1229450).
- kbuild,bpf: Add module-specific pahole flags for distilled base BTF (bsc#1230414 bsc#1229450).
- kbuild,bpf: Switch to using --btf_features for pahole v1.26 and later (bsc#1230414 bsc#1229450).
- kbuild: avoid too many execution of scripts/pahole-flags.sh (bsc#1230414 bsc#1229450).
- kbuild: bpf: Tell pahole to DECL_TAG kfuncs (bsc#1230414 bsc#1229450).
- kconfig: qconf: fix buffer overflow in debug links (git-fixes).
- kernel-binary: Enable livepatch package only when livepatch is enabled Otherwise the filelist may be empty failing the build (bsc#1218644).
- kexec_file: fix elfcorehdr digest exclusion when CONFIG_CRASH_HOTPLUG=y (git-fixes).
- keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry (git-fixes).
- keys: Fix overwrite of key expiration on instantiation (git-fixes).
- kthread: unpark only parked kthread (git-fixes).
- leds: lp55xx: Remove redundant test for invalid channel number (git-fixes).
- lib/xarray: introduce a new helper xas_get_order (bsc#1231617).
- lib: string_helpers: silence snprintf() output truncation warning (git-fixes).
- mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING (git-fixes).
- macsec: do not increment counters for an unrelated SA (git-fixes).
- mailbox: arm_mhuv2: clean up loop in get_irq_chan_comb() (git-fixes).
- maple_tree: correct tree corruption on spanning store (git-fixes).
- maple_tree: fix alloc node fail issue (git-fixes).
- maple_tree: refine mas_store_root() on storing NULL (git-fixes).
- media: Drop the previous HD-audio TAS2781 fix (bsc#1230132)
- media: adv7604: prevent underflow condition when reporting colorspace (git-fixes).
- media: amphion: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- media: amphion: Set video drvdata before register video device (git-fixes).
- media: ar0521: do not overflow when checking PLL values (git-fixes).
- media: atomisp: Add check for rgby_data memory allocation failure (git-fixes).
- media: bttv: use audio defaults for winfast2000 (git-fixes).
- media: core: v4l2-ioctl: check if ioctl is known to avoid NULL name (git-fixes).
- media: cx24116: prevent overflows on SNR calculus (git-fixes).
- media: dvb_frontend: do not play tricks with underflow values (git-fixes).
- media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set (stable-fixes).
- media: dvbdev: prevent the risk of out of memory access (git-fixes).
- media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate() (git-fixes).
- media: i2c: dw9768: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- media: i2c: imx335: Enable regulator supplies (stable-fixes).
- media: i2c: tc358743: Fix crash in the probe error path when using polling (git-fixes).
- media: imx-jpeg: Ensure power suppliers be suspended before detach them (git-fixes).
- media: imx-jpeg: Set video drvdata before register video device (git-fixes).
- media: imx335: Fix reset-gpio handling (git-fixes).
- media: mantis: remove orphan mantis_core.h (git-fixes).
- media: mtk-jpeg: Fix null-ptr-deref during unload module (git-fixes).
- media: pci: ipu3-cio2: Initialise timing struct to avoid a compiler warning (git-fixes).
- media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() (git-fixes).
- media: platform: exynos4-is: Fix an OF node reference leak in fimc_md_is_isp_available (git-fixes).
- media: pulse8-cec: fix data timestamp at pulse8_setup() (git-fixes).
- media: s5p-jpeg: prevent buffer overflows (git-fixes).
- media: stb0899_algo: initialize cfr before using it (git-fixes).
- media: ts2020: fix null-ptr-deref in ts2020_probe() (git-fixes).
- media: uvcvideo: Require entities to have a non-zero unique ID (git-fixes).
- media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (git-fixes).
- media: uvcvideo: Stop stream during unregister (git-fixes).
- media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl() (git-fixes).
- media: v4l2-tpg: prevent the risk of a division by zero (git-fixes).
- media: vb2: Fix comment (git-fixes).
- media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() (stable-fixes).
- media: videobuf2: fix typo: vb2_dbuf -> vb2_qbuf (git-fixes).
- media: wl128x: Fix atomicity violation in fmc_send_cmd() (git-fixes).
- mei: use kvmalloc for read buffer (git-fixes).
- mfd: intel_soc_pmic_chtwc: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes).
- mfd: rt5033: Fix missing regmap_del_irq_chip() (git-fixes).
- mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race (git-fixes).
- minmax: avoid overly complex min()/max() macro arguments in xen (git-fixes).
- minmax: scsi: fix mis-use of 'clamp()' in sr.c (git-fixes).
- misc: apds990x: Fix missing pm_runtime_disable() (git-fixes).
- mlx5: avoid truncating error message (git-fixes).
- mlx5: stop warning for 64KB pages (git-fixes).
- mlxbf_gige: disable RX filters until RX path initialized (git-fixes).
- mm/filemap: optimize filemap folio adding (bsc#1231617).
- mm/filemap: return early if failed to allocate memory for split (bsc#1231617).
- mm/hugetlb: fix nodes huge page allocation when there are surplus pages (bsc#1234012).
- mm: avoid unsafe VMA hook invocation when error arises on mmap hook (git-fixes).
- mm: khugepaged: fix the arguments order in khugepaged_collapse_file trace point (git-fixes).
- mm: mmap: no need to call khugepaged_enter_vma() for stack (jsc#PED-10978).
- mm: move dummy_vm_ops out of a header (git-fixes prerequisity).
- mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling (git-fixes).
- mm: refactor map_deny_write_exec() (git-fixes).
- mm: resolve faulty mmap_region() error path behaviour (git-fixes).
- mm: unconditionally close VMAs on error (git-fixes).
- mmc: core: Further prevent card detect during shutdown (git-fixes).
- mmc: mmc_spi: drop buggy snprintf() (git-fixes).
- mmc: sunxi-mmc: Fix A100 compatible description (git-fixes).
- modpost: fix acpi MODULE_DEVICE_TABLE built with mismatched endianness (git-fixes).
- modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host (git-fixes).
- modpost: remove incorrect code in do_eisa_entry() (git-fixes).
- module: abort module loading when sysfs setup suffer errors (git-fixes).
- mtd: rawnand: atmel: Fix possible memory leak (git-fixes).
- mtd: spi-nor: core: replace dummy buswidth from addr to data (git-fixes).
- nbd: fix race between timeout and normal completion (bsc#1230918).
- net/mlx5: Add missing masks and QoS bit masks for scheduling elements (git-fixes).
- net/mlx5: Added cond_resched() to crdump collection (git-fixes).
- net/mlx5: Check capability for fw_reset (git-fixes).
- net/mlx5: Check for invalid vector index on EQ creation (git-fixes).
- net/mlx5: Explicitly set scheduling element and TSAR type (git-fixes).
- net/mlx5: Fix command bitmask initialization (git-fixes).
- net/mlx5: Fix error handling in irq_pool_request_irq (git-fixes).
- net/mlx5: Lag, do bond only if slaves agree on roce state (git-fixes).
- net/mlx5: Lag, do not use the hardcoded value of the first port (git-fixes).
- net/mlx5: Stop waiting for PCI if pci channel is offline (git-fixes).
- net/mlx5: Unregister notifier on eswitch init failure (git-fixes).
- net/mlx5: Update the list of the PCI supported devices (git-fixes).
- net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys (git-fixes).
- net/mlx5e: Add missing link mode to ptys2ext_ethtool_map (git-fixes).
- net/mlx5e: Add missing link modes to ptys2ethtool_map (git-fixes).
- net/mlx5e: Add mqprio_rl cleanup and free in mlx5e_priv_cleanup() (git-fixes).
- net/mlx5e: Correctly report errors for ethtool rx flows (git-fixes).
- net/mlx5e: Do not call cleanup on profile rollback failure (git-fixes).
- net/mlx5e: Fix IPsec tunnel mode offload feature check (git-fixes).
- net/mlx5e: Fix UDP GSO for encapsulated packets (git-fixes).
- net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets (git-fixes).
- net/mlx5e: Require mlx5 tc classifier action support for IPsec prio capability (git-fixes).
- net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion (git-fixes).
- net: mana: Implement get_ringparam/set_ringparam for mana (bsc#1229891).
- net: mana: Improve mana_set_channels() in low mem conditions (bsc#1230289).
- net: mdio-ipq4019: add missing error check (git-fixes).
- net: phy: Remove LED entry from LEDs list on unregister (git-fixes).
- net: phy: bcm84881: Fix some error handling paths (git-fixes).
- net: phy: dp83822: Fix reset pin definitions (git-fixes).
- net: phy: dp83869: fix memory corruption when enabling fiber (git-fixes).
- net: phy: ti: add PHY_RST_AFTER_CLK_EN flag (git-fixes).
- net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() (git-fixes).
- net: qede: use return from qede_parse_actions() (git-fixes).
- net: qede: use return from qede_parse_flow_attr() for flow_spec (git-fixes).
- net: qede: use return from qede_parse_flow_attr() for flower (git-fixes).
- net: relax socket state check at accept time (git-fixes).
- net: stmmac: dwmac-tegra: Fix link bring-up sequence (git-fixes)
- net: sysfs: Fix /sys/class/net/<iface> path for statistics (git-fixes).
- net: test for not too small csum_start in virtio_net_hdr_to_skb() (git-fixes).
- net: usb: lan78xx: Fix double free issue with interrupt buffer allocation (git-fixes).
- net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device (git-fixes).
- net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration (git-fixes).
- net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition (stable-fixes).
- net: usb: usbnet: fix name regression (get-fixes).
- net: usb: usbnet: fix race in probe failure (git-fixes).
- net: wwan: fix global oob in wwan_rtnl_policy (git-fixes).
- net: wwan: t7xx: Fix off-by-one error in t7xx_dpmaif_rx_buf_alloc() (git-fixes).
- net: xfrm: preserve kabi for xfrm_state (bsc#1233754).
- netdevsim: copy addresses for both in and out paths (git-fixes).
- netdevsim: use cond_resched() in nsim_dev_trap_report_work() (git-fixes).
- netfilter: nf_tables: missing iterator type in lookup walk (git-fixes).
- nfs: Fix KMSAN warning in decode_getfattr_attrs() (git-fixes).
- nfs: avoid i_lock contention in nfs_clear_invalid_mapping (git-fixes).
- nfs: fix memory leak in error path of nfs4_do_reclaim (git-fixes).
- nfsd: call cache_put if xdr_reserve_space returns NULL (git-fixes).
- nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net (git-fixes).
- nfsd: fix delegation_blocked() to block correctly for at least 30 seconds (git-fixes).
- nfsd: fix refcount leak when file is unhashed after being found (git-fixes).
- nfsd: map the EBADMSG to nfserr_io to avoid warning (git-fixes).
- nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire (git-fixes).
- nfsd: remove unsafe BUG_ON from set_change_info (bsc#1234121).
- nfsd: return -EINVAL when namelen is 0 (git-fixes).
- nilfs2: fix kernel bug due to missing clearing of buffer delay flag (git-fixes).
- nilfs2: fix potential deadlock with newly created symlinks (git-fixes).
- nouveau/dmem: Fix privileged error in copy engine channel (git-fixes).
- nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error (git-fixes).
- nouveau/dp: handle retries for AUX CH transfers with GSP (git-fixes).
- nouveau/gsp: Avoid addressing beyond end of rpc->entries (stable-fixes).
- nouveau: fw: sync dma after setup is called (git-fixes).
- nouveau: handle EBUSY and EAGAIN for GSP aux errors (git-fixes).
- ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).
- ntfs3: Add bounds checking to mi_enum_attr() (bsc#1233207)
- nvme-fabrics: fix kernel crash while shutting down controller (git-fixes).
- nvme-loop: flush off pending I/O while shutting down loop controller (git-fixes).
- nvme-multipath: suppress partition scan until the disk is ready (bsc#1228244).
- nvme-pci: fix freeing of the HMB descriptor table (git-fixes).
- nvme-pci: fix race condition between reset and nvme_dev_disable() (git-fixes).
- nvme-pci: qdepth 1 quirk (git-fixes).
- nvme-pci: reverse request order in nvme_queue_rqs (git-fixes).
- nvme-pci: set doorbell config before unquiescing (git-fixes).
- nvme/host: Fix RCU list traversal to use SRCU primitive (git-fixes).
- nvme: disable CC.CRIME (NVME_CC_CRIME) (jsc#PED-9901).
- nvme: null terminate nvme_tls_attrs (git-fixes).
- nvme: re-fix error-handling for io_uring nvme-passthrough (git-fixes).
- nvme: tcp: avoid race between queue_lock lock and destroy (git-fixes).
- nvmet-auth: assign dh_key to NULL after kfree_sensitive (git-fixes).
- ocfs2: Drop OCFS2 patch causing a regression (bsc#1233255)
- ocfs2: fix UBSAN warning in ocfs2_verify_volume() (git-fixes).
- ocfs2: fix the la space leak when unmounting an ocfs2 volume (git-fixes).
- ocfs2: fix uninit-value in ocfs2_get_block() (git-fixes).
- ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow (git-fixes).
- ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() (git-fixes).
- ocfs2: uncache inode which has failed entering the group (git-fixes).
- of: Add cleanup.h based auto release via __free(device_node) markings (bsc#1232386)
- parport: Proper fix for array out-of-bounds access (git-fixes).
- phy: freescale: imx8m-pcie: Do CMN_RST just before PHY PLL lock check (git-fixes).
- phy: qcom: qmp-combo: move driver data initialisation earlier (git-fixes).
- phy: qcom: qmp-usb: fix NULL-deref on runtime suspend (git-fixes).
- phy: tegra: xusb: Add error pointer check in xusb.c (git-fixes).
- phy: ti: phy-j721e-wiz: fix usxgmii configuration (git-fixes).
- pinctrl: apple: check devm_kasprintf() returned value (git-fixes).
- pinctrl: k210: Undef K210_PC_DEFAULT (git-fixes).
- pinctrl: ocelot: fix system hang on level based interrupts (stable-fixes).
- pinctrl: qcom: spmi: fix debugfs drive strength (git-fixes).
- pinctrl: zynqmp: drop excess struct member description (git-fixes).
- platform/chrome: cros_ec_typec: fix missing fwnode reference decrement (git-fixes).
- platform/x86/amd/pmc: Detect when STB is not available (git-fixes).
- platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug (git-fixes).
- platform/x86: dell-sysman: add support for alienware products (stable-fixes).
- platform/x86: dell-wmi: Ignore suspend notifications (stable-fixes).
- platform/x86: lenovo-ymc: Ignore the 0x0 state (stable-fixes).
- platform/x86: panasonic-laptop: Return errno correctly in show callback (git-fixes).
- platform/x86: touchscreen_dmi: add nanote-next quirk (stable-fixes).
- posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone (bsc#1234098).
- power: reset: brcmstb: Do not go into infinite loop if reset fails (stable-fixes).
- power: supply: bq27xxx: Fix registers of bq27426 (git-fixes).
- power: supply: core: Remove might_sleep() from power_supply_put() (git-fixes).
- power: supply: rt9471: Fix wrong WDT function regfield declaration (git-fixes).
- power: supply: rt9471: Use IC status regfield to report real charger status (git-fixes).
- powercap: intel_rapl: Fix off by one in get_rpi() (git-fixes).
- powerpc/64: Convert patch_instruction() to patch_u32() (bsc#1194869).
- powerpc/64s: Fix unnecessary copy to 0 when kernel is booted at address 0 (bsc#1215199).
- powerpc/atomic: Use YZ constraints for DS-form instructions (bsc#1194869).
- powerpc/boot: Handle allocation failure in simple_realloc() (bsc#1194869).
- powerpc/boot: Only free if realloc() succeeds (bsc#1194869).
- powerpc/code-patching: Add generic memory patching (bsc#1194869).
- powerpc/code-patching: Perform hwsync in __patch_instruction() in case of failure (bsc#1194869).
- powerpc/crypto: do not build aes-gcm-p10 by default (bsc#1230501 ltc#208632).
- powerpc/crypto: fix missing skcipher dependency for aes-gcm-p10 (bsc#1230501 ltc#208632).
- powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init() (bsc#1215199).
- powerpc/fadump: Refactor and prepare fadump_cma_init for late init (bsc#1215199).
- powerpc/kexec: Fix return of uninitialized variable (bsc#1194869).
- powerpc/mm/fault: Fix kfence page fault reporting (bsc#1194869).
- powerpc/mm: Fix boot crash with FLATMEM (bsc#1194869).
- powerpc/mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL (bsc#1194869).
- powerpc/powernv: Free name on error in opal_event_init() (bsc#1194869).
- powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector (bsc#1194869).
- powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore (bsc#1194869).
- powerpc/pseries: Use correct data types from pseries_hp_errorlog struct (bsc#1215199).
- powerpc/vdso: Fix VDSO data access when running in a non-root time namespace (bsc#1194869).
- powerpc/vdso: Inconditionally use CFUNC macro (bsc#1215199).
- powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu (bsc#1194869).
- powerpc/xmon: Fix disassembly CPU feature checks (bsc#1065729).
- printk: Add notation to console_srcu locking (bsc#1232183).
- pwm: imx-tpm: Use correct MODULO value for EPWM mode (git-fixes).
- qed: avoid truncating work queue length (git-fixes).
- rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow (bsc#1226631).
- rcu: Fix buffer overflow in print_cpu_stall_info() (bsc#1226623).
- regmap: detach regmap from dev on regmap_exit (git-fixes).
- regmap: irq: Set lockdep class for hierarchical IRQ domains (git-fixes).
- rpm/check-for-config-changes: add HAVE_RUST and RUSTC_SUPPORTS_ to IGNORED_CONFIGS_RE They depend on SHADOW_CALL_STACK.
- rpm/release-projects: Add SLFO projects (bsc#1231293).
- rpm/scripts: Remove obsolete Symbols.list Symbols.list is not longer needed by the new klp-convert implementation. (bsc#1218644)
- rpmsg: glink: Handle rejected intent request better (git-fixes).
- rtc: ab-eoz9: do not fail temperature reads on undervoltage notification (git-fixes).
- rtc: abx80x: Fix WDT bit position of the status register (git-fixes).
- rtc: bbnsm: add remove hook (git-fixes).
- rtc: check if __rtc_read_time was successful in rtc_timer_do_work() (git-fixes).
- rtc: rzn1: fix BCD to rtc_time conversion errors (git-fixes).
- rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- runtime constants: add default dummy infrastructure (git-fixes).
- runtime constants: add x86 architecture support (git-fixes).
- s390/mm: Add cond_resched() to cmm_alloc/free_pages() (bsc#1228747).
- s390/pci: Handle PCI error codes other than 0x3a (git-fixes bsc#1232629).
- s390/sclp: Deactivate sclp after all its users (git-fixes bsc#1232628).
- s390/sclp_vt220: Convert newlines to CRLF instead of LFCR (git-fixes bsc#1232627).
- scsi: NCR5380: Check for phase match during PDMA fixup (git-fixes).
- scsi: NCR5380: Initialize buffer for MSG IN and STATUS transfers (git-fixes).
- scsi: Remove scsi device no_start_on_resume flag (git-fixes).
- scsi: aacraid: Rearrange order of struct aac_srb_unit (git-fixes).
- scsi: cdrom: kABI: fix cdrom_dev_ops change (git-fixes).
- scsi: core: Disable CDL by default (git-fixes).
- scsi: core: Fix handling of SCMD_FAIL_IF_RECOVERING (git-fixes).
- scsi: core: Fix the return value of scsi_logical_block_count() (git-fixes).
- scsi: core: Handle devices which return an unusually large VPD page count (git-fixes).
- scsi: core: alua: I/O errors for ALUA state transitions (git-fixes).
- scsi: fnic: Move flush_work initialization out of if block (bsc#1230055).
- scsi: hisi_sas: Handle the NCQ error returned by D2H frame (git-fixes).
- scsi: hpsa: Fix allocation size for Scsi_Host private data (git-fixes).
- scsi: kABI: restore no_start_on_resume to scsi_device (git-fixes).
- scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed (git-fixes).
- scsi: libsas: Fix the failure of adding phy with zero-address to port (git-fixes).
- scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in lpfc_els_flush_cmd() (bsc#1232757).
- scsi: lpfc: Add cleanup of nvmels_wq after HBA reset (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Call lpfc_sli4_queue_unset() in restart and rmmod paths (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Change lpfc_nodelist nlp_flag member into a bitmask (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Check SLI_ACTIVE flag in FDMI cmpl before submitting follow up FDMI (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Check devloss callbk done flag for potential stale NDLP ptrs (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Copyright updates for 14.4.0.6 patches (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance (bsc#1232757).
- scsi: lpfc: Fix kref imbalance on fabric ndlps from dev_loss_tmo handler (bsc#1232757).
- scsi: lpfc: Modify CGN warning signal calculation based on EDC response (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Prevent NDLP reference count underflow in dev_loss_tmo callback (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Remove NLP_RELEASE_RPI flag from nodelist structure (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Remove trailing space after \n newline (bsc#1232757).
- scsi: lpfc: Restrict support for 32 byte CDBs to specific HBAs (bsc#1232757 bsc#1228119).
- scsi: lpfc: Revise TRACE_EVENT log flag severities from KERN_ERR to KERN_WARNING (bsc#1232757).
- scsi: lpfc: Support loopback tests with VMID enabled (bsc#1232757).
- scsi: lpfc: Update lpfc version to 14.4.0.5 (bsc#1232757).
- scsi: lpfc: Update lpfc version to 14.4.0.6 (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Update lpfc_els_flush_cmd() to check for SLI_ACTIVE before BSG flag (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Update phba link state conditional before sending CMF_SYNC_WQE (bsc#1232757).
- scsi: mac_scsi: Disallow bus errors during PDMA send (git-fixes).
- scsi: mac_scsi: Refactor polling loop (git-fixes).
- scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages (git-fixes).
- scsi: mpi3mr: Avoid IOMMU page faults on REPORT ZONES (git-fixes).
- scsi: mpi3mr: Avoid memcpy field-spanning write WARNING (git-fixes).
- scsi: mpi3mr: Avoid possible run-time warning with long manufacturer strings (git-fixes).
- scsi: mpi3mr: Fix ATA NCQ priority support (git-fixes).
- scsi: mpi3mr: Validate SAS port assignments (git-fixes).
- scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES (git-fixes).
- scsi: pm8001: Do not overwrite PCI queue mapping (git-fixes).
- scsi: pm80xx: Set phy->enable_completion only when we wait for it (git-fixes).
- scsi: qedf: Set qed_slowpath_params to zero before use (git-fixes).
- scsi: scsi_transport_fc: Allow setting rport state to current state (git-fixes).
- scsi: sd: Ignore command SYNCHRONIZE CACHE error if format in progress (git-fixes).
- scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer (git-fixes).
- scsi: smartpqi: correct stream detection (git-fixes).
- scsi: smartpqi: revert propagate-the-multipath-failure-to-SML-quickly (git-fixes).
- scsi: spi: Fix sshdr use (git-fixes).
- scsi: sr: Fix unintentional arithmetic wraparound (git-fixes).
- scsi: wd33c93: Do not use stale scsi_pointer value (git-fixes).
- security/keys: fix slab-out-of-bounds in key_task_permission (git-fixes).
- selftests/bpf: Add a test case to write mtu result into .rodata (git-fixes).
- selftests/bpf: Add a test case to write strtol result into .rodata (git-fixes).
- selftests/bpf: Add test for sign extension in coerce_subreg_to_size_sx() (git-fixes).
- selftests/bpf: Add test for truncation after sign extension in coerce_reg_to_size_sx() (git-fixes).
- selftests/bpf: Add tests for ldsx of pkt data/data_end/data_meta accesses (git-fixes).
- selftests/bpf: Fix ARG_PTR_TO_LONG {half-,}uninitialized test (git-fixes).
- selftests/bpf: Rename ARG_PTR_TO_LONG test description (git-fixes).
- selftests/bpf: test for malformed BPF_CORE_TYPE_ID_LOCAL relocation (git-fixes).
- serial: 8250: omap: Move pm_runtime_get_sync (git-fixes).
- serial: imx: Update mctrl old_status on RTSD interrupt (git-fixes).
- serial: protect uart_port_dtr_rts() in uart_shutdown() too (stable-fixes).
- signal: Replace BUG_ON()s (bsc#1234093).
- soc: fsl: rcpm: fix missing of_node_put() in copy_ippdexpcr1_setting() (git-fixes).
- soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() (git-fixes).
- soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- soundwire: intel_bus_common: enable interrupts before exiting reset (stable-fixes).
- spi: Fix acpi deferred irq probe (git-fixes).
- spi: atmel-quadspi: Fix register name in verbose logging function (git-fixes).
- spi: atmel-quadspi: Fix wrong register value written to MR (git-fixes).
- spi: mpc52xx: Add cancel_work_sync before module remove (git-fixes).
- spi: mtk-snfi: fix kerneldoc for mtk_snand_is_page_ops() (git-fixes).
- spi: s3c64xx: fix timeout counters in flush_fifo (git-fixes).
- spi: spi-fsl-dspi: Fix crash when not using GPIO chip select (git-fixes).
- spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- spi: tegra210-quad: Avoid shift-out-of-bounds (git-fixes).
- splice: always fsnotify_access(in), fsnotify_modify(out) on success (git-fixes).
- splice: fsnotify_access(fd)/fsnotify_modify(fd) in vmsplice (git-fixes).
- splice: fsnotify_access(in), fsnotify_modify(out) on success in tee (git-fixes).
- srcu: Fix callbacks acceleration mishandling (git-fixes).
- staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() (git-fixes).
- sumversion: Fix a memory leak in get_src_version() (git-fixes).
- supported.conf: mark nhpoly1305 module as supported (bsc#1231035).
- supported.conf: mark ultravisor userspace access as supported (bsc#1232090).
- task_work: add kerneldoc annotation for 'data' argument (git-fixes).
- tcp: Fix refcnt handling in __inet_hash_connect() (git-fixes).
- thermal: core: Initialize thermal zones before registering them (git-fixes).
- thermal: int3400: Fix reading of current_uuid for active policy (git-fixes).
- thermal: intel: int340x: processor: Fix warning during module unload (git-fixes).
- thunderbolt: Honor TMU requirements in the domain when setting TMU mode (stable-fixes).
- thunderbolt: Improve DisplayPort tunnel setup process to be more robust (stable-fixes).
- tools/lib/thermal: Fix sampling handler context ptr (git-fixes).
- tools/power turbostat: Fix trailing '\n' parsing (git-fixes).
- tools/power turbostat: Increase the limit for fd opened (bsc#1233119).
- tools: hv: rm .*.cmd when make clean (git-fixes).
- tpm: Lock TPM chip in tpm_pm_suspend() first (bsc#1082555 git-fixes).
- tpm: fix signed/unsigned bug when checking event logs (git-fixes).
- tracing/hwlat: Fix a race during cpuhp processing (git-fixes).
- tracing/osnoise: Fix build when timerlat is not enabled (git-fixes).
- tracing/osnoise: Skip running osnoise if all instances are off (git-fixes).
- tracing/osnoise: Switch from PF_NO_SETAFFINITY to migrate_disable (git-fixes).
- tracing/osnoise: Use a cpumask to know what threads are kthreads (git-fixes).
- tracing/timerlat: Add interface_lock around clearing of kthread in stop_kthread() (git-fixes).
- tracing/timerlat: Add user-space interface (git-fixes).
- tracing/timerlat: Drop interface_lock in stop_kthread() (git-fixes).
- tracing/timerlat: Fix a race during cpuhp processing (git-fixes).
- tracing/timerlat: Fix duplicated kthread creation due to CPU online/offline (git-fixes).
- tracing/timerlat: Move hrtimer_init to timerlat_fd open() (git-fixes).
- tracing/timerlat: Only clear timer if a kthread exists (git-fixes).
- tracing: Consider the NULL character when validating the event length (git-fixes).
- tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler (git-fixes).
- tty: n_gsm: Fix use-after-free in gsm_cleanup_mux (stable-fixes).
- u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file (git-fixes).
- ubifs: Fix adding orphan entry twice for the same inode (git-fixes).
- ubifs: Fix unattached xattr inode if powercut happens after deleting (git-fixes).
- ubifs: add check for crypto_shash_tfm_digest (git-fixes).
- ubifs: dbg_orphan_check: Fix missed key type checking (git-fixes).
- ucounts: fix counter leak in inc_rlimit_get_ucounts() (bsc#1233460).
- unicode: Do not special case ignorable code points (stable-fixes).
- unicode: Fix utf8_load() error path (git-fixes).
- uprobe: avoid out-of-bounds memory access of fetching args (git-fixes).
- uprobes: encapsulate preparation of uprobe args buffer (git-fixes).
- uprobes: introduce the global struct vm_special_mapping xol_mapping (bsc#1231114).
- uprobes: turn xol_area->pages into xol_area->page (bsc#1231114).
- usb: chipidea: udc: enable suspend interrupt after usb reset (stable-fixes).
- usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the Crashkernel Scenario (stable-fixes).
- usb: dwc3: Wait for EndXfer completion before restoring GUSB2PHYCFG (git-fixes).
- usb: dwc3: core: Stop processing of pending events if controller is halted (git-fixes).
- usb: dwc3: gadget: Add missing check for single port RAM in TxFIFO resizing logic (git-fixes).
- usb: dwc3: gadget: Fix checking for number of TRBs left (git-fixes).
- usb: dwc3: gadget: Fix looping of queued SG entries (git-fixes).
- usb: ehci-spear: fix call balance of sehci clk handling routines (git-fixes).
- usb: gadget: core: force synchronous registration (git-fixes).
- usb: gadget: dummy_hcd: Set transfer interval to 1 microframe (stable-fixes).
- usb: gadget: dummy_hcd: Switch to hrtimer transfer scheduler (stable-fixes).
- usb: gadget: dummy_hcd: execute hrtimer callback in softirq context (git-fixes).
- usb: gadget: f_uac2: Replace snprintf() with the safer scnprintf() variant (stable-fixes).
- usb: gadget: f_uac2: fix non-newline-terminated function name (stable-fixes).
- usb: gadget: f_uac2: fix return value for UAC2_ATTRIBUTE_STRING store (git-fixes).
- usb: musb: Fix hardware lockup on first Rx endpoint request (git-fixes).
- usb: musb: sunxi: Fix accessing an released usb phy (git-fixes).
- usb: phy: Fix API devm_usb_put_phy() can not release the phy (git-fixes).
- usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip (stable-fixes).
- usb: typec: altmode should keep reference to parent (git-fixes).
- usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() (git-fixes).
- usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes() (git-fixes).
- usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() (git-fixes).
- usb: xhci: Fix TD invalidation under pending Set TR Dequeue (git-fixes).
- usb: xhci: Fix problem with xhci resume from suspend (stable-fixes).
- usb: xhci: fix loss of data on Cadence xHC (git-fixes).
- usb: yurex: make waiting on yurex_write interruptible (git-fixes).
- usbip: tools: Fix detach_port() invalid port error path (git-fixes).
- usbnet: fix cyclical race on disconnect with work queue (git-fixes).
- vdpa: Fix an error handling path in eni_vdpa_probe() (git-fixes).
- vdpa_sim_blk: Fix the potential leak of mgmt_dev (git-fixes).
- vdpa_sim_blk: allocate the buffer zeroed (git-fixes).
- vduse: avoid using __GFP_NOFAIL (git-fixes).
- vfs: dcache: move hashlen_hash() from callers into d_hash() (git-fixes).
- vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (git-fixes).
- vhost_vdpa: assign irq bypass producer token correctly (git-fixes).
- virtio_console: fix misc probe bugs (git-fixes).
- vmalloc: modify the alloc_vmap_area() error message for better diagnostics (jsc#PED-10978).
- vmxnet3: Add XDP support (bsc#1226498).
- vmxnet3: Fix missing reserved tailroom (bsc#1226498).
- vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame (bsc#1226498).
- vmxnet3: add command to allow disabling of offloads (bsc#1226498).
- vmxnet3: add latency measurement support in vmxnet3 (bsc#1226498).
- vmxnet3: prepare for version 9 changes (bsc#1226498).
- vmxnet3: update to version 9 (bsc#1226498).
- vsock: Update msg_count on read_skb() (git-fixes).
- vt: prevent kernel-infoleak in con_font_get() (git-fixes).
- watchdog: apple: Actually flush writes after requesting watchdog restart (git-fixes).
- watchdog: mediatek: Make sure system reset gets asserted in mtk_wdt_restart() (git-fixes).
- watchdog: rti: of: honor timeout-sec property (git-fixes).
- wifi: ath10k: Fix memory leak in management tx (git-fixes).
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1 (git-fixes).
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2 (git-fixes).
- wifi: ath11k: Fix CE offset address calculation for WCN6750 in SSR (git-fixes).
- wifi: ath11k: Fix invalid ring usage in full monitor mode (git-fixes).
- wifi: ath11k: fix array out-of-bound access in SoC stats (stable-fixes).
- wifi: ath12k: Skip Rx TID cleanup for self peer (git-fixes).
- wifi: ath12k: fix array out-of-bound access in SoC stats (stable-fixes).
- wifi: ath12k: fix crash when unbinding (git-fixes).
- wifi: ath12k: fix warning when unbinding (git-fixes).
- wifi: ath12k: remove msdu_end structure for WCN7850 (git-fixes).
- wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (git-fixes).
- wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() (stable-fixes).
- wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit (stable-fixes).
- wifi: brcm80211: BRCM_TRACING should depend on TRACING (git-fixes).
- wifi: brcmfmac: release 'root' node in all execution paths (git-fixes).
- wifi: cfg80211: Set correct chandef when starting CAC (stable-fixes).
- wifi: cfg80211: clear wdev->cqm_config pointer on free (git-fixes).
- wifi: cw1200: Fix potential NULL dereference (git-fixes).
- wifi: iwlegacy: Clear stale interrupts before resuming device (stable-fixes).
- wifi: iwlegacy: Fix "field-spanning write" warning in il_enqueue_hcmd() (git-fixes).
- wifi: iwlwifi: allow only CN mcc from WRDD (stable-fixes).
- wifi: iwlwifi: config: label 'gl' devices as discrete (git-fixes).
- wifi: iwlwifi: mvm: Fix a race in scan abort flow (stable-fixes).
- wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() (git-fixes).
- wifi: iwlwifi: mvm: avoid NULL pointer dereference (stable-fixes).
- wifi: iwlwifi: mvm: do not add default link in fw restart flow (git-fixes).
- wifi: iwlwifi: mvm: do not leak a link on AP removal (git-fixes).
- wifi: iwlwifi: mvm: drop wrong STA selection in TX (stable-fixes).
- wifi: iwlwifi: mvm: use correct key iteration (stable-fixes).
- wifi: iwlwifi: remove AX101, AX201 and AX203 support from LNL (stable-fixes).
- wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower (git-fixes).
- wifi: mac80211: fix RCU list iterations (stable-fixes).
- wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys (git-fixes).
- wifi: mt76: mt7915: add dummy HW offload of IEEE 802.11 fragmentation (stable-fixes).
- wifi: mt76: mt7915: disable tx worker during tx BA session enable/disable (stable-fixes).
- wifi: mt76: mt7915: hold dev->mt76.mutex while disabling tx worker (stable-fixes).
- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() (stable-fixes).
- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (git-fixes).
- wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- wifi: rtw88: 8821cu: Remove VID/PID 0bda:c82c (stable-fixes).
- wifi: rtw88: Fix USB/SDIO devices not transmitting beacons (git-fixes).
- wifi: rtw88: select WANT_DEV_COREDUMP (stable-fixes).
- wifi: rtw89: avoid reading out of bounds when loading TX power FW elements (stable-fixes).
- wifi: rtw89: avoid to add interface to list twice when SER (stable-fixes).
- wifi: rtw89: correct base HT rate mask for firmware (stable-fixes).
- wifi: wfx: Fix error handling in wfx_core_init() (git-fixes).
- x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client (bsc#1233443).
- x86/CPU/AMD: Only apply Zenbleed fix for Zen2 during late microcode load (git-fixes).
- x86/Documentation: Indent 'note::' directive for protocol version number note (git-fixes).
- x86/PCI: Check pcie_find_root_port() return for NULL (git-fixes).
- x86/amd_nb: Add new PCI IDs for AMD family 1Ah model 60h (git-fixes).
- x86/apic: Always explicitly disarm TSC-deadline timer (git-fixes).
- x86/apic: Make x2apic_disable() work correctly (git-fixes).
- x86/bugs: Do not use UNTRAIN_RET with IBPB on entry (git-fixes).
- x86/bugs: Skip RSB fill at VMEXIT (git-fixes).
- x86/cpufeatures: Add a IBPB_NO_RET BUG flag (git-fixes).
- x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET (git-fixes).
- x86/entry: Have entry_ibpb() invalidate return predictions (git-fixes).
- x86/entry: Remove unwanted instrumentation in common_interrupt() (git-fixes).
- x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency (git-fixes).
- x86/microcode/intel: Remove unnecessary cache writeback and invalidation (git-fixes).
- x86/mm: Use IPIs to synchronize LAM enablement (git-fixes).
- x86/resctrl: Annotate get_mem_config() functions as __init (git-fixes).
- x86/resctrl: Avoid overflow in MB settings in bw_validate() (git-fixes).
- x86/resctrl: Remove hard-coded memory bandwidth limit (git-fixes).
- x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler (git-fixes).
- x86/syscall: Avoid memcpy() for ia32 syscall_get_arguments() (git-fixes).
- x86/tdx: Dynamically disable SEPT violations from causing #VEs (git-fixes).
- x86/tdx: Enable CPU topology enumeration (git-fixes).
- x86/tdx: Introduce wrappers to read and write TD metadata (git-fixes).
- x86/tdx: Rename tdx_parse_tdinfo() to tdx_setup() (git-fixes).
- x86/traps: move kmsan check after instrumentation_begin (git-fixes).
- x86: Increase brk randomness entropy for 64-bit systems (git-fixes).
- x86: do the user address masking outside the user access area (git-fixes).
- x86: fix off-by-one in access_ok() (git-fixes).
- x86: fix user address masking non-canonical speculation issue (git-fixes).
- x86: make the masked_user_access_begin() macro use its argument only once (git-fixes).
- x86: support user address masking instead of non-speculative conditional (git-fixes).
- xfrm: Export symbol xfrm_dev_state_delete (bsc#1233754).
- xfrm: Fix unregister netdevice hang on hardware offload (bsc#1233754).
- xfs: check opcode and iovec count match in xlog_recover_attri_commit_pass2 (git-fixes).
- xfs: check shortform attr entry flags specifically (git-fixes).
- xfs: convert delayed extents to unwritten when zeroing post eof blocks (git-fixes).
- xfs: fix finding a last resort AG in xfs_filestream_pick_ag (git-fixes).
- xfs: fix freeing speculative preallocations for preallocated files (git-fixes).
- xfs: make sure sb_fdblocks is non-negative (git-fixes).
- xfs: make the seq argument to xfs_bmapi_convert_delalloc() optional (git-fixes).
- xfs: make xfs_bmapi_convert_delalloc() to allocate the target offset (git-fixes).
- xfs: remove a racy if_bytes check in xfs_reflink_end_cow_extent (git-fixes).
- xfs: validate recovered name buffers when recovering xattr items (git-fixes).
- xhci: Add a quirk for writing ERST in high-low order (git-fixes).
- xhci: Fix Link TRB DMA in command ring stopped completion event (git-fixes).
- xhci: Fix incorrect stream context type macro (git-fixes).
- xhci: Mitigate failed set dequeue pointer commands (git-fixes).
- xhci: Use pm_runtime_get to prevent RPM on unsupported systems (git-fixes).
- xhci: tegra: fix checked USB2 port number (git-fixes).
- zonefs: Improve error handling (git-fixes).
Patchnames
SUSE-SLE-Micro-6.1-kernel-2
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2023-52778: mptcp: deal with large GSO size (bsc#1224948).\n- CVE-2023-52920: bpf: support non-r10 register spill/fill to/from stack in precision tracking (bsc#1232823).\n- CVE-2024-26596: net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events (bsc#1220355).\n- CVE-2024-26741: dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished() (bsc#1222587).\n- CVE-2024-26782: mptcp: fix double-free on socket dismantle (bsc#1222590).\n- CVE-2024-26953: net: esp: fix bad handling of pages from page_pool (bsc#1223656).\n- CVE-2024-27017: netfilter: nft_set_pipapo: walk over current view on netlink dump (bsc#1223733).\n- CVE-2024-35888: erspan: make sure erspan_base_hdr is present in skb-\u003ehead (bsc#1224518).\n- CVE-2024-36000: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (bsc#1224548).\n- CVE-2024-36244: net/sched: taprio: extend minimum interval restriction to entire cycle too (bsc#1226797).\n- CVE-2024-36883: net: fix out-of-bounds access in ops_init (bsc#1225725).\n- CVE-2024-36886: tipc: fix UAF in error path (bsc#1225730).\n- CVE-2024-36905: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (bsc#1225742).\n- CVE-2024-36927: ipv4: Fix uninit-value access in __ip_make_skb() (bsc#1225813).\n- CVE-2024-36954: tipc: fix a possible memleak in tipc_buf_append (bsc#1225764).\n- CVE-2024-36968: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() (bsc#1226130).\n- CVE-2024-38589: netrom: fix possible dead-lock in nr_rt_ioctl() (bsc#1226748).\n- CVE-2024-40914: mm/huge_memory: do not unpoison huge_zero_folio (bsc#1227842).\n- CVE-2024-41023: sched/deadline: Fix task_struct reference leak (bsc#1228430).\n- CVE-2024-41031: mm/filemap: skip to create PMD-sized page cache if needed (bsc#1228454).\n- CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620).\n- CVE-2024-42102: Revert \"mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again\" (bsc#1233132).\n- CVE-2024-44958: sched/smt: Fix unbalance sched_smt_present dec/inc (bsc#1230179).\n- CVE-2024-44995: net: hns3: fix a deadlock problem when config TC during resetting (bsc#1230231).\n- CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429).\n- CVE-2024-45025: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (bsc#1230456).\n- CVE-2024-46678: bonding: change ipsec_lock from spin lock to mutex (bsc#1230550).\n- CVE-2024-46680: Bluetooth: btnxpuart: Fix random crash seen while removing driver (bsc#1230557).\n- CVE-2024-46681: pktgen: use cpus_read_lock() in pg_net_init() (bsc#1230558).\n- CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710)\n- CVE-2024-46754: bpf: Remove tst_run from lwt_seg6local_prog_ops (bsc#1230801).\n- CVE-2024-46765: ice: protect XDP configuration with a mutex (bsc#1230807).\n- CVE-2024-46766: ice: move netif_queue_set_napi to rtnl-protected sections (bsc#1230762).\n- CVE-2024-46770: ice: Add netif_device_attach/detach into PF reset flow (bsc#1230763).\n- CVE-2024-46775: drm/amd/display: Validate function returns (bsc#1230774).\n- CVE-2024-46777: udf: Avoid excessive partition lengths (bsc#1230773).\n- CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827).\n- CVE-2024-46813: drm/amd/display: Check link_index before accessing dc-\u003elinks (bsc#1231191).\n- CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197).\n- CVE-2024-46826: ELF: fix kernel.randomize_va_space double read (bsc#1231115).\n- CVE-2024-46831: net: microchip: vcap: Fix use-after-free error in kunit test (bsc#1231117).\n- CVE-2024-46834: ethtool: fail closed if we can\u0027t get max channel used in indirection tables (bsc#1231096).\n- CVE-2024-46840: btrfs: clean up our handling of refs == 0 in snapshot delete (bsc#1231105).\n- CVE-2024-46841: btrfs: do not BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() (bsc#1231094).\n- CVE-2024-46843: scsi: ufs: core: Remove SCSI host only if added (bsc#1231100).\n- CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084).\n- CVE-2024-46855: netfilter: nft_socket: fix sk refcount leaks (bsc#1231085).\n- CVE-2024-46857: net/mlx5: Fix bridge mode operations when there are no VFs (bsc#1231087).\n- CVE-2024-46870: drm/amd/display: Disable DMCUB timeout for DCN35 (bsc#1231435).\n- CVE-2024-47658: crypto: stm32/cryp - call finalize with bh disabled (bsc#1231436).\n- CVE-2024-47660: fsnotify: clear PARENT_WATCHED flags lazily (bsc#1231439).\n- CVE-2024-47664: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware (bsc#1231442).\n- CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673).\n- CVE-2024-47679: vfs: fix race between evice_inodes() and find_inode()\u0026iput() (bsc#1231930).\n- CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987).\n- CVE-2024-47685: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (bsc#1231998).\n- CVE-2024-47687: vdpa/mlx5: Fix invalid mr resource destroy (bsc#1232003).\n- CVE-2024-47692: nfsd: return -EINVAL when namelen is 0 (bsc#1231857).\n- CVE-2024-47701: ext4: avoid OOB when system.data xattr changes underneath the filesystem (bsc#1231920).\n- CVE-2024-47703: bpf, lsm: add check for BPF LSM return value (bsc#1231946).\n- CVE-2024-47704: drm/amd/display: Check link_res-\u003ehpo_dp_link_enc before using it (bsc#1231944).\n- CVE-2024-47705: block: fix potential invalid pointer dereference in blk_add_partition (bsc#1231872).\n- CVE-2024-47706: block, bfq: fix possible UAF for bfqq-\u003ebic with merge chain (bsc#1231942).\n- CVE-2024-47707: ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (bsc#1231935).\n- CVE-2024-47710: sock_map: Add a cond_resched() in sock_hash_free() (bsc#1232049).\n- CVE-2024-47727: x86/tdx: Fix \"in-kernel MMIO\" check (bsc#1232116).\n- CVE-2024-47730: crypto: hisilicon/qm - inject error before stopping queue (bsc#1232075).\n- CVE-2024-47731: drivers/perf: Fix ali_drw_pmu driver interrupt status clearing (bsc#1232117).\n- CVE-2024-47739: padata: use integer wrap around to prevent deadlock on seq_nr overflow (bsc#1232124).\n- CVE-2024-47741: btrfs: fix race setting file private on concurrent lseek using same fd (bsc#1231869).\n- CVE-2024-47745: mm: call the security_mmap_file() LSM hook in remap_file_pages() (bsc#1232135).\n- CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145).\n- CVE-2024-47752: media: mediatek: vcodec: Fix H264 stateless decoder smatch warning (bsc#1232130).\n- CVE-2024-47753: media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning (bsc#1231868).\n- CVE-2024-47754: media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning (bsc#1232131).\n- CVE-2024-49852: scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() (bsc#1232819).\n- CVE-2024-49864: rxrpc: Fix a race between socket set up and I/O thread creation (bsc#1232256).\n- CVE-2024-49867: btrfs: wait for fixup workers before stopping cleaner kthread during umount (bsc#1232262).\n- CVE-2024-49868: btrfs: fix a NULL pointer dereference when failed to start a new trasacntion (bsc#1232272).\n- CVE-2024-49881: ext4: update orig_path in ext4_find_extent() (bsc#1232201).\n- CVE-2024-49882: ext4: fix double brelse() the buffer of the extents path (bsc#1232200).\n- CVE-2024-49883: ext4: aovid use-after-free in ext4_ext_insert_extent() (bsc#1232199).\n- CVE-2024-49888: bpf: Fix a sdiv overflow issue (bsc#1232208).\n- CVE-2024-49890: drm/amd/pm: ensure the fw_info is not null before using it (bsc#1232217).\n- CVE-2024-49892: drm/amd/display: Initialize get_bytes_per_element\u0027s default to 1 (bsc#1232220).\n- CVE-2024-49894: drm/amd/display: Fix index out of bounds in degamma hardware format translation (bsc#1232354).\n- CVE-2024-49895: drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation (bsc#1232352).\n- CVE-2024-49896: drm/amd/display: Check stream before comparing them (bsc#1232221).\n- CVE-2024-49897: drm/amd/display: Check phantom_stream before it is used (bsc#1232355).\n- CVE-2024-49898: drm/amd/display: Check null-initialized variables (bsc#1232222).\n- CVE-2024-49899: drm/amd/display: Initialize denominators\u0027 default to 1 (bsc#1232358).\n- CVE-2024-49901: drm/msm/adreno: Assign msm_gpu-\u003epdev earlier to avoid nullptrs (bsc#1232305).\n- CVE-2024-49906: drm/amd/display: Check null pointer before try to access it (bsc#1232332).\n- CVE-2024-49907: drm/amd/display: Check null pointers before using dc-\u003eclk_mgr (bsc#1232334).\n- CVE-2024-49909: drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func (bsc#1232337).\n- CVE-2024-49911: drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func (bsc#1232366).\n- CVE-2024-49912: drm/amd/display: Handle null \u0027stream_status\u0027 in \u0027planes_changed_for_existing_stream\u0027 (bsc#1232367).\n- CVE-2024-49913: drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream (bsc#1232307).\n- CVE-2024-49914: drm/amd/display: Add null check for pipe_ctx-\u003eplane_state in (bsc#1232369).\n- CVE-2024-49917: drm/amd/display: Add NULL check for clk_mgr and clk_mgr-\u003efuncs in dcn30_init_hw (bsc#1231965).\n- CVE-2024-49918: drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer (bsc#1231967).\n- CVE-2024-49919: drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer (bsc#1231968).\n- CVE-2024-49920: drm/amd/display: Check null pointers before multiple uses (bsc#1232313).\n- CVE-2024-49921: drm/amd/display: Check null pointers before used (bsc#1232371).\n- CVE-2024-49922: drm/amd/display: Check null pointers before using them (bsc#1232374).\n- CVE-2024-49923: drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags (bsc#1232361).\n- CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224)\n- CVE-2024-49933: blk_iocost: fix more out of bound shifts (bsc#1232368).\n- CVE-2024-49934: fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name (bsc#1232387).\n- CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424).\n- CVE-2024-49944: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start (bsc#1232166).\n- CVE-2024-49945: net/ncsi: Disable the ncsi work before freeing the associated structure (bsc#1232165).\n- CVE-2024-49946: ppp: do not assume bh is held in ppp_channel_bridge_input() (bsc#1232164).\n- CVE-2024-49949: net: avoid potential underflow in qdisc_pkt_len_init() with UFO (bsc#1232160).\n- CVE-2024-49950: Bluetooth: L2CAP: Fix uaf in l2cap_connect (bsc#1232159).\n- CVE-2024-49952: netfilter: nf_tables: prevent nf_skb_duplicated corruption (bsc#1232157).\n- CVE-2024-49953: net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice (bsc#1232156).\n- CVE-2024-49954: static_call: Replace pointless WARN_ON() in static_call_module_notify() (bsc#1232155).\n- CVE-2024-49958: ocfs2: reserve space for inline xattr before attaching reflink tree (bsc#1232151).\n- CVE-2024-49959: jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (bsc#1232149).\n- CVE-2024-49960: ext4: fix timer use-after-free on failed mount (bsc#1232395).\n- CVE-2024-49967: ext4: no need to continue when the number of entries is 1 (bsc#1232140).\n- CVE-2024-49968: ext4: filesystems without casefold feature cannot be mounted with siphash (bsc#1232264).\n- CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519).\n- CVE-2024-49972: drm/amd/display: Deallocate DML memory if allocation fails (bsc#1232315).\n- CVE-2024-49973: r8169: add tally counter fields added with RTL8125 (bsc#1232105).\n- CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383).\n- CVE-2024-49983: ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free (bsc#1232096).\n- CVE-2024-49986: platform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors (bsc#1232093).\n- CVE-2024-49987: bpftool: Fix undefined behavior in qsort(NULL, 0, ...) (bsc#1232258).\n- CVE-2024-49989: drm/amd/display: fix double free issue during amdgpu module unload (bsc#1232483).\n- CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282).\n- CVE-2024-49993: iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count (bsc#1232316).\n- CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432).\n- CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points (bsc#1232089).\n- CVE-2024-50000: net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (bsc#1232085).\n- CVE-2024-50001: net/mlx5: Fix error path in multi-packet WQE transmit (bsc#1232084).\n- CVE-2024-50002: static_call: Handle module init failure correctly in static_call_del_module() (bsc#1232083).\n- CVE-2024-50003: drm/amd/display: Fix system hang while resume with TBT monitor (bsc#1232385).\n- CVE-2024-50004: drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35 (bsc#1232396).\n- CVE-2024-50006: ext4: fix i_data_sem unlock order in ext4_ind_migrate() (bsc#1232442).\n- CVE-2024-50009: cpufreq: amd-pstate: add check for cpufreq_cpu_get\u0027s return value (bsc#1232318).\n- CVE-2024-50012: cpufreq: Avoid a bad reference count on CPU node (bsc#1232386).\n- CVE-2024-50014: ext4: fix access to uninitialised lock in fc replay path (bsc#1232446).\n- CVE-2024-50015: ext4: dax: fix overflowing extents beyond inode size when partially writing (bsc#1232079).\n- CVE-2024-50020: ice: Fix improper handling of refcount in ice_sriov_set_msix_vec_count() (bsc#1231989).\n- CVE-2024-50021: ice: Fix improper handling of refcount in ice_dpll_init_rclk_pins() (bsc#1231957).\n- CVE-2024-50022: device-dax: correct pgoff align in dax_set_mapping() (bsc#1231956).\n- CVE-2024-50024: net: Fix an unsafe loop on the list (bsc#1231954).\n- CVE-2024-50027: thermal: core: Free tzp copy along with the thermal zone (bsc#1231951).\n- CVE-2024-50028: thermal: core: Reference count the zone in thermal_zone_get_by_id() (bsc#1231950).\n- CVE-2024-50033: slip: make slhc_remember() more robust against malicious packets (bsc#1231914).\n- CVE-2024-50035: ppp: fix ppp_async_encode() illegal access (bsc#1232392).\n- CVE-2024-50040: igb: Do not bring the device up after non-fatal error (bsc#1231908).\n- CVE-2024-50041: i40e: Fix macvlan leak by synchronizing access to mac_filter_hash (bsc#1231907).\n- CVE-2024-50042: ice: Fix increasing MSI-X on VF (bsc#1231906).\n- CVE-2024-50045: netfilter: br_netfilter: fix panic with metadata_dst skb (bsc#1231903).\n- CVE-2024-50046: NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() (bsc#1231902).\n- CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418).\n- CVE-2024-50059: ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition (bsc#1232345).\n- CVE-2024-50060: io_uring: check if we need to reschedule during overflow flush (bsc#1232417).\n- CVE-2024-50063: bpf: Prevent tail call between progs attached to different hooks (bsc#1232435).\n- CVE-2024-50064: zram: free secondary algorithms names (bsc#1231901).\n- CVE-2024-50080: ublk: do not allow user copy for unprivileged device (bsc#1232502).\n- CVE-2024-50081: blk-mq: setup queue -\u003etag_set before initializing hctx (bsc#1232501).\n- CVE-2024-50082: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (bsc#1232500).\n- CVE-2024-50084: net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test() (bsc#1232494).\n- CVE-2024-50087: btrfs: fix uninitialized pointer free on read_alloc_one_name() error (bsc#1232499).\n- CVE-2024-50088: btrfs: fix uninitialized pointer free in add_inode_ref() (bsc#1232498).\n- CVE-2024-50098: scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down (bsc#1232881).\n- CVE-2024-50110: xfrm: fix one more kernel-infoleak in algo dumping (bsc#1232885).\n- CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919).\n- CVE-2024-50124: Bluetooth: ISO: Fix UAF on iso_sock_timeout (bsc#1232926).\n- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928).\n- CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907).\n- CVE-2024-50128: net: wwan: fix global oob in wwan_rtnl_policy (bsc#1232905).\n- CVE-2024-50130: netfilter: bpf: must hold reference on net namespace (bsc#1232894).\n- CVE-2024-50138: bpf: Use raw_spinlock_t in ringbuf (bsc#1232935).\n- CVE-2024-50139: KVM: arm64: Fix shift-out-of-bounds bug (bsc#1233062).\n- CVE-2024-50145: octeon_ep: add SKB allocation failures handling in __octep_oq_process_rx() (bsc#1233044).\n- CVE-2024-50153: scsi: target: core: Fix null-ptr-deref in target_alloc_device() (bsc#1233061).\n- CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233070).\n- CVE-2024-50166: fsl/fman: Fix refcount handling of fman-related devices (bsc#1233050).\n- CVE-2024-50167: be2net: fix potential memory leak in be_xmit() (bsc#1233049).\n- CVE-2024-50169: vsock: Update rx_bytes on read_skb() (bsc#1233320).\n- CVE-2024-50171: net: systemport: fix potential memory leak in bcm_sysport_xmit() (bsc#1233057).\n- CVE-2024-50177: drm/amd/display: fix a UBSAN warning in DML2.1 (bsc#1233115).\n- CVE-2024-50182: secretmem: disable memfd_secret() if arch cannot set direct map (bsc#1233129).\n- CVE-2024-50184: virtio_pmem: Check device status before requesting flush (bsc#1233135).\n- CVE-2024-50186: net: explicitly clear the sk pointer, when pf-\u003ecreate fails (bsc#1233110).\n- CVE-2024-50192: irqchip/gic-v4: Do not allow a VMOVP on a dying VPE (bsc#1233106).\n- CVE-2024-50225: btrfs: fix error propagation of split bios (bsc#1233193).\n- CVE-2024-50228: mm: shmem: fix data-race in shmem_getattr() (bsc#1233204).\n- CVE-2024-50230: nilfs2: fix kernel bug due to missing clearing of checked flag (bsc#1233206).\n- CVE-2024-50245: fs/ntfs3: Fix possible deadlock in mi_read (bsc#1233203).\n- CVE-2024-50246: fs/ntfs3: Add rough attr alloc_size check (bsc#1233207).\n- CVE-2024-50250: fsdax: dax_unshare_iter needs to copy entire blocks (bsc#1233226).\n- CVE-2024-50252: mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address (bsc#1233201).\n- CVE-2024-50257: netfilter: Fix use-after-free in get_info() (bsc#1233244).\n- CVE-2024-50261: macsec: Fix use-after-free while sending the offloading packet (bsc#1233253).\n- CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-\u003etrans (bsc#1233453).\n- CVE-2024-50271: signal: restore the override_rlimit logic (bsc#1233460).\n- CVE-2024-50273: btrfs: reinitialize delayed ref list after deleting it from the list (bsc#1233462).\n- CVE-2024-50274: idpf: avoid vport access in idpf_get_link_ksettings (bsc#1233463).\n- CVE-2024-50275: arm64/sve: Discard stale CPU state when handling SVE traps (bsc#1233464).\n- CVE-2024-50276: net: vertexcom: mse102x: Fix possible double free of TX skb (bsc#1233465).\n- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).\n- CVE-2024-50289: media: av7110: fix a spectre vulnerability (bsc#1233478).\n- CVE-2024-50295: net: arc: fix the device for dma_map_single/dma_unmap_single (bsc#1233484).\n- CVE-2024-50296: net: hns3: fix kernel crash when uninstalling driver (bsc#1233485).\n- CVE-2024-50298: net: enetc: allocate vf_state during PF probes (bsc#1233487).\n- CVE-2024-53042: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() (bsc#1233540).\n- CVE-2024-53043: mctp i2c: handle NULL header address (bsc#1233523).\n- CVE-2024-53048: ice: fix crash on probe for DPLL enabled E810 LOM (bsc#1233721).\n- CVE-2024-53051: drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability (bsc#1233547).\n- CVE-2024-53055: wifi: iwlwifi: mvm: fix 6 GHz scan construction (bsc#1233550).\n- CVE-2024-53056: drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy() (bsc#1233568).\n- CVE-2024-53058: net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data (bsc#1233552).\n- CVE-2024-53079: mm/thp: fix deferred split unqueue naming and locking (bsc#1233570).\n- CVE-2024-53082: virtio_net: Add hash_key_length check (bsc#1233573).\n- CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642).\n- CVE-2024-53110: vp_vdpa: fix id_table array not null terminated error (bsc#1234085).\n- CVE-2024-53121: net/mlx5: fs, lock FTE when checking if active (bsc#1234078).\n- CVE-2024-53138: net/mlx5e: kTLS, Fix incorrect page refcounting (bsc#1234223).\n\nThe following non-security bugs were fixed:\n\n- 9p: explicitly deny setlease attempts (git-fixes).\n- ACPI: CPPC: Add support for setting EPP register in FFH (stable-fixes).\n- ACPI: CPPC: Fix _CPC register setting issue (git-fixes).\n- ACPI: CPPC: Make rmw_lock a raw_spin_lock (git-fixes).\n- ACPI: EC: Do not release locks during operation region accesses (stable-fixes).\n- ACPI: PAD: fix crash in exit_round_robin() (stable-fixes).\n- ACPI: PRM: Clean up guid type in struct prm_handler_info (git-fixes).\n- ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context (git-fixes).\n- ACPI: battery: Fix possible crash when unregistering a battery hook (git-fixes).\n- ACPI: battery: Simplify battery hook locking (stable-fixes).\n- ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue (stable-fixes).\n- ACPI: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[] (stable-fixes).\n- ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[] (stable-fixes).\n- ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[] (stable-fixes).\n- ACPI: resource: Add another DMI match for the TongFang GMxXGxx (stable-fixes).\n- ACPI: video: Add force_vendor quirk for Panasonic Toughbook CF-18 (stable-fixes).\n- ACPICA: Fix memory leak if acpi_ps_get_next_field() fails (stable-fixes).\n- ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails (stable-fixes).\n- ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() (stable-fixes).\n- ACPICA: iasl: handle empty connection_node (stable-fixes).\n- ALSA/hda: intel-sdw-acpi: cleanup sdw_intel_scan_controller (stable-fixes).\n- ALSA/hda: intel-sdw-acpi: fetch fwnode once in sdw_intel_scan_controller() (stable-fixes).\n- ALSA/hda: intel-sdw-acpi: simplify sdw-master-count property read (stable-fixes).\n- ALSA: 6fire: Release resources at card release (git-fixes).\n- ALSA: Reorganize kerneldoc parameter names (stable-fixes).\n- ALSA: ac97: bus: Fix the mistake in the comment (git-fixes).\n- ALSA: asihpi: Fix potential OOB array access (stable-fixes).\n- ALSA: caiaq: Use snd_card_free_when_closed() at disconnection (git-fixes).\n- ALSA: core: add isascii() check to card ID generator (stable-fixes).\n- ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (git-fixes).\n- ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init() (git-fixes).\n- ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2 (stable-fixes).\n- ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne 1000 G2 (git-fixes).\n- ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin (git-fixes).\n- ALSA: hda/conexant: fix Z60MR100 startup pop issue (stable-fixes).\n- ALSA: hda/conexant: fix some typos (stable-fixes).\n- ALSA: hda/cs8409: Fix possible NULL dereference (git-fixes).\n- ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs (bsc#1219803).\n- ALSA: hda/realtek - Fixed Clevo platform headset Mic issue (stable-fixes).\n- ALSA: hda/realtek - update set GPIO3 to default for Thinkpad with ALC1318 (git-fixes).\n- ALSA: hda/realtek: Add a quirk for HP Pavilion 15z-ec200 (stable-fixes).\n- ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9 (stable-fixes).\n- ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593 (stable-fixes).\n- ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13 (stable-fixes).\n- ALSA: hda/realtek: Add support for Samsung Galaxy Book3 360 (NP730QFG) (stable-fixes).\n- ALSA: hda/realtek: Apply quirk for Medion E15433 (bsc#1233298).\n- ALSA: hda/realtek: Enable mic on Vaio VJFH52 (stable-fixes).\n- ALSA: hda/realtek: Enable mute and micmute LED on HP ProBook 430 G8 (stable-fixes).\n- ALSA: hda/realtek: Enable speaker pins for Medion E15443 platform (bsc#1233298).\n- ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max (bsc#1233298).\n- ALSA: hda/realtek: Fix headset mic on TUXEDO Gemini 17 Gen3 (stable-fixes).\n- ALSA: hda/realtek: Fix headset mic on TUXEDO Stellaris 16 Gen6 mb1 (stable-fixes).\n- ALSA: hda/realtek: Fix the push button function for the ALC257 (git-fixes).\n- ALSA: hda/realtek: Limit internal Mic boost on Dell platform (stable-fixes).\n- ALSA: hda/realtek: Refactor and simplify Samsung Galaxy Book init (stable-fixes).\n- ALSA: hda/realtek: Set PCBeep to default value for ALC274 (stable-fixes).\n- ALSA: hda/realtek: Update ALC225 depop procedure (git-fixes).\n- ALSA: hda/realtek: Update ALC256 depop procedure (git-fixes).\n- ALSA: hda/realtek: Update default depop procedure (git-fixes).\n- ALSA: hda/realtek: fix mute/micmute LED for HP mt645 G8 (stable-fixes).\n- ALSA: hda/realtek: fix mute/micmute LEDs for a HP EliteBook 645 G10 (stable-fixes).\n- ALSA: hda/realtek: tas2781: Fix ROG ALLY X audio (stable-fixes).\n- ALSA: hda/tas2781: Add new quirk for Lenovo Y990 Laptop (stable-fixes).\n- ALSA: hda/tas2781: Add new quirk for Lenovo, ASUS, Dell projects (stable-fixes).\n- ALSA: hda/tas2781: select CRC32 instead of CRC32_SARWATE (git-fixes).\n- ALSA: hda: Poll jack events for LS7A HD-Audio (stable-fixes).\n- ALSA: hda: Show the codec quirk info at probing (stable-fixes).\n- ALSA: hda: Sound support for HP Spectre x360 16 inch model 2024 (stable-fixes).\n- ALSA: hda: tas2781: Fix missing setup at runtime PM (bsc#1230132).\n- ALSA: hdsp: Break infinite MIDI input flush loop (stable-fixes).\n- ALSA: ice1712: Remove redundant code in stac9460_dac_vol_put (stable-fixes).\n- ALSA: line6: add hw monitor volume control to POD HD500X (stable-fixes).\n- ALSA: line6: update contact information (stable-fixes).\n- ALSA: mixer_oss: Remove some incorrect kfree_const() usages (git-fixes).\n- ALSA: pcm: Add sanity NULL check for the default mmap fault handler (stable-fixes).\n- ALSA: silence integer wrapping warning (stable-fixes).\n- ALSA: ump: Fix evaluation of MIDI 1.0 FB info (git-fixes).\n- ALSA: us122l: Use snd_card_free_when_closed() at disconnection (git-fixes).\n- ALSA: usb-audio: Add Pioneer DJ/AlphaTheta DJM-A9 Mixer (stable-fixes).\n- ALSA: usb-audio: Add delay quirk for VIVO USB-C HEADSET (stable-fixes).\n- ALSA: usb-audio: Add input value sanity checks for standard types (stable-fixes).\n- ALSA: usb-audio: Add logitech Audio profile quirk (stable-fixes).\n- ALSA: usb-audio: Add native DSD support for Luxman D-08u (stable-fixes).\n- ALSA: usb-audio: Add quirk for HP 320 FHD Webcam (bsc#1232768).\n- ALSA: usb-audio: Add quirks for Dell WD19 dock (stable-fixes).\n- ALSA: usb-audio: Define macros for quirk table entries (stable-fixes).\n- ALSA: usb-audio: Fix Yamaha P-125 Quirk Entry (stable-fixes).\n- ALSA: usb-audio: Fix a DMA to stack memory bug (git-fixes).\n- ALSA: usb-audio: Fix out of bounds reads when finding clock sources (stable-fixes).\n- ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices (git-fixes).\n- ALSA: usb-audio: Make mic volume workarounds globally applicable (stable-fixes).\n- ALSA: usb-audio: Replace complex quirk lines with macros (stable-fixes).\n- ALSA: usb-audio: Use snprintf instead of sprintf in build_mixer_unit_ctl (stable-fixes).\n- ALSA: usb-audio: add mixer mapping for Corsair HS80 (stable-fixes).\n- ALSA: usx2y: Use snd_card_free_when_closed() at disconnection (git-fixes).\n- ASoC: Intel: avs: da7219: Remove suspend_pre() and resume_post() (stable-fixes).\n- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet (stable-fixes).\n- ASoC: Intel: bytcr_rt5640: Add support for non ACPI instantiated codec (stable-fixes).\n- ASoC: Intel: sst: Fix used of uninitialized ctx to log an error (git-fixes).\n- ASoC: Intel: sst: Support LPE0F28 ACPI HID (stable-fixes).\n- ASoC: SOF: Add i2s bt dai configuration support for AMD platforms (bsc#1233305).\n- ASoC: SOF: Add support for configuring PDM interface from topology (bsc#1233305).\n- ASoC: SOF: Deprecate invalid enums in IPC3 (bsc#1233305).\n- ASoC: SOF: IPC4: get pipeline priority from topology (bsc#1233305).\n- ASoC: SOF: IPC4: synchronize fw_config_params with fw definitions (bsc#1233305).\n- ASoC: SOF: Refactor sof_i2s_tokens reading to update acpbt dai (bsc#1233305).\n- ASoC: SOF: Rename amd_bt sof_dai_type (bsc#1233305).\n- ASoC: SOF: Wire up buffer flags (bsc#1233305).\n- ASoC: SOF: add alignment for topology header file struct definition (bsc#1233305).\n- ASoC: SOF: align topology header file with sof topology header (bsc#1233305).\n- ASoC: SOF: ipc3-topology: Convert the topology pin index to ALH dai index (git-fixes).\n- ASoC: SOF: ipc3-topology: fix resource leaks in sof_ipc3_widget_setup_comp_dai() (git-fixes).\n- ASoC: SOF: ipc4-control: Add support for ALSA enum control (bsc#1233305).\n- ASoC: SOF: ipc4-control: Add support for ALSA switch control (bsc#1233305).\n- ASoC: SOF: ipc4-mtrace: move debug slot related definitions to header.h (bsc#1233305).\n- ASoC: SOF: ipc4-topology: Add deep buffer size to debug prints (bsc#1233305).\n- ASoC: SOF: ipc4-topology: Add definition for generic switch/enum control (bsc#1233305).\n- ASoC: SOF: ipc4-topology: Add module ID print during module set up (bsc#1233305).\n- ASoC: SOF: ipc4-topology: Helper to find an swidget by module/instance id (bsc#1233305).\n- ASoC: SOF: ipc4-topology: Only handle dai_config with HW_PARAMS for ChainDMA (bsc#1233305).\n- ASoC: SOF: ipc4-topology: change chain_dma handling in dai_config (bsc#1233305).\n- ASoC: SOF: ipc4-topology: export sof_ipc4_copier_is_single_format (bsc#1233305).\n- ASoC: SOF: ipc4-topology: set config_length based on device_count (bsc#1233305).\n- ASoC: SOF: ipc4: Add data struct for module notification message from firmware (bsc#1233305).\n- ASoC: SOF: ipc4: Add new message type: SOF_IPC4_GLB_LOAD_LIBRARY_PREPARE (bsc#1233305).\n- ASoC: SOF: sof-client-probes-ipc4: Set param_size extension bits (git-fixes).\n- ASoC: SOF: topology: Parse DAI type token for dspless mode (bsc#1233305).\n- ASoC: SOF: topology: dynamically allocate and store DAI widget-\u003eprivate (bsc#1233305).\n- ASoC: amd: yc: Add quirk for ASUS Vivobook S15 M3502RA (stable-fixes).\n- ASoC: amd: yc: Add quirk for HP Dragonfly pro one (stable-fixes).\n- ASoC: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry (git-fixes).\n- ASoC: amd: yc: Fix non-functional mic on ASUS E1404FA (stable-fixes).\n- ASoC: amd: yc: Support dmic on another model of Lenovo Thinkpad E14 Gen 6 (stable-fixes).\n- ASoC: amd: yc: fix internal mic on Xiaomi Book Pro 14 2022 (stable-fixes).\n- ASoC: atmel: mchp-pdmc: Skip ALSA restoration if substream runtime is uninitialized (git-fixes).\n- ASoC: audio-graph-card2: Purge absent supplies for device tree nodes (stable-fixes).\n- ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() (git-fixes).\n- ASoC: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to default regs values (stable-fixes).\n- ASoC: codecs: rt5640: Always disable IRQs from rt5640_cancel_work() (stable-fixes).\n- ASoC: codecs: wsa883x: Handle reading version failure (stable-fixes).\n- ASoC: cs42l51: Fix some error handling paths in cs42l51_probe() (git-fixes).\n- ASoC: dapm: fix bounds checker error in dapm_widget_list_create (git-fixes).\n- ASoC: fsl_micfil: Add sample rate constraint (stable-fixes).\n- ASoC: fsl_micfil: fix regmap_write_bits usage (git-fixes).\n- ASoC: fsl_sai: Enable \u0027FIFO continue on error\u0027 FCONT bit (stable-fixes).\n- ASoC: imx-card: Set card.owner to avoid a warning calltrace if SND=m (git-fixes).\n- ASoC: max98388: Fix missing increment of variable slot_found (git-fixes).\n- ASoC: mediatek: mt8188-mt6359: Remove hardcoded dmic codec (git-fixes).\n- ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() (git-fixes).\n- ASoC: qcom: sm8250: add qrb4210-rb2-sndcard compatible string (stable-fixes).\n- ASoC: rt722-sdca: Remove logically deadcode in rt722-sdca.c (git-fixes).\n- ASoC: rt722-sdca: increase clk_stop_timeout to fix clock stop issue (stable-fixes).\n- ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove (git-fixes).\n- ASoC: stm: Prevent potential division by zero in stm32_sai_get_clk_div() (stable-fixes).\n- ASoC: stm: Prevent potential division by zero in stm32_sai_mclk_round_rate() (stable-fixes).\n- ASoC: tas2781: Add new driver version for tas2563 \u0026 tas2781 qfn chip (stable-fixes).\n- ASoC: tas2781: Use of_property_read_reg() (stable-fixes).\n- Bluetooth: Call iso_exit() on module unload (git-fixes).\n- Bluetooth: ISO: Fix multiple init when debugfs is disabled (git-fixes).\n- Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync (git-fixes).\n- Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change (git-fixes).\n- Bluetooth: Remove debugfs directory on module init failure (git-fixes).\n- Bluetooth: bnep: fix wild-memory-access in proto_unregister (git-fixes).\n- Bluetooth: btintel: Direct exception event to bluetooth stack (git-fixes).\n- Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).\n- Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test (bsc#1230557)\n- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0489:0xe122 (stable-fixes).\n- Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 (git-fixes).\n- Bluetooth: fix use-after-free in device_for_each_child() (git-fixes).\n- Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs (git-fixes).\n- Bluetooth: hci_core: Fix calling mgmt_device_connected (git-fixes).\n- Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (git-fixes).\n- Documentation: kgdb: Correct parameter error (git-fixes).\n- HID: Ignore battery for all ELAN I2C-HID devices (stable-fixes).\n- HID: amd_sfh: Switch to device-managed dmam_alloc_coherent() (git-fixes).\n- HID: core: zero-initialize the report buffer (git-fixes).\n- HID: i2c-hid: Remove I2C_HID_QUIRK_SET_PWR_WAKEUP_DEV quirk (stable-fixes).\n- HID: lenovo: Add support for Thinkpad X1 Tablet Gen 3 keyboard (stable-fixes).\n- HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad (stable-fixes).\n- HID: multitouch: Add quirk for Logitech Bolt receiver w/ Casa touchpad (stable-fixes).\n- HID: multitouch: Add support for B2402FVA track point (stable-fixes).\n- HID: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio (stable-fixes).\n- HID: multitouch: Add support for lenovo Y9000P Touchpad (stable-fixes).\n- HID: plantronics: Workaround for an unexcepted opposite volume key (stable-fixes).\n- HID: wacom: Interpret tilt data from Intuos Pro BT as signed values (git-fixes).\n- HID: wacom: fix when get product name maybe null pointer (git-fixes).\n- Input: adp5589-keys - fix NULL pointer dereference (git-fixes).\n- Input: adp5589-keys - fix adp5589_gpio_get_value() (git-fixes).\n- Input: edt-ft5x06 - fix regmap leak when probe fails (git-fixes).\n- Input: hideep - add missing dependency on REGMAP_I2C (git-fixes).\n- Input: hycon-hy46xx - add missing dependency on REGMAP_I2C (git-fixes).\n- Input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk table (stable-fixes).\n- Input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk table (stable-fixes).\n- Input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD line (stable-fixes).\n- Input: xpad - add GameSir T4 Kaleid Controller support (git-fixes).\n- Input: xpad - add GameSir VID for Xbox One controllers (git-fixes).\n- Input: xpad - add support for 8BitDo Ultimate 2C Wireless Controller (git-fixes).\n- Input: xpad - add support for MSI Claw A1M (git-fixes).\n- Input: xpad - add support for Machenike G5 Pro Controller (git-fixes).\n- Input: xpad - fix support for some third-party controllers (git-fixes).\n- Input: xpad - sort xpad_device by vendor and product ID (git-fixes).\n- Input: xpad - spelling fixes for \"Xbox\" (git-fixes).\n- KVM: Fix coalesced_mmio_has_room() to avoid premature userspace exit (git-fixes).\n- KVM: PPC: Book3S HV: Avoid returning to nested hypervisor on pending doorbells (bsc#1215199).\n- KVM: PPC: Book3S HV: Stop using vc-\u003edpdes for nested KVM guests (bsc#1215199).\n- KVM: PPC: Book3S HV: remove unused varible (bsc#1194869).\n- KVM: SEV-ES: Fix svm_get_msr()/svm_set_msr() for KVM_SEV_ES_INIT guests (bsc#1232207).\n- KVM: SEV-ES: Prevent MSR access post VMSA encryption (bsc#1232207).\n- KVM: SVM: Disallow guest from changing userspace\u0027s MSR_AMD64_DE_CFG value (git-fixes).\n- KVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock (git-fixes).\n- KVM: VMX: Also clear SGX EDECCSSA in KVM CPU caps when SGX is disabled (git-fixes).\n- KVM: VMX: Set PFERR_GUEST_{FINAL,PAGE}_MASK if and only if the GVA is valid (git-fixes).\n- KVM: Write the per-page \"segment\" when clearing (part of) a guest page (git-fixes).\n- KVM: s390: Change virtual to physical address access in diag 0x258 handler (git-fixes bsc#1232626).\n- KVM: s390: Fix SORTL and DFLTCC instruction format error in __insn32_query (git-fixes bsc#1231276).\n- KVM: s390: gaccess: Check if guest address is in memslot (git-fixes bsc#1232623).\n- KVM: x86/mmu: Skip emulation on page fault iff 1+ SPs were unprotected (git-fixes).\n- KVM: x86/mmu: Trigger unprotect logic only on write-protection page faults (git-fixes).\n- KVM: x86: Dedup fastpath MSR post-handling logic (git-fixes).\n- KVM: x86: Enforce x2APIC\u0027s must-be-zero reserved ICR bits (git-fixes).\n- KVM: x86: Exit to userspace if fastpath triggers one on instruction skip (git-fixes).\n- KVM: x86: Move x2APIC ICR helper above kvm_apic_write_nodecode() (git-fixes).\n- KVM: x86: Re-enter guest if WRMSR(X2APIC_ICR) fastpath is successful (git-fixes).\n- KVM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC) (git-fixes).\n- NFS: Avoid unnecessary rescanning of the per-server delegation list (git-fixes).\n- NFS: remove revoked delegation from server\u0027s delegation list (git-fixes).\n- NFSD: Fix NFSv4\u0027s PUTPUBFH operation (git-fixes).\n- NFSD: Mark filecache \"down\" if init fails (git-fixes).\n- NFSv3: only use NFS timeout for MOUNT when protocols are compatible (bsc#1231016).\n- NFSv4: Fix clearing of layout segments in layoutreturn (git-fixes).\n- PCI: Add ACS quirk for Qualcomm SA8775P (stable-fixes).\n- PCI: Add T_PVPERL macro (git-fixes).\n- PCI: Add function 0 DMA alias quirk for Glenfly Arise chip (stable-fixes).\n- PCI: Fix pci_enable_acs() support for the ACS quirks (bsc#1229019).\n- PCI: Fix reset_method_store() memory leak (git-fixes).\n- PCI: Mark Creative Labs EMU20k2 INTx masking as broken (stable-fixes).\n- PCI: endpoint: Clear secondary (not primary) EPC in pci_epc_remove_epf() (git-fixes).\n- PCI: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds (git-fixes).\n- PCI: keystone: Add link up check to ks_pcie_other_map_bus() (git-fixes).\n- PCI: keystone: Set mode as Root Complex for \"ti,keystone-pcie\" compatible (git-fixes).\n- PCI: rockchip-ep: Fix address translation unit programming (git-fixes).\n- RAS/AMD/ATL: Add amd_atl pr_fmt() prefix (jsc#PED-10559).\n- RAS/AMD/ATL: Expand helpers for adding and removing base and hole (jsc#PED-10559).\n- RAS/AMD/ATL: Implement DF 4.5 NP2 denormalization (jsc#PED-10559).\n- RAS/AMD/ATL: Read DRAM hole base early (jsc#PED-10559).\n- RAS/AMD/ATL: Validate address map when information is gathered (jsc#PED-10559).\n- RDMA/bnxt_re: Add a check for memory allocation (git-fixes)\n- RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop (git-fixes)\n- RDMA/bnxt_re: Change the sequence of updating the CQ toggle value (git-fixes)\n- RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey (git-fixes)\n- RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (git-fixes)\n- RDMA/bnxt_re: Fix a possible memory leak (git-fixes)\n- RDMA/bnxt_re: Fix incorrect AVID type in WQE structure (git-fixes)\n- RDMA/bnxt_re: Fix incorrect dereference of srq in async event (git-fixes)\n- RDMA/bnxt_re: Fix out of bound check (git-fixes)\n- RDMA/bnxt_re: Fix the GID table length (git-fixes)\n- RDMA/bnxt_re: Fix the max CQ WQEs for older adapters (git-fixes)\n- RDMA/bnxt_re: Fix the usage of control path spin locks (git-fixes)\n- RDMA/bnxt_re: Return more meaningful error (git-fixes)\n- RDMA/bnxt_re: synchronize the qp-handle table array (git-fixes)\n- RDMA/core: Fix ENODEV error for iWARP test over vlan (git-fixes)\n- RDMA/cxgb4: Dump vendor specific QP details (git-fixes)\n- RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP (git-fixes)\n- RDMA/hns: Add mutex_destroy() (git-fixes)\n- RDMA/hns: Disassociate mmap pages for all uctx when HW is being reset (git-fixes)\n- RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (git-fixes)\n- RDMA/hns: Fix an AEQE overflow error caused by untimely update of eq_db_ci (git-fixes)\n- RDMA/hns: Fix cpu stuck caused by printings during reset (git-fixes)\n- RDMA/hns: Fix different dgids mapping to the same dip_idx (git-fixes)\n- RDMA/hns: Fix flush cqe error when racing with destroy qp (git-fixes)\n- RDMA/hns: Fix out-of-order issue of requester when setting FENCE (git-fixes)\n- RDMA/hns: Use dev_* printings in hem code instead of ibdev_* (git-fixes)\n- RDMA/hns: Use macro instead of magic number (git-fixes)\n- RDMA/irdma: Fix misspelling of \"accept*\" (git-fixes)\n- RDMA/mad: Improve handling of timed out WRs of mad agent (git-fixes)\n- RDMA/mana_ib: use the correct page size for mapping user-mode doorbell page (git-fixes).\n- RDMA/mana_ib: use the correct page table index based on hardware page size (git-fixes).\n- RDMA/mlx5: Enforce umem boundaries for explicit ODP page faults (git-fixes)\n- RDMA/mlx5: Move events notifier registration to be after device registration (git-fixes)\n- RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down (git-fixes)\n- RDMA/mlx5: Use sq timestamp as QP timestamp when RoCE is disabled (git-fixes).\n- RDMA/rtrs-srv: Avoid null pointer deref during path establishment (git-fixes)\n- RDMA/rxe: Fix the qp flush warnings in req (git-fixes)\n- RDMA/rxe: Set queue pair cur_qp_state when being queried (git-fixes)\n- RDMA/siw: Add sendpage_ok() check to disable MSG_SPLICE_PAGES (git-fixes)\n- RDMA/srpt: Make slab cache names unique (git-fixes)\n- Revert \"ALSA: hda/conexant: Mute speakers at suspend / shutdown\" (bsc#1228269).\n- Revert \"ALSA: hda: Conditionally use snooping for AMD HDMI\" (stable-fixes).\n- Revert \"KEYS: encrypted: Add check for strsep\" (git-fixes).\n- Revert \"KVM: PPC: Book3S HV Nested: Stop forwarding all HFUs to L1\" (bsc#1215199).\n- Revert \"RDMA/core: Fix ENODEV error for iWARP test over vlan\" (git-fixes)\n- Revert \"cgroup: Fix memory leak caused by missing cgroup_bpf_offline\" (bsc#1234108).\n- Revert \"cpufreq: brcmstb-avs-cpufreq: Fix initial command check\" (stable-fixes).\n- Revert \"driver core: Fix uevent_show() vs driver detach race\" (git-fixes).\n- Revert \"ixgbe: Manual AN-37 for troublesome link partners for X550 SFI\" (git-fixes).\n- Revert \"mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K\" (git-fixes).\n- Revert \"ubifs: ubifs_symlink: Fix memleak of inode-\u003ei_link in error path\" (git-fixes).\n- Revert \"usb: gadget: composite: fix OS descriptors w_value logic\" (git-fixes).\n- Revert \"wifi: iwlwifi: remove retry loops in start\" (git-fixes).\n- SUNRPC: Fix integer overflow in decode_rc_list() (git-fixes).\n- SUNRPC: Fixup gss_status tracepoint error output (git-fixes).\n- SUNRPC: Remove BUG_ON call sites (git-fixes).\n- SUNRPC: clnt.c: Remove misleading comment (git-fixes).\n- USB: appledisplay: close race between probe and completion handler (git-fixes).\n- USB: chaoskey: Fix possible deadlock chaoskey_list_lock (git-fixes).\n- USB: chaoskey: fail open after removal (git-fixes).\n- USB: gadget: dummy-hcd: Fix \"task hung\" problem (git-fixes).\n- USB: misc: cypress_cy7c63: check for short transfer (git-fixes).\n- USB: misc: yurex: fix race between read and write (git-fixes).\n- USB: serial: ftdi_sio: Fix atomicity violation in get_serial_info() (git-fixes).\n- USB: serial: io_edgeport: fix use after free in debug printk (git-fixes).\n- USB: serial: option: add Fibocom FG132 0x0112 composition (stable-fixes).\n- USB: serial: option: add Quectel RG650V (stable-fixes).\n- USB: serial: option: add Telit FN920C04 MBIM compositions (stable-fixes).\n- USB: serial: option: add support for Quectel EG916Q-GL (stable-fixes).\n- USB: serial: qcserial: add support for Sierra Wireless EM86xx (stable-fixes).\n- accel/qaic: Fix the for loop used to walk SG table (git-fixes).\n- accel: Use XArray instead of IDR for minors (jsc#PED-11580).\n- acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() (git-fixes).\n- ad7780: fix division by zero in ad7780_write_raw() (git-fixes).\n- aes-gcm-p10: Use the correct bit to test for P10 (bsc#1232704).\n- amd-pstate: Set min_perf to nominal_perf for active mode performance gov (git-fixes).\n- apparmor: fix \u0027Do simple duplicate message elimination\u0027 (git-fixes).\n- apparmor: test: Fix memory leak for aa_unpack_strdup() (git-fixes).\n- apparmor: use kvfree_sensitive to free data-\u003edata (git-fixes).\n- arm64: Subscribe Microsoft Azure Cobalt 100 to erratum 3194386 (git-fixes)\n- arm64: cputype: Add Neoverse-N3 definitions (git-fixes)\n- arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer (git-fixes)\n- arm64: dts: freescale: imx8mm-verdin: Fix SD regulator startup delay (git-fixes)\n- arm64: dts: freescale: imx8mp-verdin: Fix SD regulator startup delay (git-fixes)\n- arm64: dts: imx8-ss-vpu: Fix imx8qm VPU IRQs (git-fixes)\n- arm64: dts: imx8qxp: Add VPU subsystem file (git-fixes)\n- arm64: dts: imx93: add nvmem property for eqos (git-fixes)\n- arm64: dts: imx93: add nvmem property for fec1 (git-fixes)\n- arm64: dts: imx93: add ocotp node (git-fixes)\n- arm64: dts: rockchip: Add DTS for FriendlyARM NanoPi R2S Plus (git-fixes)\n- arm64: dts: rockchip: Correct GPIO polarity on brcm BT nodes (git-fixes)\n- arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc (git-fixes)\n- arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards (git-fixes)\n- arm64: dts: rockchip: Fix bluetooth properties on rk3566 box demo (git-fixes)\n- arm64: dts: rockchip: Fix reset-gpios property on brcm BT nodes (git-fixes)\n- arm64: dts: rockchip: Fix rt5651 compatible value on (git-fixes)\n- arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-eaidk-610 (git-fixes)\n- arm64: dts: rockchip: Fix wakeup prop names on PineNote BT node (git-fixes)\n- arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma (git-fixes)\n- arm64: dts: rockchip: Remove hdmi\u0027s 2nd interrupt on rk3328 (git-fixes)\n- arm64: dts: rockchip: Remove undocumented supports-emmc property (git-fixes)\n- arm64: dts: rockchip: fix i2c2 pinctrl-names property on (git-fixes)\n- arm64: dts: rockchip: remove num-slots property from (git-fixes)\n- arm64: dts: rockchip: remove orphaned pinctrl-names from pinephone (git-fixes)\n- arm64: errata: Enable the AC03_CPU_38 workaround for ampere1a (git-fixes).\n- arm64: errata: Expand speculative SSBS workaround once more (git-fixes)\n- arm64: esr: Define ESR_ELx_EC_* constants as UL (git-fixes)\n- arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG (git-fixes)\n- arm64: fix selection of HAVE_DYNAMIC_FTRACE_WITH_ARGS (git-fixes).\n- arm64: probes: Fix simulate_ldr*_literal() (git-fixes)\n- arm64: probes: Fix uprobes for big-endian kernels (git-fixes)\n- arm64: probes: Remove broken LDR (literal) uprobe support (git-fixes)\n- arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint (git-fixes)\n- arm64: smccc: replace custom COUNT_ARGS() \u0026 CONCATENATE() (git-fixes)\n- arm64: tegra: Move AGX Orin nodes to correct location (git-fixes)\n- arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled (git-fixes)\n- ata: libata: Set DID_TIME_OUT for commands that actually timed out (git-fixes).\n- ata: libata: avoid superfluous disk spin down + spin up during hibernation (git-fixes).\n- audit: do not WARN_ON_ONCE(!current-\u003emm) in audit_exe_compare() (git-fixes).\n- audit: do not take task_lock() in audit_exe_compare() code path (git-fixes).\n- block: print symbolic error name instead of error code (bsc#1231872).\n- block: sed-opal: add ioctl IOC_OPAL_SET_SID_PW (bsc#1229677).\n- bnxt_en: Cap the size of HWRM_PORT_PHY_QCFG forwarded response (git-fixes).\n- bnxt_en: Fix error recovery for 5760X (P7) chips (git-fixes).\n- bnxt_en: Fix the PCI-AER routines (git-fixes).\n- bnxt_en: Restore PTP tx_avail count in case of skb_pad() error (git-fixes).\n- bnxt_en: refactor reset close code (git-fixes).\n- bpf, arm64: Fix address emission with tag-based KASAN enabled (git-fixes)\n- bpf, arm64: Remove garbage frame for struct_ops trampoline (git-fixes)\n- bpf, lsm: Add disabled BPF LSM hook list (git-fixes).\n- bpf, net: Fix a potential race in do_sock_getsockopt() (git-fixes).\n- bpf, sockmap: SK_DROP on attempted redirects of unsupported af_vsock (git-fixes).\n- bpf, verifier: Correct tail_call_reachable for bpf prog (git-fixes).\n- bpf, vsock: Drop static vsock_bpf_prot initialization (git-fixes).\n- bpf, x64: Remove tail call detection (git-fixes).\n- bpf,perf: Fix perf_event_detach_bpf_prog error handling (git-fixes).\n- bpf: Fail verification for sign-extension of packet data/data_end/data_meta (git-fixes).\n- bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit (git-fixes).\n- bpf: Fix error message on kfunc arg type mismatch (git-fixes).\n- bpf: Fix helper writes to read-only maps (git-fixes).\n- bpf: Fix tailcall cases in test_bpf (git-fixes).\n- bpf: Fix truncation bug in coerce_reg_to_size_sx() (git-fixes).\n- bpf: Improve check_raw_mode_ok test for MEM_UNINIT-tagged types (git-fixes).\n- bpf: Remove truncation test in bpf_strtol and bpf_strtoul helpers (git-fixes).\n- bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error (git-fixes).\n- bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos (git-fixes).\n- btf, scripts: rust: drop is_rust_module.sh (bsc#1230414 bsc#1229450).\n- btrfs: merge btrfs_orig_bbio_end_io() into btrfs_bio_end_io() (bsc#1233193)\n- btrfs: send: fix invalid clone operation for file that got its size decreased (git-fixes).\n- can: c_can: c_can_handle_bus_err(): update statistics if skb allocation fails (git-fixes).\n- can: c_can: fix {rx,tx}_errors statistics (git-fixes).\n- can: dev: can_set_termination(): allow sleeping GPIOs (git-fixes).\n- can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics (git-fixes).\n- can: hi311x: hi3110_can_ist(): fix potential use-after-free (git-fixes).\n- can: hi311x: hi3110_can_ist(): fix {rx,tx}_errors statistics (git-fixes).\n- can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes).\n- can: j1939: j1939_session_new(): fix skb reference counting (git-fixes).\n- can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes).\n- can: mcp251xfd: mcp251xfd_get_tef_len(): fix length calculation (git-fixes).\n- can: mcp251xfd: mcp251xfd_get_tef_len(): work around erratum DS80000789E 6 (git-fixes).\n- can: mcp251xfd: mcp251xfd_ring_alloc(): fix coalescing configuration when switching CAN modes (git-fixes).\n- can: netlink: avoid call to do_set_data_bittiming callback with stale can_priv::ctrlmode (stable-fixes).\n- can: sja1000: sja1000_err(): fix {rx,tx}_errors statistics (git-fixes).\n- can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL (git-fixes).\n- can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics (git-fixes).\n- ceph: fix cap ref leak via netfs init_request (bsc#1231384).\n- cgroup/bpf: only cgroup v2 can be attached by bpf programs (bsc#1234108).\n- clk: bcm: bcm53573: fix OF node leak in init (stable-fixes).\n- clk: clk-apple-nco: Add NULL check in applnco_probe (git-fixes).\n- clk: clk-axi-clkgen: make sure to enable the AXI bus clock (git-fixes).\n- clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D (stable-fixes).\n- clk: imx: clk-scu: fix clk enable state save and restore (git-fixes).\n- clk: imx: fracn-gppll: correct PLL initialization flow (git-fixes).\n- clk: imx: fracn-gppll: fix pll power up (git-fixes).\n- clk: imx: lpcg-scu: SW workaround for errata (e10858) (git-fixes).\n- clk: qcom: clk-alpha-pll: drop lucid-evo pll enabled warning (git-fixes).\n- clk: qcom: clk-alpha-pll: fix lucid 5lpe pll enabled check (git-fixes).\n- clk: qcom: gcc-qcs404: fix initial rate of GPLL3 (git-fixes).\n- clk: renesas: rzg2l: Fix FOUTPOSTDIV clk (git-fixes).\n- clk: sunxi-ng: d1: Fix PLL_AUDIO0 preset (git-fixes).\n- comedi: Flush partial mappings in error case (git-fixes).\n- comedi: ni_routing: tools: Check when the file could not be opened (stable-fixes).\n- config s390x: build ultravisor userspace access into the kernel (bsc#1232090).\n- config.sh: Remove Arm build project, we do not build armv7 configs\n- config: Disable LAM on x86 (bsc#1217845).\n- cpufreq/amd-pstate: Fix amd_pstate mode switch on shared memory systems (git-fixes).\n- cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost() (git-fixes).\n- cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw() (git-fixes).\n- cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_cost() (git-fixes).\n- cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_power() (git-fixes).\n- cpufreq: loongson2: Unregister platform_driver on failure (git-fixes).\n- cpufreq: mediatek-hw: Fix wrong return value in mtk_cpufreq_get_cpu_power() (git-fixes).\n- crypto: aes-gcm-p10 - Use the correct bit to test for P10 (bsc#1232704).\n- crypto: api - Fix liveliness check in crypto_alg_tested (stable-fixes).\n- crypto: bcm - add error check in the ahash_hmac_init function (git-fixes).\n- crypto: caam - Fix the pointer passed to caam_qi_shutdown() (git-fixes).\n- crypto: caam - add error check to caam_rsa_set_priv_key_form (git-fixes).\n- crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() (git-fixes).\n- crypto: cavium - Fix the if condition to exit loop after timeout (git-fixes).\n- crypto: hisilicon/qm - flush all work before driver removed (bsc#1232075)\n- crypto: inside-secure - Fix the return value of safexcel_xcbcmac_cra_init() (git-fixes).\n- crypto: octeontx - Fix authenc setkey (stable-fixes).\n- crypto: octeontx* - Select CRYPTO_AUTHENC (git-fixes).\n- crypto: octeontx2 - Fix authenc setkey (stable-fixes).\n- crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY (git-fixes).\n- crypto: powerpc/p10-aes-gcm - Add dependency on CRYPTO_SIMD and re-enable CRYPTO_AES_GCM_P10 (bsc#1230501 ltc#208632).\n- crypto: powerpc/p10-aes-gcm - Disable CRYPTO_AES_GCM_P10 (bsc#1230501 ltc#208632).\n- crypto: powerpc/p10-aes-gcm - Re-write AES/GCM stitched implementation (bsc#1230501 ltc#208632).\n- crypto: powerpc/p10-aes-gcm - Register modules as SIMD (bsc#1230501 ltc#208632).\n- crypto: qat - remove check after debugfs_create_dir() (git-fixes).\n- crypto: qat - remove faulty arbiter config reset (git-fixes).\n- crypto: qat/qat_4xxx - fix off by one in uof_get_name() (git-fixes).\n- crypto: x86/aegis128 - access 32-bit arguments as 32-bit (git-fixes).\n- cxgb4: Properly lock TX queue for the selftest (git-fixes).\n- cxgb4: add forgotten u64 ivlan cast before shift (git-fixes).\n- cxgb4: unnecessary check for 0 in the free_sge_txq_uld() function (git-fixes).\n- cxl: downgrade a warning message to debug level in cxl_probe_component_regs() (bsc#1229165).\n- dcache: keep dentry_hashtable or d_hash_shift even when not used (git-fixes).\n- debugfs: fix automount d_fsdata usage (git-fixes).\n- devlink: Fix command annotation documentation (git-fixes).\n- dma-fence: Fix reference leak on fence merge failure path (git-fixes).\n- dma-fence: Use kernel\u0027s sort for merging fences (git-fixes).\n- dmaengine: sh: rz-dmac: handle configs where one address is zero (git-fixes).\n- dmaengine: ti: k3-udma: Set EOP for all TRs in cyclic BCDMA transfer (git-fixes).\n- doc: rcu: update printed dynticks counter bits (git-fixes).\n- driver core: bus: Fix double free in driver API bus_register() (stable-fixes).\n- driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute (stable-fixes).\n- drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend() (git-fixes).\n- drm/amd/amdgpu: Fix double unlock in amdgpu_mes_add_ring (git-fixes).\n- drm/amd/display: Add HDMI DSC native YCbCr422 support (stable-fixes).\n- drm/amd/display: Add disable timeout option (bsc#1231435)\n- drm/amd/display: Adjust VSDB parser for replay feature (stable-fixes).\n- drm/amd/display: Check link_res-\u003ehpo_dp_link_enc before using it (bsc#1231944)\n- drm/amd/display: Check null pointer before dereferencing se (stable-fixes).\n- drm/amd/display: Clean up dsc blocks in accelerated mode (stable-fixes).\n- drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too (stable-fixes).\n- drm/amd/display: Fix brightness level not retained over reboot (git-fixes).\n- drm/amd/display: Fix null check for pipe_ctx-\u003eplane_state in dcn20_program_pipe (git-fixes).\n- drm/amd/display: Fix null check for pipe_ctx-\u003eplane_state in hwss_setup_dpp (git-fixes).\n- drm/amd/display: Remove a redundant check in authenticated_dp (stable-fixes).\n- drm/amd/display: Revert \"Check HDCP returned status\" (stable-fixes).\n- drm/amd/display: Round calculated vtotal (stable-fixes).\n- drm/amd/display: Skip to enable dsc if it has been off (stable-fixes).\n- drm/amd/display: Validate backlight caps are sane (stable-fixes).\n- drm/amd/pm: Vangogh: Fix kernel memory out of bounds write (git-fixes).\n- drm/amd: Add some missing straps from NBIO 7.11.0 (git-fixes).\n- drm/amd: Fix initialization mistake for NBIO 7.7.0 (stable-fixes).\n- drm/amd: Guard against bad data for ATIF ACPI method (git-fixes).\n- drm/amdgpu/swsmu: Only force workload setup on init (git-fixes).\n- drm/amdgpu/vcn: enable AV1 on both instances (stable-fixes).\n- drm/amdgpu: Adjust debugfs eviction and IB access permissions (stable-fixes).\n- drm/amdgpu: Adjust debugfs register access permissions (stable-fixes).\n- drm/amdgpu: Fix DPX valid mode check on GC 9.4.3 (git-fixes).\n- drm/amdgpu: Fix JPEG v4.0.3 register write (git-fixes).\n- drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() (stable-fixes).\n- drm/amdgpu: fix check in gmc_v9_0_get_vm_pte() (git-fixes).\n- drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported (git-fixes).\n- drm/amdkfd: Accounting pdd vram_usage for svm (stable-fixes).\n- drm/amdkfd: Fix wrong usage of INIT_WORK() (git-fixes).\n- drm/bridge: anx7625: Drop EDID cache on bridge power off (git-fixes).\n- drm/bridge: it6505: Drop EDID cache on bridge power off (git-fixes).\n- drm/bridge: tc358767: Fix link properties discovery (git-fixes).\n- drm/bridge: tc358768: Fix DSI command tx (git-fixes).\n- drm/etnaviv: Request pages from DMA32 zone on addressing_limited (git-fixes).\n- drm/etnaviv: hold GPU lock across perfmon sampling (git-fixes).\n- drm/i915/gem: fix bitwise and logical AND mixup (git-fixes).\n- drm/i915/hdcp: fix connector refcounting (git-fixes).\n- drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).\n- drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).\n- drm/mediatek: Fix child node refcount handling in early exit (git-fixes).\n- drm/mediatek: Fix get efuse issue for MT8188 DPTX (git-fixes).\n- drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused (git-fixes).\n- drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).\n- drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk() (git-fixes).\n- drm/msm/dpu: check for overflow in _dpu_crtc_setup_lm_bounds() (git-fixes).\n- drm/msm/dpu: do not always program merge_3d block (git-fixes).\n- drm/msm/dpu: drop LM_3 / LM_4 on MSM8998 (git-fixes).\n- drm/msm/dpu: drop LM_3 / LM_4 on SDM845 (git-fixes).\n- drm/msm/dpu: make sure phys resources are properly initialized (git-fixes).\n- drm/msm/dpu: move CRTC resource assignment to dpu_encoder_virt_atomic_check (git-fixes).\n- drm/msm/dpu: on SDM845 move DSPP_3 to LM_5 block (git-fixes).\n- drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation (git-fixes).\n- drm/msm/dsi: improve/fix dsc pclk calculation (git-fixes).\n- drm/msm/gpu: Check the status of registration to PM QoS (git-fixes).\n- drm/msm: Allocate memory for disp snapshot with kvzalloc() (git-fixes).\n- drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() (git-fixes).\n- drm/msm: Fix some typos in comment (git-fixes).\n- drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new() (git-fixes).\n- drm/omap: Fix locking in omap_gem_new_dmabuf() (git-fixes).\n- drm/omap: Fix possible NULL dereference (git-fixes).\n- drm/panfrost: Add missing OPP table refcnt decremental (git-fixes).\n- drm/panfrost: Remove unused id_mask from struct panfrost_model (git-fixes).\n- drm/radeon: Fix encoder-\u003epossible_clones (git-fixes).\n- drm/rockchip: vop: Fix a dereferenced before check warning (git-fixes).\n- drm/sched: Add locking to drm_sched_entity_modify_sched (git-fixes).\n- drm/sched: Always wake up correct scheduler in drm_sched_entity_push_job (git-fixes).\n- drm/sti: Add __iomem for mixer_dbg_mxn\u0027s parameter (git-fixes).\n- drm/sti: avoid potential dereference of error pointers (git-fixes).\n- drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check (git-fixes).\n- drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check (git-fixes).\n- drm/v3d: Address race-condition in MMU flush (git-fixes).\n- drm/v3d: Enable Performance Counters before clearing them (git-fixes).\n- drm/v3d: Stop the active perfmon before being destroyed (git-fixes).\n- drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA (stable-fixes).\n- drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_atomic_flush (git-fixes).\n- drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_lut_load (git-fixes).\n- drm/vc4: Stop the active perfmon before being destroyed (git-fixes).\n- drm/vc4: hdmi: Avoid hang with debug registers when suspended (git-fixes).\n- drm/vc4: hvs: Correct logic on stopping an HVS channel (git-fixes).\n- drm/vc4: hvs: Do not write gamma luts on 2711 (git-fixes).\n- drm/vc4: hvs: Fix dlist debug not resetting the next entry pointer (git-fixes).\n- drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs function (git-fixes).\n- drm/vkms: Drop unnecessary call to drm_crtc_cleanup() (git-fixes).\n- drm/vmwgfx: Handle surface check failure correctly (git-fixes).\n- drm/vmwgfx: Limit display layout ioctl array size to VMWGFX_NUM_DISPLAY_UNITS (stable-fixes).\n- drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS (git-fixes).\n- drm: Expand max DRM device number to full MINORBITS (jsc#PED-11580).\n- drm: Use XArray instead of IDR for minors (jsc#PED-11580).\n- drm: use ATOMIC64_INIT() for atomic64_t (git-fixes).\n- drm: xlnx: zynqmp_dpsub: fix hotplug detection (git-fixes).\n- drm: zynqmp_kms: Unplug DRM device before removal (git-fixes).\n- dwc2: Drop USB dwc2 patch that caused a regression on RPi3 (bsc#1232342)\n- e1000e: Fix S0ix residency on corporate systems (git-fixes).\n- e1000e: Remove Meteor Lake SMBUS workarounds (git-fixes).\n- e1000e: change I219 (19) devices to ADP (git-fixes).\n- e1000e: fix force smbus during suspend flow (git-fixes).\n- e1000e: move force SMBUS near the end of enable_ulp function (git-fixes).\n- efi/libstub: Free correct pointer on failure (git-fixes).\n- efi/libstub: fix efi_parse_options() ignoring the default command line (git-fixes).\n- efi/libstub: zboot.lds: Discard .discard sections (stable-fixes).\n- efi/memattr: Ignore table if the size is clearly bogus (bsc#1231465).\n- efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption (stable-fixes).\n- eth: bnxt: fix counting packets discarded due to OOM and netpoll (git-fixes).\n- ext4: do not track ranges in fast_commit if inode has inlined data (bsc#1231635).\n- ext4: fix fast commit inode enqueueing during a full journal commit (bsc#1231636).\n- ext4: fix incorrect tid assumption in ext4_fc_mark_ineligible() (bsc#1231637).\n- ext4: fix possible tid_t sequence overflows (bsc#1231634).\n- ext4: fix slab-use-after-free in ext4_split_extent_at() (bsc#1232201)\n- ext4: fix unttached inode after power cut with orphan file feature enabled (bsc#1234009).\n- ext4: mark fc as ineligible using an handle in ext4_xattr_set() (bsc#1231640).\n- ext4: use handle to mark fc as ineligible in __track_dentry_update() (bsc#1231639).\n- f2fs: get out of a repeat loop when getting a locked data page (bsc#1234011).\n- fat: fix uninitialized variable (git-fixes).\n- fbcon: Fix a NULL pointer dereference issue in fbcon_putcs (stable-fixes).\n- fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() (git-fixes).\n- fbdev: sisfb: Fix strbuf array overflow (stable-fixes).\n- fgraph: Change the name of cpuhp state to \"fgraph:online\" (git-fixes).\n- fgraph: Fix missing unlock in register_ftrace_graph() (git-fixes).\n- fgraph: Use CPU hotplug mechanism to initialize idle shadow stacks (git-fixes).\n- filemap: remove use of wait bookmarks (bsc#1224088).\n- firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() (git-fixes).\n- firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup() (git-fixes).\n- firmware: arm_scpi: Check the DVFS OPP count returned by the firmware (git-fixes).\n- firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state() (git-fixes).\n- firmware: google: Unregister driver_info on failure (git-fixes).\n- firmware_loader: Fix possible resource leak in fw_log_firmware_info() (git-fixes).\n- fs/9p: drop inodes immediately on non-.L too (git-fixes).\n- fs/9p: fix the cache always being enabled on files with qid flags (git-fixes).\n- fs/ntfs3: Add more attributes checks in mi_enum_attr() (bsc#1233207)\n- fs/ntfs3: Fixed overflow check in mi_enum_attr() (bsc#1233207)\n- fs/ntfs3: Sequential field availability check in mi_enum_attr() (bsc#1233207)\n- fs: Fix uninitialized value issue in from_kuid and from_kgid (git-fixes).\n- genirq/msi: Fix off-by-one error in msi_domain_alloc() (git-fixes).\n- goldfish: Fix unused const variable \u0027goldfish_pipe_acpi_match\u0027 (git-fixes).\n- gpio: aspeed: Add the flush write to ensure the write complete (git-fixes).\n- gpio: aspeed: Use devm_clk api to manage clock source (git-fixes).\n- gpio: davinci: fix lazy disable (git-fixes).\n- gpio: exar: set value when external pull-up or pull-down is present (git-fixes).\n- gpio: zevio: Add missed label initialisation (git-fixes).\n- gve: Fix XDP TX completion handling when counters overflow (git-fixes).\n- gve: Fix an edge case for TSO skb validity check (git-fixes).\n- gve: ignore nonrelevant GSO type bits when processing TSO headers (git-fixes).\n- hid: intel-ish-hid: Fix uninitialized variable \u0027rv\u0027 in ish_fw_xfer_direct_dma (git-fixes).\n- hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event (git-fixes).\n- hv_sock: Initializing vsk-\u003etrans to NULL to prevent a dangling pointer (git-fixes).\n- hwmon: (adm9240) Add missing dependency on REGMAP_I2C (git-fixes).\n- hwmon: (adt7470) Add missing dependency on REGMAP_I2C (git-fixes).\n- hwmon: (max16065) Fix alarm attributes (git-fixes).\n- hwmon: (max16065) Remove use of i2c_match_id() (stable-fixes).\n- hwmon: (mc34vr500) Add missing dependency on REGMAP_I2C (git-fixes).\n- hwmon: (nct6775) add G15CF to ASUS WMI monitoring list (stable-fixes).\n- hwmon: (nct6775-core) Fix overflows seen when writing limit attributes (git-fixes).\n- hwmon: (tmp513) Add missing dependency on REGMAP_I2C (git-fixes).\n- hwmon: (tps23861) Fix reporting of negative temperatures (git-fixes).\n- hwmon: intel-m10-bmc-hwmon: relabel Columbiaville to CVL Die Temperature (git-fixes).\n- i2c: core: Setup i2c_adapter runtime-pm before calling device_add() (git-fixes).\n- i2c: core: fix lockdep warning for sparsely nested adapter chain (git-fixes).\n- i2c: cpm: Remove linux,i2c-index conversion from be32 (git-fixes).\n- i2c: designware: do not hold SCL low when I2C_DYNAMIC_TAR_UPDATE is not set (git-fixes).\n- i2c: exynos5: Calculate t_scl_l, t_scl_h according to i2c spec (git-fixes).\n- i2c: i801: Add lis3lv02d for Dell Precision 3540 (git-fixes).\n- i2c: i801: Add lis3lv02d for Dell XPS 15 7590 (git-fixes).\n- i2c: i801: Use a different adapter-name for IDF adapters (stable-fixes).\n- i2c: i801: add helper i801_restore_regs (git-fixes).\n- i2c: ismt: kill transaction in hardware on timeout (git-fixes).\n- i2c: ocores: Move system PM hooks to the NOIRQ phase (git-fixes).\n- i2c: ocores: Remove #ifdef guards for PM related functions (git-fixes).\n- i2c: omap: switch to NOIRQ_SYSTEM_SLEEP_PM_OPS() and RUNTIME_PM_OPS() (git-fixes).\n- i2c: omap: wakeup the controller during suspend() callback (git-fixes).\n- i2c: rcar: properly format a debug output (git-fixes).\n- i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume (git-fixes).\n- i2c: stm32f7: perform most of irq job in threaded handler (git-fixes).\n- i2c: synquacer: Deal with optional PCLK correctly (git-fixes).\n- i2c: synquacer: Remove a clk reference from struct synquacer_i2c (stable-fixes).\n- i2c: xiic: Try re-initialization on bus busy timeout (git-fixes).\n- i2c: xiic: improve error message when transfer fails to start (stable-fixes).\n- i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() (git-fixes).\n- i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition (stable-fixes).\n- i3c: master: svc: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).\n- i40e: Fix XDP program unloading while removing the driver (git-fixes).\n- i40e: Report MFS in decimal base instead of hex (git-fixes).\n- i40e: fix race condition by adding filter\u0027s intermediate sync state (git-fixes).\n- iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call (git-fixes).\n- iavf: Fix TC config comparison with existing adapter TC config (git-fixes).\n- ice: Fix VSI list rule with ICE_SW_LKUP_LAST type (git-fixes).\n- ice: Fix checking for unsupported keys on non-tunnel device (git-fixes).\n- ice: Fix lldp packets dropping after changing the number of channels (git-fixes).\n- ice: Fix netif_is_ice() in Safe Mode (git-fixes).\n- ice: Fix package download algorithm (git-fixes).\n- ice: Fix recipe read procedure (git-fixes).\n- ice: Fix reset handler (git-fixes).\n- ice: Flush FDB entries before reset (git-fixes).\n- ice: Interpret .set_channels() input differently (git-fixes).\n- ice: Rebuild TC queues on VSI queue reconfiguration (git-fixes).\n- ice: Reject pin requests with unsupported flags (git-fixes).\n- ice: add flag to distinguish reset from .ndo_bpf in XDP rings config (git-fixes).\n- ice: add missing WRITE_ONCE when clearing ice_rx_ring::xdp_prog (git-fixes).\n- ice: avoid IRQ collision to fix init failure on ACPI S3 resume (git-fixes).\n- ice: clear port vlan config during reset (git-fixes).\n- ice: disallow DPLL_PIN_STATE_SELECTABLE for dpll output pins (git-fixes).\n- ice: do not bring the VSI up, if it was down before the XDP setup (git-fixes).\n- ice: do not busy wait for Rx queue disable in ice_qp_dis() (git-fixes).\n- ice: fix 200G PHY types to link speed mapping (git-fixes).\n- ice: fix 200G link speed message log (git-fixes).\n- ice: fix ICE_LAST_OFFSET formula (git-fixes).\n- ice: fix VLAN replay after reset (git-fixes).\n- ice: fix VSI lists confusion when adding VLANs (git-fixes).\n- ice: fix accounting for filters shared by multiple VSIs (git-fixes).\n- ice: fix accounting if a VLAN already exists (git-fixes).\n- ice: fix iteration of TLVs in Preserved Fields Area (git-fixes).\n- ice: fix page reuse when PAGE_SIZE is over 8k (git-fixes).\n- ice: fix reads from NVM Shadow RAM on E830 and E825-C devices (git-fixes).\n- ice: fix truesize operations for PAGE_SIZE \u003e= 8192 (git-fixes).\n- ice: implement AQ download pkg retry (git-fixes).\n- ice: map XDP queues to vectors in ice_vsi_map_rings_to_vectors() (git-fixes).\n- ice: remove af_xdp_zc_qps bitmap (git-fixes).\n- ice: replace synchronize_rcu with synchronize_net (git-fixes).\n- ice: respect netif readiness in AF_XDP ZC related ndo\u0027s (git-fixes).\n- ice: set correct dst VSI in only LAN filters (git-fixes).\n- ice: tc: allow zero flags in parsing tc flower (git-fixes).\n- ice: tc: check src_vsi in case of traffic from VF (git-fixes).\n- ice: use proper macro for testing bit (git-fixes).\n- idpf: Interpret .set_channels() input differently (git-fixes).\n- idpf: avoid bloating \u0026idpf_q_vector with big %NR_CPUS (git-fixes).\n- idpf: do not enable NAPI and interrupts prior to allocating Rx buffers (git-fixes).\n- idpf: do not skip over ethtool tcp-data-split setting (git-fixes).\n- idpf: fix UAFs when destroying the queues (git-fixes).\n- idpf: fix memleak in vport interrupt configuration (git-fixes).\n- idpf: fix memory leaks and crashes while performing a soft reset (git-fixes).\n- ieee802154: Fix build error (git-fixes).\n- igb: Always call igb_xdp_ring_update_tail() under Tx lock (git-fixes).\n- igb: Disable threaded IRQ for igb_msix_other (git-fixes).\n- igb: Fix not clearing TimeSync interrupts for 82580 (git-fixes).\n- igc: Fix double reset adapter triggered from a single taprio cmd (git-fixes).\n- igc: Fix packet still tx after gate close by reducing i226 MAC retry buffer (git-fixes).\n- igc: Fix qbv tx latency by setting gtxoffset (git-fixes).\n- igc: Fix qbv_config_change_errors logics (git-fixes).\n- igc: Fix reset adapter logics when tx mode change (git-fixes).\n- igc: Unlock on error in igc_io_resume() (git-fixes).\n- iio: Fix fwnode_handle in __fwnode_iio_channel_get_by_name() (git-fixes).\n- iio: accel: bma400: Fix uninitialized variable field_value in tap event handling (git-fixes).\n- iio: accel: kx022a: Fix raw read format (git-fixes).\n- iio: accel: kx022a: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).\n- iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() (git-fixes).\n- iio: adc: ad7606: Fix typo in the driver name (git-fixes).\n- iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer (git-fixes).\n- iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).\n- iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).\n- iio: adc: ti-lmp92064: add missing select REGMAP_SPI in Kconfig (git-fixes).\n- iio: amplifiers: ada4250: add missing select REGMAP_SPI in Kconfig (git-fixes).\n- iio: dac: ad3552r: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).\n- iio: dac: ad5766: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).\n- iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig (git-fixes).\n- iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig (git-fixes).\n- iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig (git-fixes).\n- iio: frequency: adf4377: add missing select REMAP_SPI in Kconfig (git-fixes).\n- iio: frequency: admv4420: fix missing select REMAP_SPI in Kconfig (git-fixes).\n- iio: gts-helper: Fix memory leaks for the error path of iio_gts_build_avail_scale_table() (git-fixes).\n- iio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table() (git-fixes).\n- iio: gts: Fix uninitialized symbol \u0027ret\u0027 (git-fixes).\n- iio: gts: fix infinite loop for gain_to_scaletables() (git-fixes).\n- iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() (git-fixes).\n- iio: light: al3010: Fix an error handling path in al3010_probe() (git-fixes).\n- iio: light: opt3001: add missing full-scale range value (git-fixes).\n- iio: light: veml6030: fix ALS sensor resolution (git-fixes).\n- iio: light: veml6030: fix IIO device retrieval from embedded device (git-fixes).\n- iio: light: veml6030: fix microlux value calculation (git-fixes).\n- iio: magnetometer: ak8975: Convert enum-\u003epointer for data in the match tables (stable-fixes).\n- iio: magnetometer: ak8975: Fix \u0027Unexpected device\u0027 error (git-fixes).\n- iio: magnetometer: ak8975: drop incorrect AK09116 compatible (git-fixes).\n- iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).\n- ima: fix buffer overrun in ima_eventdigest_init_common (git-fixes).\n- initramfs: avoid filename buffer overrun (bsc#1232436).\n- intel_idle: add Granite Rapids Xeon support (bsc#1231630).\n- intel_idle: fix ACPI _CST matching for newer Xeon platforms (bsc#1231630).\n- io_uring/eventfd: move to more idiomatic RCU free usage (git-fixes).\n- io_uring/io-wq: do not allow pinning outside of cpuset (git-fixes).\n- io_uring/io-wq: inherit cpuset of cgroup in io worker (git-fixes).\n- io_uring/net: harden multishot termination case for recv (git-fixes).\n- io_uring/rw: fix cflags posting for single issue multishot read (git-fixes).\n- io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (git-fixes).\n- io_uring/rw: treat -EOPNOTSUPP for IOCB_NOWAIT like -EAGAIN (git-fixes).\n- io_uring/sqpoll: close race on waiting for sqring entries (git-fixes).\n- io_uring/sqpoll: do not allow pinning outside of cpuset (git-fixes).\n- io_uring/sqpoll: do not put cpumask on stack (git-fixes).\n- io_uring/sqpoll: retain test for whether the CPU is valid (git-fixes).\n- io_uring: check for presence of task_work rather than TIF_NOTIFY_SIGNAL (git-fixes).\n- iommu/amd: Allocate the page table root using GFP_KERNEL (git-fixes).\n- iommu/amd: Do not set the D bit on AMD v2 table entries (git-fixes).\n- iommu/amd: Fix typo of , instead of ; (git-fixes).\n- iommu/vt-d: Always reserve a domain ID for identity setup (git-fixes).\n- iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices (git-fixes).\n- iommufd: Check the domain owner of the parent before creating a nesting domain (git-fixes).\n- iommufd: Protect against overflow of ALIGN() during iova allocation (git-fixes).\n- irqchip/gic-v3-its: Avoid explicit cpumask allocation on stack (git-fixes).\n- jbd2: Move j_transaction_overhead_buffers into a hole (bsc#1234042).\n- jbd2: avoid infinite transaction commit loop (bsc#1234039).\n- jbd2: avoid memleak in jbd2_journal_write_metadata_buffer (bsc#1234043).\n- jbd2: avoid mount failed when commit block is partial submitted (bsc#1234040).\n- jbd2: correct the printing of write_flags in jbd2_write_superblock() (bsc#1234045).\n- jbd2: correctly compare tids with tid_geq function in jbd2_fc_begin_commit (bsc#1231638).\n- jbd2: fix kernel-doc for j_transaction_overhead_buffers (bsc#1234042).\n- jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev (bsc#1234044).\n- jbd2: fix soft lockup in journal_finish_inode_data_buffers() (bsc#1234046).\n- jbd2: make jbd2_journal_get_max_txn_bufs() internal (bsc#1234041).\n- jbd2: precompute number of transaction descriptor blocks (bsc#1234042).\n- jfs: Fix sanity check in dbMount (git-fixes).\n- jfs: Fix uaf in dbFreeBits (git-fixes).\n- jfs: Fix uninit-value access of new_ea in ea_buffer (git-fixes).\n- jfs: UBSAN: shift-out-of-bounds in dbFindBits (git-fixes).\n- jfs: check if leafidx greater than num leaves per dmap tree (git-fixes).\n- jump_label: Fix static_key_slow_dec() yet again (git-fixes).\n- kABI fix of VM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC) (git-fixes).\n- kABI workaround for ASoC SOF (bsc#1233305).\n- kABI: Restore exported __arm_smccc_sve_check (git-fixes)\n- kABI: bpf: enum bpf_{type_flag,arg_type} kABI workaround (git-fixes).\n- kABI: bpf: struct bpf_insn_acces_aux kABI workaround (git-fixes).\n- kabi, mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling (git-fixes kabi).\n- kasan: Fix Software Tag-Based KASAN with GCC (git-fixes).\n- kasan: move checks to do_strncpy_from_user (git-fixes).\n- kbuild, bpf: Use test-ge check for v1.25-only pahole (bsc#1230414 bsc#1229450).\n- kbuild,bpf: Add module-specific pahole flags for distilled base BTF (bsc#1230414 bsc#1229450).\n- kbuild,bpf: Switch to using --btf_features for pahole v1.26 and later (bsc#1230414 bsc#1229450).\n- kbuild: avoid too many execution of scripts/pahole-flags.sh (bsc#1230414 bsc#1229450).\n- kbuild: bpf: Tell pahole to DECL_TAG kfuncs (bsc#1230414 bsc#1229450).\n- kconfig: qconf: fix buffer overflow in debug links (git-fixes).\n- kernel-binary: Enable livepatch package only when livepatch is enabled Otherwise the filelist may be empty failing the build (bsc#1218644).\n- kexec_file: fix elfcorehdr digest exclusion when CONFIG_CRASH_HOTPLUG=y (git-fixes).\n- keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry (git-fixes).\n- keys: Fix overwrite of key expiration on instantiation (git-fixes).\n- kthread: unpark only parked kthread (git-fixes).\n- leds: lp55xx: Remove redundant test for invalid channel number (git-fixes).\n- lib/xarray: introduce a new helper xas_get_order (bsc#1231617).\n- lib: string_helpers: silence snprintf() output truncation warning (git-fixes).\n- mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING (git-fixes).\n- macsec: do not increment counters for an unrelated SA (git-fixes).\n- mailbox: arm_mhuv2: clean up loop in get_irq_chan_comb() (git-fixes).\n- maple_tree: correct tree corruption on spanning store (git-fixes).\n- maple_tree: fix alloc node fail issue (git-fixes).\n- maple_tree: refine mas_store_root() on storing NULL (git-fixes).\n- media: Drop the previous HD-audio TAS2781 fix (bsc#1230132)\n- media: adv7604: prevent underflow condition when reporting colorspace (git-fixes).\n- media: amphion: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).\n- media: amphion: Set video drvdata before register video device (git-fixes).\n- media: ar0521: do not overflow when checking PLL values (git-fixes).\n- media: atomisp: Add check for rgby_data memory allocation failure (git-fixes).\n- media: bttv: use audio defaults for winfast2000 (git-fixes).\n- media: core: v4l2-ioctl: check if ioctl is known to avoid NULL name (git-fixes).\n- media: cx24116: prevent overflows on SNR calculus (git-fixes).\n- media: dvb_frontend: do not play tricks with underflow values (git-fixes).\n- media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set (stable-fixes).\n- media: dvbdev: prevent the risk of out of memory access (git-fixes).\n- media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate() (git-fixes).\n- media: i2c: dw9768: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).\n- media: i2c: imx335: Enable regulator supplies (stable-fixes).\n- media: i2c: tc358743: Fix crash in the probe error path when using polling (git-fixes).\n- media: imx-jpeg: Ensure power suppliers be suspended before detach them (git-fixes).\n- media: imx-jpeg: Set video drvdata before register video device (git-fixes).\n- media: imx335: Fix reset-gpio handling (git-fixes).\n- media: mantis: remove orphan mantis_core.h (git-fixes).\n- media: mtk-jpeg: Fix null-ptr-deref during unload module (git-fixes).\n- media: pci: ipu3-cio2: Initialise timing struct to avoid a compiler warning (git-fixes).\n- media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() (git-fixes).\n- media: platform: exynos4-is: Fix an OF node reference leak in fimc_md_is_isp_available (git-fixes).\n- media: pulse8-cec: fix data timestamp at pulse8_setup() (git-fixes).\n- media: s5p-jpeg: prevent buffer overflows (git-fixes).\n- media: stb0899_algo: initialize cfr before using it (git-fixes).\n- media: ts2020: fix null-ptr-deref in ts2020_probe() (git-fixes).\n- media: uvcvideo: Require entities to have a non-zero unique ID (git-fixes).\n- media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (git-fixes).\n- media: uvcvideo: Stop stream during unregister (git-fixes).\n- media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl() (git-fixes).\n- media: v4l2-tpg: prevent the risk of a division by zero (git-fixes).\n- media: vb2: Fix comment (git-fixes).\n- media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).\n- media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() (stable-fixes).\n- media: videobuf2: fix typo: vb2_dbuf -\u003e vb2_qbuf (git-fixes).\n- media: wl128x: Fix atomicity violation in fmc_send_cmd() (git-fixes).\n- mei: use kvmalloc for read buffer (git-fixes).\n- mfd: intel_soc_pmic_chtwc: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes).\n- mfd: rt5033: Fix missing regmap_del_irq_chip() (git-fixes).\n- mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race (git-fixes).\n- minmax: avoid overly complex min()/max() macro arguments in xen (git-fixes).\n- minmax: scsi: fix mis-use of \u0027clamp()\u0027 in sr.c (git-fixes).\n- misc: apds990x: Fix missing pm_runtime_disable() (git-fixes).\n- mlx5: avoid truncating error message (git-fixes).\n- mlx5: stop warning for 64KB pages (git-fixes).\n- mlxbf_gige: disable RX filters until RX path initialized (git-fixes).\n- mm/filemap: optimize filemap folio adding (bsc#1231617).\n- mm/filemap: return early if failed to allocate memory for split (bsc#1231617).\n- mm/hugetlb: fix nodes huge page allocation when there are surplus pages (bsc#1234012).\n- mm: avoid unsafe VMA hook invocation when error arises on mmap hook (git-fixes).\n- mm: khugepaged: fix the arguments order in khugepaged_collapse_file trace point (git-fixes).\n- mm: mmap: no need to call khugepaged_enter_vma() for stack (jsc#PED-10978).\n- mm: move dummy_vm_ops out of a header (git-fixes prerequisity).\n- mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling (git-fixes).\n- mm: refactor map_deny_write_exec() (git-fixes).\n- mm: resolve faulty mmap_region() error path behaviour (git-fixes).\n- mm: unconditionally close VMAs on error (git-fixes).\n- mmc: core: Further prevent card detect during shutdown (git-fixes).\n- mmc: mmc_spi: drop buggy snprintf() (git-fixes).\n- mmc: sunxi-mmc: Fix A100 compatible description (git-fixes).\n- modpost: fix acpi MODULE_DEVICE_TABLE built with mismatched endianness (git-fixes).\n- modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host (git-fixes).\n- modpost: remove incorrect code in do_eisa_entry() (git-fixes).\n- module: abort module loading when sysfs setup suffer errors (git-fixes).\n- mtd: rawnand: atmel: Fix possible memory leak (git-fixes).\n- mtd: spi-nor: core: replace dummy buswidth from addr to data (git-fixes).\n- nbd: fix race between timeout and normal completion (bsc#1230918).\n- net/mlx5: Add missing masks and QoS bit masks for scheduling elements (git-fixes).\n- net/mlx5: Added cond_resched() to crdump collection (git-fixes).\n- net/mlx5: Check capability for fw_reset (git-fixes).\n- net/mlx5: Check for invalid vector index on EQ creation (git-fixes).\n- net/mlx5: Explicitly set scheduling element and TSAR type (git-fixes).\n- net/mlx5: Fix command bitmask initialization (git-fixes).\n- net/mlx5: Fix error handling in irq_pool_request_irq (git-fixes).\n- net/mlx5: Lag, do bond only if slaves agree on roce state (git-fixes).\n- net/mlx5: Lag, do not use the hardcoded value of the first port (git-fixes).\n- net/mlx5: Stop waiting for PCI if pci channel is offline (git-fixes).\n- net/mlx5: Unregister notifier on eswitch init failure (git-fixes).\n- net/mlx5: Update the list of the PCI supported devices (git-fixes).\n- net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys (git-fixes).\n- net/mlx5e: Add missing link mode to ptys2ext_ethtool_map (git-fixes).\n- net/mlx5e: Add missing link modes to ptys2ethtool_map (git-fixes).\n- net/mlx5e: Add mqprio_rl cleanup and free in mlx5e_priv_cleanup() (git-fixes).\n- net/mlx5e: Correctly report errors for ethtool rx flows (git-fixes).\n- net/mlx5e: Do not call cleanup on profile rollback failure (git-fixes).\n- net/mlx5e: Fix IPsec tunnel mode offload feature check (git-fixes).\n- net/mlx5e: Fix UDP GSO for encapsulated packets (git-fixes).\n- net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets (git-fixes).\n- net/mlx5e: Require mlx5 tc classifier action support for IPsec prio capability (git-fixes).\n- net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion (git-fixes).\n- net: mana: Implement get_ringparam/set_ringparam for mana (bsc#1229891).\n- net: mana: Improve mana_set_channels() in low mem conditions (bsc#1230289).\n- net: mdio-ipq4019: add missing error check (git-fixes).\n- net: phy: Remove LED entry from LEDs list on unregister (git-fixes).\n- net: phy: bcm84881: Fix some error handling paths (git-fixes).\n- net: phy: dp83822: Fix reset pin definitions (git-fixes).\n- net: phy: dp83869: fix memory corruption when enabling fiber (git-fixes).\n- net: phy: ti: add PHY_RST_AFTER_CLK_EN flag (git-fixes).\n- net: qede: sanitize \u0027rc\u0027 in qede_add_tc_flower_fltr() (git-fixes).\n- net: qede: use return from qede_parse_actions() (git-fixes).\n- net: qede: use return from qede_parse_flow_attr() for flow_spec (git-fixes).\n- net: qede: use return from qede_parse_flow_attr() for flower (git-fixes).\n- net: relax socket state check at accept time (git-fixes).\n- net: stmmac: dwmac-tegra: Fix link bring-up sequence (git-fixes)\n- net: sysfs: Fix /sys/class/net/\u0026lt;iface\u003e path for statistics (git-fixes).\n- net: test for not too small csum_start in virtio_net_hdr_to_skb() (git-fixes).\n- net: usb: lan78xx: Fix double free issue with interrupt buffer allocation (git-fixes).\n- net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device (git-fixes).\n- net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration (git-fixes).\n- net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition (stable-fixes).\n- net: usb: usbnet: fix name regression (get-fixes).\n- net: usb: usbnet: fix race in probe failure (git-fixes).\n- net: wwan: fix global oob in wwan_rtnl_policy (git-fixes).\n- net: wwan: t7xx: Fix off-by-one error in t7xx_dpmaif_rx_buf_alloc() (git-fixes).\n- net: xfrm: preserve kabi for xfrm_state (bsc#1233754).\n- netdevsim: copy addresses for both in and out paths (git-fixes).\n- netdevsim: use cond_resched() in nsim_dev_trap_report_work() (git-fixes).\n- netfilter: nf_tables: missing iterator type in lookup walk (git-fixes).\n- nfs: Fix KMSAN warning in decode_getfattr_attrs() (git-fixes).\n- nfs: avoid i_lock contention in nfs_clear_invalid_mapping (git-fixes).\n- nfs: fix memory leak in error path of nfs4_do_reclaim (git-fixes).\n- nfsd: call cache_put if xdr_reserve_space returns NULL (git-fixes).\n- nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net (git-fixes).\n- nfsd: fix delegation_blocked() to block correctly for at least 30 seconds (git-fixes).\n- nfsd: fix refcount leak when file is unhashed after being found (git-fixes).\n- nfsd: map the EBADMSG to nfserr_io to avoid warning (git-fixes).\n- nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire (git-fixes).\n- nfsd: remove unsafe BUG_ON from set_change_info (bsc#1234121).\n- nfsd: return -EINVAL when namelen is 0 (git-fixes).\n- nilfs2: fix kernel bug due to missing clearing of buffer delay flag (git-fixes).\n- nilfs2: fix potential deadlock with newly created symlinks (git-fixes).\n- nouveau/dmem: Fix privileged error in copy engine channel (git-fixes).\n- nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error (git-fixes).\n- nouveau/dp: handle retries for AUX CH transfers with GSP (git-fixes).\n- nouveau/gsp: Avoid addressing beyond end of rpc-\u003eentries (stable-fixes).\n- nouveau: fw: sync dma after setup is called (git-fixes).\n- nouveau: handle EBUSY and EAGAIN for GSP aux errors (git-fixes).\n- ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).\n- ntfs3: Add bounds checking to mi_enum_attr() (bsc#1233207)\n- nvme-fabrics: fix kernel crash while shutting down controller (git-fixes).\n- nvme-loop: flush off pending I/O while shutting down loop controller (git-fixes).\n- nvme-multipath: suppress partition scan until the disk is ready (bsc#1228244).\n- nvme-pci: fix freeing of the HMB descriptor table (git-fixes).\n- nvme-pci: fix race condition between reset and nvme_dev_disable() (git-fixes).\n- nvme-pci: qdepth 1 quirk (git-fixes).\n- nvme-pci: reverse request order in nvme_queue_rqs (git-fixes).\n- nvme-pci: set doorbell config before unquiescing (git-fixes).\n- nvme/host: Fix RCU list traversal to use SRCU primitive (git-fixes).\n- nvme: disable CC.CRIME (NVME_CC_CRIME) (jsc#PED-9901).\n- nvme: null terminate nvme_tls_attrs (git-fixes).\n- nvme: re-fix error-handling for io_uring nvme-passthrough (git-fixes).\n- nvme: tcp: avoid race between queue_lock lock and destroy (git-fixes).\n- nvmet-auth: assign dh_key to NULL after kfree_sensitive (git-fixes).\n- ocfs2: Drop OCFS2 patch causing a regression (bsc#1233255)\n- ocfs2: fix UBSAN warning in ocfs2_verify_volume() (git-fixes).\n- ocfs2: fix the la space leak when unmounting an ocfs2 volume (git-fixes).\n- ocfs2: fix uninit-value in ocfs2_get_block() (git-fixes).\n- ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow (git-fixes).\n- ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() (git-fixes).\n- ocfs2: uncache inode which has failed entering the group (git-fixes).\n- of: Add cleanup.h based auto release via __free(device_node) markings (bsc#1232386)\n- parport: Proper fix for array out-of-bounds access (git-fixes).\n- phy: freescale: imx8m-pcie: Do CMN_RST just before PHY PLL lock check (git-fixes).\n- phy: qcom: qmp-combo: move driver data initialisation earlier (git-fixes).\n- phy: qcom: qmp-usb: fix NULL-deref on runtime suspend (git-fixes).\n- phy: tegra: xusb: Add error pointer check in xusb.c (git-fixes).\n- phy: ti: phy-j721e-wiz: fix usxgmii configuration (git-fixes).\n- pinctrl: apple: check devm_kasprintf() returned value (git-fixes).\n- pinctrl: k210: Undef K210_PC_DEFAULT (git-fixes).\n- pinctrl: ocelot: fix system hang on level based interrupts (stable-fixes).\n- pinctrl: qcom: spmi: fix debugfs drive strength (git-fixes).\n- pinctrl: zynqmp: drop excess struct member description (git-fixes).\n- platform/chrome: cros_ec_typec: fix missing fwnode reference decrement (git-fixes).\n- platform/x86/amd/pmc: Detect when STB is not available (git-fixes).\n- platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug (git-fixes).\n- platform/x86: dell-sysman: add support for alienware products (stable-fixes).\n- platform/x86: dell-wmi: Ignore suspend notifications (stable-fixes).\n- platform/x86: lenovo-ymc: Ignore the 0x0 state (stable-fixes).\n- platform/x86: panasonic-laptop: Return errno correctly in show callback (git-fixes).\n- platform/x86: touchscreen_dmi: add nanote-next quirk (stable-fixes).\n- posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone (bsc#1234098).\n- power: reset: brcmstb: Do not go into infinite loop if reset fails (stable-fixes).\n- power: supply: bq27xxx: Fix registers of bq27426 (git-fixes).\n- power: supply: core: Remove might_sleep() from power_supply_put() (git-fixes).\n- power: supply: rt9471: Fix wrong WDT function regfield declaration (git-fixes).\n- power: supply: rt9471: Use IC status regfield to report real charger status (git-fixes).\n- powercap: intel_rapl: Fix off by one in get_rpi() (git-fixes).\n- powerpc/64: Convert patch_instruction() to patch_u32() (bsc#1194869).\n- powerpc/64s: Fix unnecessary copy to 0 when kernel is booted at address 0 (bsc#1215199).\n- powerpc/atomic: Use YZ constraints for DS-form instructions (bsc#1194869).\n- powerpc/boot: Handle allocation failure in simple_realloc() (bsc#1194869).\n- powerpc/boot: Only free if realloc() succeeds (bsc#1194869).\n- powerpc/code-patching: Add generic memory patching (bsc#1194869).\n- powerpc/code-patching: Perform hwsync in __patch_instruction() in case of failure (bsc#1194869).\n- powerpc/crypto: do not build aes-gcm-p10 by default (bsc#1230501 ltc#208632).\n- powerpc/crypto: fix missing skcipher dependency for aes-gcm-p10 (bsc#1230501 ltc#208632).\n- powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init() (bsc#1215199).\n- powerpc/fadump: Refactor and prepare fadump_cma_init for late init (bsc#1215199).\n- powerpc/kexec: Fix return of uninitialized variable (bsc#1194869).\n- powerpc/mm/fault: Fix kfence page fault reporting (bsc#1194869).\n- powerpc/mm: Fix boot crash with FLATMEM (bsc#1194869).\n- powerpc/mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL (bsc#1194869).\n- powerpc/powernv: Free name on error in opal_event_init() (bsc#1194869).\n- powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector (bsc#1194869).\n- powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore (bsc#1194869).\n- powerpc/pseries: Use correct data types from pseries_hp_errorlog struct (bsc#1215199).\n- powerpc/vdso: Fix VDSO data access when running in a non-root time namespace (bsc#1194869).\n- powerpc/vdso: Inconditionally use CFUNC macro (bsc#1215199).\n- powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu (bsc#1194869).\n- powerpc/xmon: Fix disassembly CPU feature checks (bsc#1065729).\n- printk: Add notation to console_srcu locking (bsc#1232183).\n- pwm: imx-tpm: Use correct MODULO value for EPWM mode (git-fixes).\n- qed: avoid truncating work queue length (git-fixes).\n- rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow (bsc#1226631).\n- rcu: Fix buffer overflow in print_cpu_stall_info() (bsc#1226623).\n- regmap: detach regmap from dev on regmap_exit (git-fixes).\n- regmap: irq: Set lockdep class for hierarchical IRQ domains (git-fixes).\n- rpm/check-for-config-changes: add HAVE_RUST and RUSTC_SUPPORTS_ to IGNORED_CONFIGS_RE They depend on SHADOW_CALL_STACK.\n- rpm/release-projects: Add SLFO projects (bsc#1231293).\n- rpm/scripts: Remove obsolete Symbols.list Symbols.list is not longer needed by the new klp-convert implementation. (bsc#1218644)\n- rpmsg: glink: Handle rejected intent request better (git-fixes).\n- rtc: ab-eoz9: do not fail temperature reads on undervoltage notification (git-fixes).\n- rtc: abx80x: Fix WDT bit position of the status register (git-fixes).\n- rtc: bbnsm: add remove hook (git-fixes).\n- rtc: check if __rtc_read_time was successful in rtc_timer_do_work() (git-fixes).\n- rtc: rzn1: fix BCD to rtc_time conversion errors (git-fixes).\n- rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).\n- runtime constants: add default dummy infrastructure (git-fixes).\n- runtime constants: add x86 architecture support (git-fixes).\n- s390/mm: Add cond_resched() to cmm_alloc/free_pages() (bsc#1228747).\n- s390/pci: Handle PCI error codes other than 0x3a (git-fixes bsc#1232629).\n- s390/sclp: Deactivate sclp after all its users (git-fixes bsc#1232628).\n- s390/sclp_vt220: Convert newlines to CRLF instead of LFCR (git-fixes bsc#1232627).\n- scsi: NCR5380: Check for phase match during PDMA fixup (git-fixes).\n- scsi: NCR5380: Initialize buffer for MSG IN and STATUS transfers (git-fixes).\n- scsi: Remove scsi device no_start_on_resume flag (git-fixes).\n- scsi: aacraid: Rearrange order of struct aac_srb_unit (git-fixes).\n- scsi: cdrom: kABI: fix cdrom_dev_ops change (git-fixes).\n- scsi: core: Disable CDL by default (git-fixes).\n- scsi: core: Fix handling of SCMD_FAIL_IF_RECOVERING (git-fixes).\n- scsi: core: Fix the return value of scsi_logical_block_count() (git-fixes).\n- scsi: core: Handle devices which return an unusually large VPD page count (git-fixes).\n- scsi: core: alua: I/O errors for ALUA state transitions (git-fixes).\n- scsi: fnic: Move flush_work initialization out of if block (bsc#1230055).\n- scsi: hisi_sas: Handle the NCQ error returned by D2H frame (git-fixes).\n- scsi: hpsa: Fix allocation size for Scsi_Host private data (git-fixes).\n- scsi: kABI: restore no_start_on_resume to scsi_device (git-fixes).\n- scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed (git-fixes).\n- scsi: libsas: Fix the failure of adding phy with zero-address to port (git-fixes).\n- scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in lpfc_els_flush_cmd() (bsc#1232757).\n- scsi: lpfc: Add cleanup of nvmels_wq after HBA reset (bsc#1233241 jsc#PED-9943).\n- scsi: lpfc: Call lpfc_sli4_queue_unset() in restart and rmmod paths (bsc#1233241 jsc#PED-9943).\n- scsi: lpfc: Change lpfc_nodelist nlp_flag member into a bitmask (bsc#1233241 jsc#PED-9943).\n- scsi: lpfc: Check SLI_ACTIVE flag in FDMI cmpl before submitting follow up FDMI (bsc#1233241 jsc#PED-9943).\n- scsi: lpfc: Check devloss callbk done flag for potential stale NDLP ptrs (bsc#1233241 jsc#PED-9943).\n- scsi: lpfc: Copyright updates for 14.4.0.6 patches (bsc#1233241 jsc#PED-9943).\n- scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance (bsc#1232757).\n- scsi: lpfc: Fix kref imbalance on fabric ndlps from dev_loss_tmo handler (bsc#1232757).\n- scsi: lpfc: Modify CGN warning signal calculation based on EDC response (bsc#1233241 jsc#PED-9943).\n- scsi: lpfc: Prevent NDLP reference count underflow in dev_loss_tmo callback (bsc#1233241 jsc#PED-9943).\n- scsi: lpfc: Remove NLP_RELEASE_RPI flag from nodelist structure (bsc#1233241 jsc#PED-9943).\n- scsi: lpfc: Remove trailing space after \\n newline (bsc#1232757).\n- scsi: lpfc: Restrict support for 32 byte CDBs to specific HBAs (bsc#1232757 bsc#1228119).\n- scsi: lpfc: Revise TRACE_EVENT log flag severities from KERN_ERR to KERN_WARNING (bsc#1232757).\n- scsi: lpfc: Support loopback tests with VMID enabled (bsc#1232757).\n- scsi: lpfc: Update lpfc version to 14.4.0.5 (bsc#1232757).\n- scsi: lpfc: Update lpfc version to 14.4.0.6 (bsc#1233241 jsc#PED-9943).\n- scsi: lpfc: Update lpfc_els_flush_cmd() to check for SLI_ACTIVE before BSG flag (bsc#1233241 jsc#PED-9943).\n- scsi: lpfc: Update phba link state conditional before sending CMF_SYNC_WQE (bsc#1232757).\n- scsi: mac_scsi: Disallow bus errors during PDMA send (git-fixes).\n- scsi: mac_scsi: Refactor polling loop (git-fixes).\n- scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages (git-fixes).\n- scsi: mpi3mr: Avoid IOMMU page faults on REPORT ZONES (git-fixes).\n- scsi: mpi3mr: Avoid memcpy field-spanning write WARNING (git-fixes).\n- scsi: mpi3mr: Avoid possible run-time warning with long manufacturer strings (git-fixes).\n- scsi: mpi3mr: Fix ATA NCQ priority support (git-fixes).\n- scsi: mpi3mr: Validate SAS port assignments (git-fixes).\n- scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES (git-fixes).\n- scsi: pm8001: Do not overwrite PCI queue mapping (git-fixes).\n- scsi: pm80xx: Set phy-\u003eenable_completion only when we wait for it (git-fixes).\n- scsi: qedf: Set qed_slowpath_params to zero before use (git-fixes).\n- scsi: scsi_transport_fc: Allow setting rport state to current state (git-fixes).\n- scsi: sd: Ignore command SYNCHRONIZE CACHE error if format in progress (git-fixes).\n- scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer (git-fixes).\n- scsi: smartpqi: correct stream detection (git-fixes).\n- scsi: smartpqi: revert propagate-the-multipath-failure-to-SML-quickly (git-fixes).\n- scsi: spi: Fix sshdr use (git-fixes).\n- scsi: sr: Fix unintentional arithmetic wraparound (git-fixes).\n- scsi: wd33c93: Do not use stale scsi_pointer value (git-fixes).\n- security/keys: fix slab-out-of-bounds in key_task_permission (git-fixes).\n- selftests/bpf: Add a test case to write mtu result into .rodata (git-fixes).\n- selftests/bpf: Add a test case to write strtol result into .rodata (git-fixes).\n- selftests/bpf: Add test for sign extension in coerce_subreg_to_size_sx() (git-fixes).\n- selftests/bpf: Add test for truncation after sign extension in coerce_reg_to_size_sx() (git-fixes).\n- selftests/bpf: Add tests for ldsx of pkt data/data_end/data_meta accesses (git-fixes).\n- selftests/bpf: Fix ARG_PTR_TO_LONG {half-,}uninitialized test (git-fixes).\n- selftests/bpf: Rename ARG_PTR_TO_LONG test description (git-fixes).\n- selftests/bpf: test for malformed BPF_CORE_TYPE_ID_LOCAL relocation (git-fixes).\n- serial: 8250: omap: Move pm_runtime_get_sync (git-fixes).\n- serial: imx: Update mctrl old_status on RTSD interrupt (git-fixes).\n- serial: protect uart_port_dtr_rts() in uart_shutdown() too (stable-fixes).\n- signal: Replace BUG_ON()s (bsc#1234093).\n- soc: fsl: rcpm: fix missing of_node_put() in copy_ippdexpcr1_setting() (git-fixes).\n- soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() (git-fixes).\n- soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).\n- soundwire: intel_bus_common: enable interrupts before exiting reset (stable-fixes).\n- spi: Fix acpi deferred irq probe (git-fixes).\n- spi: atmel-quadspi: Fix register name in verbose logging function (git-fixes).\n- spi: atmel-quadspi: Fix wrong register value written to MR (git-fixes).\n- spi: mpc52xx: Add cancel_work_sync before module remove (git-fixes).\n- spi: mtk-snfi: fix kerneldoc for mtk_snand_is_page_ops() (git-fixes).\n- spi: s3c64xx: fix timeout counters in flush_fifo (git-fixes).\n- spi: spi-fsl-dspi: Fix crash when not using GPIO chip select (git-fixes).\n- spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).\n- spi: tegra210-quad: Avoid shift-out-of-bounds (git-fixes).\n- splice: always fsnotify_access(in), fsnotify_modify(out) on success (git-fixes).\n- splice: fsnotify_access(fd)/fsnotify_modify(fd) in vmsplice (git-fixes).\n- splice: fsnotify_access(in), fsnotify_modify(out) on success in tee (git-fixes).\n- srcu: Fix callbacks acceleration mishandling (git-fixes).\n- staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() (git-fixes).\n- sumversion: Fix a memory leak in get_src_version() (git-fixes).\n- supported.conf: mark nhpoly1305 module as supported (bsc#1231035).\n- supported.conf: mark ultravisor userspace access as supported (bsc#1232090).\n- task_work: add kerneldoc annotation for \u0027data\u0027 argument (git-fixes).\n- tcp: Fix refcnt handling in __inet_hash_connect() (git-fixes).\n- thermal: core: Initialize thermal zones before registering them (git-fixes).\n- thermal: int3400: Fix reading of current_uuid for active policy (git-fixes).\n- thermal: intel: int340x: processor: Fix warning during module unload (git-fixes).\n- thunderbolt: Honor TMU requirements in the domain when setting TMU mode (stable-fixes).\n- thunderbolt: Improve DisplayPort tunnel setup process to be more robust (stable-fixes).\n- tools/lib/thermal: Fix sampling handler context ptr (git-fixes).\n- tools/power turbostat: Fix trailing \u0027\\n\u0027 parsing (git-fixes).\n- tools/power turbostat: Increase the limit for fd opened (bsc#1233119).\n- tools: hv: rm .*.cmd when make clean (git-fixes).\n- tpm: Lock TPM chip in tpm_pm_suspend() first (bsc#1082555 git-fixes).\n- tpm: fix signed/unsigned bug when checking event logs (git-fixes).\n- tracing/hwlat: Fix a race during cpuhp processing (git-fixes).\n- tracing/osnoise: Fix build when timerlat is not enabled (git-fixes).\n- tracing/osnoise: Skip running osnoise if all instances are off (git-fixes).\n- tracing/osnoise: Switch from PF_NO_SETAFFINITY to migrate_disable (git-fixes).\n- tracing/osnoise: Use a cpumask to know what threads are kthreads (git-fixes).\n- tracing/timerlat: Add interface_lock around clearing of kthread in stop_kthread() (git-fixes).\n- tracing/timerlat: Add user-space interface (git-fixes).\n- tracing/timerlat: Drop interface_lock in stop_kthread() (git-fixes).\n- tracing/timerlat: Fix a race during cpuhp processing (git-fixes).\n- tracing/timerlat: Fix duplicated kthread creation due to CPU online/offline (git-fixes).\n- tracing/timerlat: Move hrtimer_init to timerlat_fd open() (git-fixes).\n- tracing/timerlat: Only clear timer if a kthread exists (git-fixes).\n- tracing: Consider the NULL character when validating the event length (git-fixes).\n- tty: ldsic: fix tty_ldisc_autoload sysctl\u0027s proc_handler (git-fixes).\n- tty: n_gsm: Fix use-after-free in gsm_cleanup_mux (stable-fixes).\n- u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file (git-fixes).\n- ubifs: Fix adding orphan entry twice for the same inode (git-fixes).\n- ubifs: Fix unattached xattr inode if powercut happens after deleting (git-fixes).\n- ubifs: add check for crypto_shash_tfm_digest (git-fixes).\n- ubifs: dbg_orphan_check: Fix missed key type checking (git-fixes).\n- ucounts: fix counter leak in inc_rlimit_get_ucounts() (bsc#1233460).\n- unicode: Do not special case ignorable code points (stable-fixes).\n- unicode: Fix utf8_load() error path (git-fixes).\n- uprobe: avoid out-of-bounds memory access of fetching args (git-fixes).\n- uprobes: encapsulate preparation of uprobe args buffer (git-fixes).\n- uprobes: introduce the global struct vm_special_mapping xol_mapping (bsc#1231114).\n- uprobes: turn xol_area-\u003epages into xol_area-\u003epage (bsc#1231114).\n- usb: chipidea: udc: enable suspend interrupt after usb reset (stable-fixes).\n- usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the Crashkernel Scenario (stable-fixes).\n- usb: dwc3: Wait for EndXfer completion before restoring GUSB2PHYCFG (git-fixes).\n- usb: dwc3: core: Stop processing of pending events if controller is halted (git-fixes).\n- usb: dwc3: gadget: Add missing check for single port RAM in TxFIFO resizing logic (git-fixes).\n- usb: dwc3: gadget: Fix checking for number of TRBs left (git-fixes).\n- usb: dwc3: gadget: Fix looping of queued SG entries (git-fixes).\n- usb: ehci-spear: fix call balance of sehci clk handling routines (git-fixes).\n- usb: gadget: core: force synchronous registration (git-fixes).\n- usb: gadget: dummy_hcd: Set transfer interval to 1 microframe (stable-fixes).\n- usb: gadget: dummy_hcd: Switch to hrtimer transfer scheduler (stable-fixes).\n- usb: gadget: dummy_hcd: execute hrtimer callback in softirq context (git-fixes).\n- usb: gadget: f_uac2: Replace snprintf() with the safer scnprintf() variant (stable-fixes).\n- usb: gadget: f_uac2: fix non-newline-terminated function name (stable-fixes).\n- usb: gadget: f_uac2: fix return value for UAC2_ATTRIBUTE_STRING store (git-fixes).\n- usb: musb: Fix hardware lockup on first Rx endpoint request (git-fixes).\n- usb: musb: sunxi: Fix accessing an released usb phy (git-fixes).\n- usb: phy: Fix API devm_usb_put_phy() can not release the phy (git-fixes).\n- usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip (stable-fixes).\n- usb: typec: altmode should keep reference to parent (git-fixes).\n- usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() (git-fixes).\n- usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes() (git-fixes).\n- usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() (git-fixes).\n- usb: xhci: Fix TD invalidation under pending Set TR Dequeue (git-fixes).\n- usb: xhci: Fix problem with xhci resume from suspend (stable-fixes).\n- usb: xhci: fix loss of data on Cadence xHC (git-fixes).\n- usb: yurex: make waiting on yurex_write interruptible (git-fixes).\n- usbip: tools: Fix detach_port() invalid port error path (git-fixes).\n- usbnet: fix cyclical race on disconnect with work queue (git-fixes).\n- vdpa: Fix an error handling path in eni_vdpa_probe() (git-fixes).\n- vdpa_sim_blk: Fix the potential leak of mgmt_dev (git-fixes).\n- vdpa_sim_blk: allocate the buffer zeroed (git-fixes).\n- vduse: avoid using __GFP_NOFAIL (git-fixes).\n- vfs: dcache: move hashlen_hash() from callers into d_hash() (git-fixes).\n- vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (git-fixes).\n- vhost_vdpa: assign irq bypass producer token correctly (git-fixes).\n- virtio_console: fix misc probe bugs (git-fixes).\n- vmalloc: modify the alloc_vmap_area() error message for better diagnostics (jsc#PED-10978).\n- vmxnet3: Add XDP support (bsc#1226498).\n- vmxnet3: Fix missing reserved tailroom (bsc#1226498).\n- vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame (bsc#1226498).\n- vmxnet3: add command to allow disabling of offloads (bsc#1226498).\n- vmxnet3: add latency measurement support in vmxnet3 (bsc#1226498).\n- vmxnet3: prepare for version 9 changes (bsc#1226498).\n- vmxnet3: update to version 9 (bsc#1226498).\n- vsock: Update msg_count on read_skb() (git-fixes).\n- vt: prevent kernel-infoleak in con_font_get() (git-fixes).\n- watchdog: apple: Actually flush writes after requesting watchdog restart (git-fixes).\n- watchdog: mediatek: Make sure system reset gets asserted in mtk_wdt_restart() (git-fixes).\n- watchdog: rti: of: honor timeout-sec property (git-fixes).\n- wifi: ath10k: Fix memory leak in management tx (git-fixes).\n- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1 (git-fixes).\n- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2 (git-fixes).\n- wifi: ath11k: Fix CE offset address calculation for WCN6750 in SSR (git-fixes).\n- wifi: ath11k: Fix invalid ring usage in full monitor mode (git-fixes).\n- wifi: ath11k: fix array out-of-bound access in SoC stats (stable-fixes).\n- wifi: ath12k: Skip Rx TID cleanup for self peer (git-fixes).\n- wifi: ath12k: fix array out-of-bound access in SoC stats (stable-fixes).\n- wifi: ath12k: fix crash when unbinding (git-fixes).\n- wifi: ath12k: fix warning when unbinding (git-fixes).\n- wifi: ath12k: remove msdu_end structure for WCN7850 (git-fixes).\n- wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (git-fixes).\n- wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() (stable-fixes).\n- wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit (stable-fixes).\n- wifi: brcm80211: BRCM_TRACING should depend on TRACING (git-fixes).\n- wifi: brcmfmac: release \u0027root\u0027 node in all execution paths (git-fixes).\n- wifi: cfg80211: Set correct chandef when starting CAC (stable-fixes).\n- wifi: cfg80211: clear wdev-\u003ecqm_config pointer on free (git-fixes).\n- wifi: cw1200: Fix potential NULL dereference (git-fixes).\n- wifi: iwlegacy: Clear stale interrupts before resuming device (stable-fixes).\n- wifi: iwlegacy: Fix \"field-spanning write\" warning in il_enqueue_hcmd() (git-fixes).\n- wifi: iwlwifi: allow only CN mcc from WRDD (stable-fixes).\n- wifi: iwlwifi: config: label \u0027gl\u0027 devices as discrete (git-fixes).\n- wifi: iwlwifi: mvm: Fix a race in scan abort flow (stable-fixes).\n- wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() (git-fixes).\n- wifi: iwlwifi: mvm: avoid NULL pointer dereference (stable-fixes).\n- wifi: iwlwifi: mvm: do not add default link in fw restart flow (git-fixes).\n- wifi: iwlwifi: mvm: do not leak a link on AP removal (git-fixes).\n- wifi: iwlwifi: mvm: drop wrong STA selection in TX (stable-fixes).\n- wifi: iwlwifi: mvm: use correct key iteration (stable-fixes).\n- wifi: iwlwifi: remove AX101, AX201 and AX203 support from LNL (stable-fixes).\n- wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower (git-fixes).\n- wifi: mac80211: fix RCU list iterations (stable-fixes).\n- wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys (git-fixes).\n- wifi: mt76: mt7915: add dummy HW offload of IEEE 802.11 fragmentation (stable-fixes).\n- wifi: mt76: mt7915: disable tx worker during tx BA session enable/disable (stable-fixes).\n- wifi: mt76: mt7915: hold dev-\u003emt76.mutex while disabling tx worker (stable-fixes).\n- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() (stable-fixes).\n- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (git-fixes).\n- wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).\n- wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).\n- wifi: rtw88: 8821cu: Remove VID/PID 0bda:c82c (stable-fixes).\n- wifi: rtw88: Fix USB/SDIO devices not transmitting beacons (git-fixes).\n- wifi: rtw88: select WANT_DEV_COREDUMP (stable-fixes).\n- wifi: rtw89: avoid reading out of bounds when loading TX power FW elements (stable-fixes).\n- wifi: rtw89: avoid to add interface to list twice when SER (stable-fixes).\n- wifi: rtw89: correct base HT rate mask for firmware (stable-fixes).\n- wifi: wfx: Fix error handling in wfx_core_init() (git-fixes).\n- x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client (bsc#1233443).\n- x86/CPU/AMD: Only apply Zenbleed fix for Zen2 during late microcode load (git-fixes).\n- x86/Documentation: Indent \u0027note::\u0027 directive for protocol version number note (git-fixes).\n- x86/PCI: Check pcie_find_root_port() return for NULL (git-fixes).\n- x86/amd_nb: Add new PCI IDs for AMD family 1Ah model 60h (git-fixes).\n- x86/apic: Always explicitly disarm TSC-deadline timer (git-fixes).\n- x86/apic: Make x2apic_disable() work correctly (git-fixes).\n- x86/bugs: Do not use UNTRAIN_RET with IBPB on entry (git-fixes).\n- x86/bugs: Skip RSB fill at VMEXIT (git-fixes).\n- x86/cpufeatures: Add a IBPB_NO_RET BUG flag (git-fixes).\n- x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET (git-fixes).\n- x86/entry: Have entry_ibpb() invalidate return predictions (git-fixes).\n- x86/entry: Remove unwanted instrumentation in common_interrupt() (git-fixes).\n- x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency (git-fixes).\n- x86/microcode/intel: Remove unnecessary cache writeback and invalidation (git-fixes).\n- x86/mm: Use IPIs to synchronize LAM enablement (git-fixes).\n- x86/resctrl: Annotate get_mem_config() functions as __init (git-fixes).\n- x86/resctrl: Avoid overflow in MB settings in bw_validate() (git-fixes).\n- x86/resctrl: Remove hard-coded memory bandwidth limit (git-fixes).\n- x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler (git-fixes).\n- x86/syscall: Avoid memcpy() for ia32 syscall_get_arguments() (git-fixes).\n- x86/tdx: Dynamically disable SEPT violations from causing #VEs (git-fixes).\n- x86/tdx: Enable CPU topology enumeration (git-fixes).\n- x86/tdx: Introduce wrappers to read and write TD metadata (git-fixes).\n- x86/tdx: Rename tdx_parse_tdinfo() to tdx_setup() (git-fixes).\n- x86/traps: move kmsan check after instrumentation_begin (git-fixes).\n- x86: Increase brk randomness entropy for 64-bit systems (git-fixes).\n- x86: do the user address masking outside the user access area (git-fixes).\n- x86: fix off-by-one in access_ok() (git-fixes).\n- x86: fix user address masking non-canonical speculation issue (git-fixes).\n- x86: make the masked_user_access_begin() macro use its argument only once (git-fixes).\n- x86: support user address masking instead of non-speculative conditional (git-fixes).\n- xfrm: Export symbol xfrm_dev_state_delete (bsc#1233754).\n- xfrm: Fix unregister netdevice hang on hardware offload (bsc#1233754).\n- xfs: check opcode and iovec count match in xlog_recover_attri_commit_pass2 (git-fixes).\n- xfs: check shortform attr entry flags specifically (git-fixes).\n- xfs: convert delayed extents to unwritten when zeroing post eof blocks (git-fixes).\n- xfs: fix finding a last resort AG in xfs_filestream_pick_ag (git-fixes).\n- xfs: fix freeing speculative preallocations for preallocated files (git-fixes).\n- xfs: make sure sb_fdblocks is non-negative (git-fixes).\n- xfs: make the seq argument to xfs_bmapi_convert_delalloc() optional (git-fixes).\n- xfs: make xfs_bmapi_convert_delalloc() to allocate the target offset (git-fixes).\n- xfs: remove a racy if_bytes check in xfs_reflink_end_cow_extent (git-fixes).\n- xfs: validate recovered name buffers when recovering xattr items (git-fixes).\n- xhci: Add a quirk for writing ERST in high-low order (git-fixes).\n- xhci: Fix Link TRB DMA in command ring stopped completion event (git-fixes).\n- xhci: Fix incorrect stream context type macro (git-fixes).\n- xhci: Mitigate failed set dequeue pointer commands (git-fixes).\n- xhci: Use pm_runtime_get to prevent RPM on unsupported systems (git-fixes).\n- xhci: tegra: fix checked USB2 port number (git-fixes).\n- zonefs: Improve error handling (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-kernel-2",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20246-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20246-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520246-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20246-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021078.html"
},
{
"category": "self",
"summary": "SUSE Bug 1012628",
"url": "https://bugzilla.suse.com/1012628"
},
{
"category": "self",
"summary": "SUSE Bug 1065729",
"url": "https://bugzilla.suse.com/1065729"
},
{
"category": "self",
"summary": "SUSE Bug 1082555",
"url": "https://bugzilla.suse.com/1082555"
},
{
"category": "self",
"summary": "SUSE Bug 1194869",
"url": "https://bugzilla.suse.com/1194869"
},
{
"category": "self",
"summary": "SUSE Bug 1215199",
"url": "https://bugzilla.suse.com/1215199"
},
{
"category": "self",
"summary": "SUSE Bug 1217845",
"url": "https://bugzilla.suse.com/1217845"
},
{
"category": "self",
"summary": "SUSE Bug 1218562",
"url": "https://bugzilla.suse.com/1218562"
},
{
"category": "self",
"summary": "SUSE Bug 1218644",
"url": "https://bugzilla.suse.com/1218644"
},
{
"category": "self",
"summary": "SUSE Bug 1219596",
"url": "https://bugzilla.suse.com/1219596"
},
{
"category": "self",
"summary": "SUSE Bug 1219803",
"url": "https://bugzilla.suse.com/1219803"
},
{
"category": "self",
"summary": "SUSE Bug 1220355",
"url": "https://bugzilla.suse.com/1220355"
},
{
"category": "self",
"summary": "SUSE Bug 1220382",
"url": "https://bugzilla.suse.com/1220382"
},
{
"category": "self",
"summary": "SUSE Bug 1221309",
"url": "https://bugzilla.suse.com/1221309"
},
{
"category": "self",
"summary": "SUSE Bug 1222423",
"url": "https://bugzilla.suse.com/1222423"
},
{
"category": "self",
"summary": "SUSE Bug 1222587",
"url": "https://bugzilla.suse.com/1222587"
},
{
"category": "self",
"summary": "SUSE Bug 1222590",
"url": "https://bugzilla.suse.com/1222590"
},
{
"category": "self",
"summary": "SUSE Bug 1223112",
"url": "https://bugzilla.suse.com/1223112"
},
{
"category": "self",
"summary": "SUSE Bug 1223384",
"url": "https://bugzilla.suse.com/1223384"
},
{
"category": "self",
"summary": "SUSE Bug 1223656",
"url": "https://bugzilla.suse.com/1223656"
},
{
"category": "self",
"summary": "SUSE Bug 1223700",
"url": "https://bugzilla.suse.com/1223700"
},
{
"category": "self",
"summary": "SUSE Bug 1223733",
"url": "https://bugzilla.suse.com/1223733"
},
{
"category": "self",
"summary": "SUSE Bug 1223824",
"url": "https://bugzilla.suse.com/1223824"
},
{
"category": "self",
"summary": "SUSE Bug 1223848",
"url": "https://bugzilla.suse.com/1223848"
},
{
"category": "self",
"summary": "SUSE Bug 1224088",
"url": "https://bugzilla.suse.com/1224088"
},
{
"category": "self",
"summary": "SUSE Bug 1224429",
"url": "https://bugzilla.suse.com/1224429"
},
{
"category": "self",
"summary": "SUSE Bug 1224518",
"url": "https://bugzilla.suse.com/1224518"
},
{
"category": "self",
"summary": "SUSE Bug 1224548",
"url": "https://bugzilla.suse.com/1224548"
},
{
"category": "self",
"summary": "SUSE Bug 1224574",
"url": "https://bugzilla.suse.com/1224574"
},
{
"category": "self",
"summary": "SUSE Bug 1224948",
"url": "https://bugzilla.suse.com/1224948"
},
{
"category": "self",
"summary": "SUSE Bug 1225611",
"url": "https://bugzilla.suse.com/1225611"
},
{
"category": "self",
"summary": "SUSE Bug 1225713",
"url": "https://bugzilla.suse.com/1225713"
},
{
"category": "self",
"summary": "SUSE Bug 1225725",
"url": "https://bugzilla.suse.com/1225725"
},
{
"category": "self",
"summary": "SUSE Bug 1225730",
"url": "https://bugzilla.suse.com/1225730"
},
{
"category": "self",
"summary": "SUSE Bug 1225742",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "self",
"summary": "SUSE Bug 1225764",
"url": "https://bugzilla.suse.com/1225764"
},
{
"category": "self",
"summary": "SUSE Bug 1225768",
"url": "https://bugzilla.suse.com/1225768"
},
{
"category": "self",
"summary": "SUSE Bug 1225813",
"url": "https://bugzilla.suse.com/1225813"
},
{
"category": "self",
"summary": "SUSE Bug 1225903",
"url": "https://bugzilla.suse.com/1225903"
},
{
"category": "self",
"summary": "SUSE Bug 1226003",
"url": "https://bugzilla.suse.com/1226003"
},
{
"category": "self",
"summary": "SUSE Bug 1226130",
"url": "https://bugzilla.suse.com/1226130"
},
{
"category": "self",
"summary": "SUSE Bug 1226498",
"url": "https://bugzilla.suse.com/1226498"
},
{
"category": "self",
"summary": "SUSE Bug 1226623",
"url": "https://bugzilla.suse.com/1226623"
},
{
"category": "self",
"summary": "SUSE Bug 1226631",
"url": "https://bugzilla.suse.com/1226631"
},
{
"category": "self",
"summary": "SUSE Bug 1226748",
"url": "https://bugzilla.suse.com/1226748"
},
{
"category": "self",
"summary": "SUSE Bug 1226797",
"url": "https://bugzilla.suse.com/1226797"
},
{
"category": "self",
"summary": "SUSE Bug 1226848",
"url": "https://bugzilla.suse.com/1226848"
},
{
"category": "self",
"summary": "SUSE Bug 1226872",
"url": "https://bugzilla.suse.com/1226872"
},
{
"category": "self",
"summary": "SUSE Bug 1227726",
"url": "https://bugzilla.suse.com/1227726"
},
{
"category": "self",
"summary": "SUSE Bug 1227842",
"url": "https://bugzilla.suse.com/1227842"
},
{
"category": "self",
"summary": "SUSE Bug 1228119",
"url": "https://bugzilla.suse.com/1228119"
},
{
"category": "self",
"summary": "SUSE Bug 1228244",
"url": "https://bugzilla.suse.com/1228244"
},
{
"category": "self",
"summary": "SUSE Bug 1228269",
"url": "https://bugzilla.suse.com/1228269"
},
{
"category": "self",
"summary": "SUSE Bug 1228410",
"url": "https://bugzilla.suse.com/1228410"
},
{
"category": "self",
"summary": "SUSE Bug 1228430",
"url": "https://bugzilla.suse.com/1228430"
},
{
"category": "self",
"summary": "SUSE Bug 1228454",
"url": "https://bugzilla.suse.com/1228454"
},
{
"category": "self",
"summary": "SUSE Bug 1228537",
"url": "https://bugzilla.suse.com/1228537"
},
{
"category": "self",
"summary": "SUSE Bug 1228620",
"url": "https://bugzilla.suse.com/1228620"
},
{
"category": "self",
"summary": "SUSE Bug 1228743",
"url": "https://bugzilla.suse.com/1228743"
},
{
"category": "self",
"summary": "SUSE Bug 1228747",
"url": "https://bugzilla.suse.com/1228747"
},
{
"category": "self",
"summary": "SUSE Bug 1228850",
"url": "https://bugzilla.suse.com/1228850"
},
{
"category": "self",
"summary": "SUSE Bug 1228857",
"url": "https://bugzilla.suse.com/1228857"
},
{
"category": "self",
"summary": "SUSE Bug 1229019",
"url": "https://bugzilla.suse.com/1229019"
},
{
"category": "self",
"summary": "SUSE Bug 1229165",
"url": "https://bugzilla.suse.com/1229165"
},
{
"category": "self",
"summary": "SUSE Bug 1229429",
"url": "https://bugzilla.suse.com/1229429"
},
{
"category": "self",
"summary": "SUSE Bug 1229450",
"url": "https://bugzilla.suse.com/1229450"
},
{
"category": "self",
"summary": "SUSE Bug 1229585",
"url": "https://bugzilla.suse.com/1229585"
},
{
"category": "self",
"summary": "SUSE Bug 1229677",
"url": "https://bugzilla.suse.com/1229677"
},
{
"category": "self",
"summary": "SUSE Bug 1229769",
"url": "https://bugzilla.suse.com/1229769"
},
{
"category": "self",
"summary": "SUSE Bug 1229808",
"url": "https://bugzilla.suse.com/1229808"
},
{
"category": "self",
"summary": "SUSE Bug 1229891",
"url": "https://bugzilla.suse.com/1229891"
},
{
"category": "self",
"summary": "SUSE Bug 1230055",
"url": "https://bugzilla.suse.com/1230055"
},
{
"category": "self",
"summary": "SUSE Bug 1230132",
"url": "https://bugzilla.suse.com/1230132"
},
{
"category": "self",
"summary": "SUSE Bug 1230179",
"url": "https://bugzilla.suse.com/1230179"
},
{
"category": "self",
"summary": "SUSE Bug 1230220",
"url": "https://bugzilla.suse.com/1230220"
},
{
"category": "self",
"summary": "SUSE Bug 1230231",
"url": "https://bugzilla.suse.com/1230231"
},
{
"category": "self",
"summary": "SUSE Bug 1230289",
"url": "https://bugzilla.suse.com/1230289"
},
{
"category": "self",
"summary": "SUSE Bug 1230295",
"url": "https://bugzilla.suse.com/1230295"
},
{
"category": "self",
"summary": "SUSE Bug 1230339",
"url": "https://bugzilla.suse.com/1230339"
},
{
"category": "self",
"summary": "SUSE Bug 1230341",
"url": "https://bugzilla.suse.com/1230341"
},
{
"category": "self",
"summary": "SUSE Bug 1230375",
"url": "https://bugzilla.suse.com/1230375"
},
{
"category": "self",
"summary": "SUSE Bug 1230414",
"url": "https://bugzilla.suse.com/1230414"
},
{
"category": "self",
"summary": "SUSE Bug 1230429",
"url": "https://bugzilla.suse.com/1230429"
},
{
"category": "self",
"summary": "SUSE Bug 1230456",
"url": "https://bugzilla.suse.com/1230456"
},
{
"category": "self",
"summary": "SUSE Bug 1230501",
"url": "https://bugzilla.suse.com/1230501"
},
{
"category": "self",
"summary": "SUSE Bug 1230527",
"url": "https://bugzilla.suse.com/1230527"
},
{
"category": "self",
"summary": "SUSE Bug 1230550",
"url": "https://bugzilla.suse.com/1230550"
},
{
"category": "self",
"summary": "SUSE Bug 1230557",
"url": "https://bugzilla.suse.com/1230557"
},
{
"category": "self",
"summary": "SUSE Bug 1230558",
"url": "https://bugzilla.suse.com/1230558"
},
{
"category": "self",
"summary": "SUSE Bug 1230600",
"url": "https://bugzilla.suse.com/1230600"
},
{
"category": "self",
"summary": "SUSE Bug 1230620",
"url": "https://bugzilla.suse.com/1230620"
},
{
"category": "self",
"summary": "SUSE Bug 1230710",
"url": "https://bugzilla.suse.com/1230710"
},
{
"category": "self",
"summary": "SUSE Bug 1230733",
"url": "https://bugzilla.suse.com/1230733"
},
{
"category": "self",
"summary": "SUSE Bug 1230762",
"url": "https://bugzilla.suse.com/1230762"
},
{
"category": "self",
"summary": "SUSE Bug 1230763",
"url": "https://bugzilla.suse.com/1230763"
},
{
"category": "self",
"summary": "SUSE Bug 1230773",
"url": "https://bugzilla.suse.com/1230773"
},
{
"category": "self",
"summary": "SUSE Bug 1230774",
"url": "https://bugzilla.suse.com/1230774"
},
{
"category": "self",
"summary": "SUSE Bug 1230801",
"url": "https://bugzilla.suse.com/1230801"
},
{
"category": "self",
"summary": "SUSE Bug 1230807",
"url": "https://bugzilla.suse.com/1230807"
},
{
"category": "self",
"summary": "SUSE Bug 1230817",
"url": "https://bugzilla.suse.com/1230817"
},
{
"category": "self",
"summary": "SUSE Bug 1230827",
"url": "https://bugzilla.suse.com/1230827"
},
{
"category": "self",
"summary": "SUSE Bug 1230831",
"url": "https://bugzilla.suse.com/1230831"
},
{
"category": "self",
"summary": "SUSE Bug 1230914",
"url": "https://bugzilla.suse.com/1230914"
},
{
"category": "self",
"summary": "SUSE Bug 1230918",
"url": "https://bugzilla.suse.com/1230918"
},
{
"category": "self",
"summary": "SUSE Bug 1230971",
"url": "https://bugzilla.suse.com/1230971"
},
{
"category": "self",
"summary": "SUSE Bug 1231016",
"url": "https://bugzilla.suse.com/1231016"
},
{
"category": "self",
"summary": "SUSE Bug 1231035",
"url": "https://bugzilla.suse.com/1231035"
},
{
"category": "self",
"summary": "SUSE Bug 1231072",
"url": "https://bugzilla.suse.com/1231072"
},
{
"category": "self",
"summary": "SUSE Bug 1231073",
"url": "https://bugzilla.suse.com/1231073"
},
{
"category": "self",
"summary": "SUSE Bug 1231075",
"url": "https://bugzilla.suse.com/1231075"
},
{
"category": "self",
"summary": "SUSE Bug 1231076",
"url": "https://bugzilla.suse.com/1231076"
},
{
"category": "self",
"summary": "SUSE Bug 1231081",
"url": "https://bugzilla.suse.com/1231081"
},
{
"category": "self",
"summary": "SUSE Bug 1231082",
"url": "https://bugzilla.suse.com/1231082"
},
{
"category": "self",
"summary": "SUSE Bug 1231083",
"url": "https://bugzilla.suse.com/1231083"
},
{
"category": "self",
"summary": "SUSE Bug 1231084",
"url": "https://bugzilla.suse.com/1231084"
},
{
"category": "self",
"summary": "SUSE Bug 1231085",
"url": "https://bugzilla.suse.com/1231085"
},
{
"category": "self",
"summary": "SUSE Bug 1231087",
"url": "https://bugzilla.suse.com/1231087"
},
{
"category": "self",
"summary": "SUSE Bug 1231089",
"url": "https://bugzilla.suse.com/1231089"
},
{
"category": "self",
"summary": "SUSE Bug 1231092",
"url": "https://bugzilla.suse.com/1231092"
},
{
"category": "self",
"summary": "SUSE Bug 1231093",
"url": "https://bugzilla.suse.com/1231093"
},
{
"category": "self",
"summary": "SUSE Bug 1231094",
"url": "https://bugzilla.suse.com/1231094"
},
{
"category": "self",
"summary": "SUSE Bug 1231096",
"url": "https://bugzilla.suse.com/1231096"
},
{
"category": "self",
"summary": "SUSE Bug 1231098",
"url": "https://bugzilla.suse.com/1231098"
},
{
"category": "self",
"summary": "SUSE Bug 1231100",
"url": "https://bugzilla.suse.com/1231100"
},
{
"category": "self",
"summary": "SUSE Bug 1231101",
"url": "https://bugzilla.suse.com/1231101"
},
{
"category": "self",
"summary": "SUSE Bug 1231102",
"url": "https://bugzilla.suse.com/1231102"
},
{
"category": "self",
"summary": "SUSE Bug 1231105",
"url": "https://bugzilla.suse.com/1231105"
},
{
"category": "self",
"summary": "SUSE Bug 1231108",
"url": "https://bugzilla.suse.com/1231108"
},
{
"category": "self",
"summary": "SUSE Bug 1231111",
"url": "https://bugzilla.suse.com/1231111"
},
{
"category": "self",
"summary": "SUSE Bug 1231114",
"url": "https://bugzilla.suse.com/1231114"
},
{
"category": "self",
"summary": "SUSE Bug 1231115",
"url": "https://bugzilla.suse.com/1231115"
},
{
"category": "self",
"summary": "SUSE Bug 1231116",
"url": "https://bugzilla.suse.com/1231116"
},
{
"category": "self",
"summary": "SUSE Bug 1231117",
"url": "https://bugzilla.suse.com/1231117"
},
{
"category": "self",
"summary": "SUSE Bug 1231131",
"url": "https://bugzilla.suse.com/1231131"
},
{
"category": "self",
"summary": "SUSE Bug 1231132",
"url": "https://bugzilla.suse.com/1231132"
},
{
"category": "self",
"summary": "SUSE Bug 1231135",
"url": "https://bugzilla.suse.com/1231135"
},
{
"category": "self",
"summary": "SUSE Bug 1231136",
"url": "https://bugzilla.suse.com/1231136"
},
{
"category": "self",
"summary": "SUSE Bug 1231138",
"url": "https://bugzilla.suse.com/1231138"
},
{
"category": "self",
"summary": "SUSE Bug 1231148",
"url": "https://bugzilla.suse.com/1231148"
},
{
"category": "self",
"summary": "SUSE Bug 1231169",
"url": "https://bugzilla.suse.com/1231169"
},
{
"category": "self",
"summary": "SUSE Bug 1231170",
"url": "https://bugzilla.suse.com/1231170"
},
{
"category": "self",
"summary": "SUSE Bug 1231171",
"url": "https://bugzilla.suse.com/1231171"
},
{
"category": "self",
"summary": "SUSE Bug 1231178",
"url": "https://bugzilla.suse.com/1231178"
},
{
"category": "self",
"summary": "SUSE Bug 1231179",
"url": "https://bugzilla.suse.com/1231179"
},
{
"category": "self",
"summary": "SUSE Bug 1231182",
"url": "https://bugzilla.suse.com/1231182"
},
{
"category": "self",
"summary": "SUSE Bug 1231183",
"url": "https://bugzilla.suse.com/1231183"
},
{
"category": "self",
"summary": "SUSE Bug 1231187",
"url": "https://bugzilla.suse.com/1231187"
},
{
"category": "self",
"summary": "SUSE Bug 1231191",
"url": "https://bugzilla.suse.com/1231191"
},
{
"category": "self",
"summary": "SUSE Bug 1231193",
"url": "https://bugzilla.suse.com/1231193"
},
{
"category": "self",
"summary": "SUSE Bug 1231195",
"url": "https://bugzilla.suse.com/1231195"
},
{
"category": "self",
"summary": "SUSE Bug 1231197",
"url": "https://bugzilla.suse.com/1231197"
},
{
"category": "self",
"summary": "SUSE Bug 1231200",
"url": "https://bugzilla.suse.com/1231200"
},
{
"category": "self",
"summary": "SUSE Bug 1231202",
"url": "https://bugzilla.suse.com/1231202"
},
{
"category": "self",
"summary": "SUSE Bug 1231203",
"url": "https://bugzilla.suse.com/1231203"
},
{
"category": "self",
"summary": "SUSE Bug 1231276",
"url": "https://bugzilla.suse.com/1231276"
},
{
"category": "self",
"summary": "SUSE Bug 1231293",
"url": "https://bugzilla.suse.com/1231293"
},
{
"category": "self",
"summary": "SUSE Bug 1231384",
"url": "https://bugzilla.suse.com/1231384"
},
{
"category": "self",
"summary": "SUSE Bug 1231434",
"url": "https://bugzilla.suse.com/1231434"
},
{
"category": "self",
"summary": "SUSE Bug 1231435",
"url": "https://bugzilla.suse.com/1231435"
},
{
"category": "self",
"summary": "SUSE Bug 1231436",
"url": "https://bugzilla.suse.com/1231436"
},
{
"category": "self",
"summary": "SUSE Bug 1231439",
"url": "https://bugzilla.suse.com/1231439"
},
{
"category": "self",
"summary": "SUSE Bug 1231440",
"url": "https://bugzilla.suse.com/1231440"
},
{
"category": "self",
"summary": "SUSE Bug 1231441",
"url": "https://bugzilla.suse.com/1231441"
},
{
"category": "self",
"summary": "SUSE Bug 1231442",
"url": "https://bugzilla.suse.com/1231442"
},
{
"category": "self",
"summary": "SUSE Bug 1231452",
"url": "https://bugzilla.suse.com/1231452"
},
{
"category": "self",
"summary": "SUSE Bug 1231453",
"url": "https://bugzilla.suse.com/1231453"
},
{
"category": "self",
"summary": "SUSE Bug 1231465",
"url": "https://bugzilla.suse.com/1231465"
},
{
"category": "self",
"summary": "SUSE Bug 1231474",
"url": "https://bugzilla.suse.com/1231474"
},
{
"category": "self",
"summary": "SUSE Bug 1231481",
"url": "https://bugzilla.suse.com/1231481"
},
{
"category": "self",
"summary": "SUSE Bug 1231496",
"url": "https://bugzilla.suse.com/1231496"
},
{
"category": "self",
"summary": "SUSE Bug 1231502",
"url": "https://bugzilla.suse.com/1231502"
},
{
"category": "self",
"summary": "SUSE Bug 1231537",
"url": "https://bugzilla.suse.com/1231537"
},
{
"category": "self",
"summary": "SUSE Bug 1231539",
"url": "https://bugzilla.suse.com/1231539"
},
{
"category": "self",
"summary": "SUSE Bug 1231540",
"url": "https://bugzilla.suse.com/1231540"
},
{
"category": "self",
"summary": "SUSE Bug 1231541",
"url": "https://bugzilla.suse.com/1231541"
},
{
"category": "self",
"summary": "SUSE Bug 1231617",
"url": "https://bugzilla.suse.com/1231617"
},
{
"category": "self",
"summary": "SUSE Bug 1231630",
"url": "https://bugzilla.suse.com/1231630"
},
{
"category": "self",
"summary": "SUSE Bug 1231634",
"url": "https://bugzilla.suse.com/1231634"
},
{
"category": "self",
"summary": "SUSE Bug 1231635",
"url": "https://bugzilla.suse.com/1231635"
},
{
"category": "self",
"summary": "SUSE Bug 1231636",
"url": "https://bugzilla.suse.com/1231636"
},
{
"category": "self",
"summary": "SUSE Bug 1231637",
"url": "https://bugzilla.suse.com/1231637"
},
{
"category": "self",
"summary": "SUSE Bug 1231638",
"url": "https://bugzilla.suse.com/1231638"
},
{
"category": "self",
"summary": "SUSE Bug 1231639",
"url": "https://bugzilla.suse.com/1231639"
},
{
"category": "self",
"summary": "SUSE Bug 1231640",
"url": "https://bugzilla.suse.com/1231640"
},
{
"category": "self",
"summary": "SUSE Bug 1231673",
"url": "https://bugzilla.suse.com/1231673"
},
{
"category": "self",
"summary": "SUSE Bug 1231828",
"url": "https://bugzilla.suse.com/1231828"
},
{
"category": "self",
"summary": "SUSE Bug 1231849",
"url": "https://bugzilla.suse.com/1231849"
},
{
"category": "self",
"summary": "SUSE Bug 1231855",
"url": "https://bugzilla.suse.com/1231855"
},
{
"category": "self",
"summary": "SUSE Bug 1231856",
"url": "https://bugzilla.suse.com/1231856"
},
{
"category": "self",
"summary": "SUSE Bug 1231857",
"url": "https://bugzilla.suse.com/1231857"
},
{
"category": "self",
"summary": "SUSE Bug 1231858",
"url": "https://bugzilla.suse.com/1231858"
},
{
"category": "self",
"summary": "SUSE Bug 1231859",
"url": "https://bugzilla.suse.com/1231859"
},
{
"category": "self",
"summary": "SUSE Bug 1231860",
"url": "https://bugzilla.suse.com/1231860"
},
{
"category": "self",
"summary": "SUSE Bug 1231861",
"url": "https://bugzilla.suse.com/1231861"
},
{
"category": "self",
"summary": "SUSE Bug 1231864",
"url": "https://bugzilla.suse.com/1231864"
},
{
"category": "self",
"summary": "SUSE Bug 1231865",
"url": "https://bugzilla.suse.com/1231865"
},
{
"category": "self",
"summary": "SUSE Bug 1231868",
"url": "https://bugzilla.suse.com/1231868"
},
{
"category": "self",
"summary": "SUSE Bug 1231869",
"url": "https://bugzilla.suse.com/1231869"
},
{
"category": "self",
"summary": "SUSE Bug 1231871",
"url": "https://bugzilla.suse.com/1231871"
},
{
"category": "self",
"summary": "SUSE Bug 1231872",
"url": "https://bugzilla.suse.com/1231872"
},
{
"category": "self",
"summary": "SUSE Bug 1231901",
"url": "https://bugzilla.suse.com/1231901"
},
{
"category": "self",
"summary": "SUSE Bug 1231902",
"url": "https://bugzilla.suse.com/1231902"
},
{
"category": "self",
"summary": "SUSE Bug 1231903",
"url": "https://bugzilla.suse.com/1231903"
},
{
"category": "self",
"summary": "SUSE Bug 1231904",
"url": "https://bugzilla.suse.com/1231904"
},
{
"category": "self",
"summary": "SUSE Bug 1231906",
"url": "https://bugzilla.suse.com/1231906"
},
{
"category": "self",
"summary": "SUSE Bug 1231907",
"url": "https://bugzilla.suse.com/1231907"
},
{
"category": "self",
"summary": "SUSE Bug 1231908",
"url": "https://bugzilla.suse.com/1231908"
},
{
"category": "self",
"summary": "SUSE Bug 1231914",
"url": "https://bugzilla.suse.com/1231914"
},
{
"category": "self",
"summary": "SUSE Bug 1231916",
"url": "https://bugzilla.suse.com/1231916"
},
{
"category": "self",
"summary": "SUSE Bug 1231920",
"url": "https://bugzilla.suse.com/1231920"
},
{
"category": "self",
"summary": "SUSE Bug 1231924",
"url": "https://bugzilla.suse.com/1231924"
},
{
"category": "self",
"summary": "SUSE Bug 1231926",
"url": "https://bugzilla.suse.com/1231926"
},
{
"category": "self",
"summary": "SUSE Bug 1231930",
"url": "https://bugzilla.suse.com/1231930"
},
{
"category": "self",
"summary": "SUSE Bug 1231931",
"url": "https://bugzilla.suse.com/1231931"
},
{
"category": "self",
"summary": "SUSE Bug 1231935",
"url": "https://bugzilla.suse.com/1231935"
},
{
"category": "self",
"summary": "SUSE Bug 1231942",
"url": "https://bugzilla.suse.com/1231942"
},
{
"category": "self",
"summary": "SUSE Bug 1231944",
"url": "https://bugzilla.suse.com/1231944"
},
{
"category": "self",
"summary": "SUSE Bug 1231946",
"url": "https://bugzilla.suse.com/1231946"
},
{
"category": "self",
"summary": "SUSE Bug 1231947",
"url": "https://bugzilla.suse.com/1231947"
},
{
"category": "self",
"summary": "SUSE Bug 1231950",
"url": "https://bugzilla.suse.com/1231950"
},
{
"category": "self",
"summary": "SUSE Bug 1231951",
"url": "https://bugzilla.suse.com/1231951"
},
{
"category": "self",
"summary": "SUSE Bug 1231952",
"url": "https://bugzilla.suse.com/1231952"
},
{
"category": "self",
"summary": "SUSE Bug 1231953",
"url": "https://bugzilla.suse.com/1231953"
},
{
"category": "self",
"summary": "SUSE Bug 1231954",
"url": "https://bugzilla.suse.com/1231954"
},
{
"category": "self",
"summary": "SUSE Bug 1231955",
"url": "https://bugzilla.suse.com/1231955"
},
{
"category": "self",
"summary": "SUSE Bug 1231956",
"url": "https://bugzilla.suse.com/1231956"
},
{
"category": "self",
"summary": "SUSE Bug 1231957",
"url": "https://bugzilla.suse.com/1231957"
},
{
"category": "self",
"summary": "SUSE Bug 1231965",
"url": "https://bugzilla.suse.com/1231965"
},
{
"category": "self",
"summary": "SUSE Bug 1231967",
"url": "https://bugzilla.suse.com/1231967"
},
{
"category": "self",
"summary": "SUSE Bug 1231968",
"url": "https://bugzilla.suse.com/1231968"
},
{
"category": "self",
"summary": "SUSE Bug 1231987",
"url": "https://bugzilla.suse.com/1231987"
},
{
"category": "self",
"summary": "SUSE Bug 1231988",
"url": "https://bugzilla.suse.com/1231988"
},
{
"category": "self",
"summary": "SUSE Bug 1231989",
"url": "https://bugzilla.suse.com/1231989"
},
{
"category": "self",
"summary": "SUSE Bug 1231990",
"url": "https://bugzilla.suse.com/1231990"
},
{
"category": "self",
"summary": "SUSE Bug 1231998",
"url": "https://bugzilla.suse.com/1231998"
},
{
"category": "self",
"summary": "SUSE Bug 1232000",
"url": "https://bugzilla.suse.com/1232000"
},
{
"category": "self",
"summary": "SUSE Bug 1232003",
"url": "https://bugzilla.suse.com/1232003"
},
{
"category": "self",
"summary": "SUSE Bug 1232009",
"url": "https://bugzilla.suse.com/1232009"
},
{
"category": "self",
"summary": "SUSE Bug 1232013",
"url": "https://bugzilla.suse.com/1232013"
},
{
"category": "self",
"summary": "SUSE Bug 1232015",
"url": "https://bugzilla.suse.com/1232015"
},
{
"category": "self",
"summary": "SUSE Bug 1232016",
"url": "https://bugzilla.suse.com/1232016"
},
{
"category": "self",
"summary": "SUSE Bug 1232017",
"url": "https://bugzilla.suse.com/1232017"
},
{
"category": "self",
"summary": "SUSE Bug 1232018",
"url": "https://bugzilla.suse.com/1232018"
},
{
"category": "self",
"summary": "SUSE Bug 1232033",
"url": "https://bugzilla.suse.com/1232033"
},
{
"category": "self",
"summary": "SUSE Bug 1232034",
"url": "https://bugzilla.suse.com/1232034"
},
{
"category": "self",
"summary": "SUSE Bug 1232036",
"url": "https://bugzilla.suse.com/1232036"
},
{
"category": "self",
"summary": "SUSE Bug 1232043",
"url": "https://bugzilla.suse.com/1232043"
},
{
"category": "self",
"summary": "SUSE Bug 1232047",
"url": "https://bugzilla.suse.com/1232047"
},
{
"category": "self",
"summary": "SUSE Bug 1232048",
"url": "https://bugzilla.suse.com/1232048"
},
{
"category": "self",
"summary": "SUSE Bug 1232049",
"url": "https://bugzilla.suse.com/1232049"
},
{
"category": "self",
"summary": "SUSE Bug 1232050",
"url": "https://bugzilla.suse.com/1232050"
},
{
"category": "self",
"summary": "SUSE Bug 1232056",
"url": "https://bugzilla.suse.com/1232056"
},
{
"category": "self",
"summary": "SUSE Bug 1232075",
"url": "https://bugzilla.suse.com/1232075"
},
{
"category": "self",
"summary": "SUSE Bug 1232076",
"url": "https://bugzilla.suse.com/1232076"
},
{
"category": "self",
"summary": "SUSE Bug 1232079",
"url": "https://bugzilla.suse.com/1232079"
},
{
"category": "self",
"summary": "SUSE Bug 1232080",
"url": "https://bugzilla.suse.com/1232080"
},
{
"category": "self",
"summary": "SUSE Bug 1232083",
"url": "https://bugzilla.suse.com/1232083"
},
{
"category": "self",
"summary": "SUSE Bug 1232084",
"url": "https://bugzilla.suse.com/1232084"
},
{
"category": "self",
"summary": "SUSE Bug 1232085",
"url": "https://bugzilla.suse.com/1232085"
},
{
"category": "self",
"summary": "SUSE Bug 1232089",
"url": "https://bugzilla.suse.com/1232089"
},
{
"category": "self",
"summary": "SUSE Bug 1232090",
"url": "https://bugzilla.suse.com/1232090"
},
{
"category": "self",
"summary": "SUSE Bug 1232093",
"url": "https://bugzilla.suse.com/1232093"
},
{
"category": "self",
"summary": "SUSE Bug 1232094",
"url": "https://bugzilla.suse.com/1232094"
},
{
"category": "self",
"summary": "SUSE Bug 1232096",
"url": "https://bugzilla.suse.com/1232096"
},
{
"category": "self",
"summary": "SUSE Bug 1232097",
"url": "https://bugzilla.suse.com/1232097"
},
{
"category": "self",
"summary": "SUSE Bug 1232098",
"url": "https://bugzilla.suse.com/1232098"
},
{
"category": "self",
"summary": "SUSE Bug 1232103",
"url": "https://bugzilla.suse.com/1232103"
},
{
"category": "self",
"summary": "SUSE Bug 1232104",
"url": "https://bugzilla.suse.com/1232104"
},
{
"category": "self",
"summary": "SUSE Bug 1232105",
"url": "https://bugzilla.suse.com/1232105"
},
{
"category": "self",
"summary": "SUSE Bug 1232109",
"url": "https://bugzilla.suse.com/1232109"
},
{
"category": "self",
"summary": "SUSE Bug 1232111",
"url": "https://bugzilla.suse.com/1232111"
},
{
"category": "self",
"summary": "SUSE Bug 1232114",
"url": "https://bugzilla.suse.com/1232114"
},
{
"category": "self",
"summary": "SUSE Bug 1232116",
"url": "https://bugzilla.suse.com/1232116"
},
{
"category": "self",
"summary": "SUSE Bug 1232117",
"url": "https://bugzilla.suse.com/1232117"
},
{
"category": "self",
"summary": "SUSE Bug 1232124",
"url": "https://bugzilla.suse.com/1232124"
},
{
"category": "self",
"summary": "SUSE Bug 1232126",
"url": "https://bugzilla.suse.com/1232126"
},
{
"category": "self",
"summary": "SUSE Bug 1232127",
"url": "https://bugzilla.suse.com/1232127"
},
{
"category": "self",
"summary": "SUSE Bug 1232129",
"url": "https://bugzilla.suse.com/1232129"
},
{
"category": "self",
"summary": "SUSE Bug 1232130",
"url": "https://bugzilla.suse.com/1232130"
},
{
"category": "self",
"summary": "SUSE Bug 1232131",
"url": "https://bugzilla.suse.com/1232131"
},
{
"category": "self",
"summary": "SUSE Bug 1232132",
"url": "https://bugzilla.suse.com/1232132"
},
{
"category": "self",
"summary": "SUSE Bug 1232134",
"url": "https://bugzilla.suse.com/1232134"
},
{
"category": "self",
"summary": "SUSE Bug 1232135",
"url": "https://bugzilla.suse.com/1232135"
},
{
"category": "self",
"summary": "SUSE Bug 1232140",
"url": "https://bugzilla.suse.com/1232140"
},
{
"category": "self",
"summary": "SUSE Bug 1232141",
"url": "https://bugzilla.suse.com/1232141"
},
{
"category": "self",
"summary": "SUSE Bug 1232142",
"url": "https://bugzilla.suse.com/1232142"
},
{
"category": "self",
"summary": "SUSE Bug 1232145",
"url": "https://bugzilla.suse.com/1232145"
},
{
"category": "self",
"summary": "SUSE Bug 1232147",
"url": "https://bugzilla.suse.com/1232147"
},
{
"category": "self",
"summary": "SUSE Bug 1232148",
"url": "https://bugzilla.suse.com/1232148"
},
{
"category": "self",
"summary": "SUSE Bug 1232149",
"url": "https://bugzilla.suse.com/1232149"
},
{
"category": "self",
"summary": "SUSE Bug 1232151",
"url": "https://bugzilla.suse.com/1232151"
},
{
"category": "self",
"summary": "SUSE Bug 1232152",
"url": "https://bugzilla.suse.com/1232152"
},
{
"category": "self",
"summary": "SUSE Bug 1232154",
"url": "https://bugzilla.suse.com/1232154"
},
{
"category": "self",
"summary": "SUSE Bug 1232155",
"url": "https://bugzilla.suse.com/1232155"
},
{
"category": "self",
"summary": "SUSE Bug 1232156",
"url": "https://bugzilla.suse.com/1232156"
},
{
"category": "self",
"summary": "SUSE Bug 1232157",
"url": "https://bugzilla.suse.com/1232157"
},
{
"category": "self",
"summary": "SUSE Bug 1232159",
"url": "https://bugzilla.suse.com/1232159"
},
{
"category": "self",
"summary": "SUSE Bug 1232160",
"url": "https://bugzilla.suse.com/1232160"
},
{
"category": "self",
"summary": "SUSE Bug 1232162",
"url": "https://bugzilla.suse.com/1232162"
},
{
"category": "self",
"summary": "SUSE Bug 1232164",
"url": "https://bugzilla.suse.com/1232164"
},
{
"category": "self",
"summary": "SUSE Bug 1232165",
"url": "https://bugzilla.suse.com/1232165"
},
{
"category": "self",
"summary": "SUSE Bug 1232166",
"url": "https://bugzilla.suse.com/1232166"
},
{
"category": "self",
"summary": "SUSE Bug 1232174",
"url": "https://bugzilla.suse.com/1232174"
},
{
"category": "self",
"summary": "SUSE Bug 1232180",
"url": "https://bugzilla.suse.com/1232180"
},
{
"category": "self",
"summary": "SUSE Bug 1232182",
"url": "https://bugzilla.suse.com/1232182"
},
{
"category": "self",
"summary": "SUSE Bug 1232183",
"url": "https://bugzilla.suse.com/1232183"
},
{
"category": "self",
"summary": "SUSE Bug 1232185",
"url": "https://bugzilla.suse.com/1232185"
},
{
"category": "self",
"summary": "SUSE Bug 1232187",
"url": "https://bugzilla.suse.com/1232187"
},
{
"category": "self",
"summary": "SUSE Bug 1232189",
"url": "https://bugzilla.suse.com/1232189"
},
{
"category": "self",
"summary": "SUSE Bug 1232192",
"url": "https://bugzilla.suse.com/1232192"
},
{
"category": "self",
"summary": "SUSE Bug 1232195",
"url": "https://bugzilla.suse.com/1232195"
},
{
"category": "self",
"summary": "SUSE Bug 1232196",
"url": "https://bugzilla.suse.com/1232196"
},
{
"category": "self",
"summary": "SUSE Bug 1232198",
"url": "https://bugzilla.suse.com/1232198"
},
{
"category": "self",
"summary": "SUSE Bug 1232199",
"url": "https://bugzilla.suse.com/1232199"
},
{
"category": "self",
"summary": "SUSE Bug 1232200",
"url": "https://bugzilla.suse.com/1232200"
},
{
"category": "self",
"summary": "SUSE Bug 1232201",
"url": "https://bugzilla.suse.com/1232201"
},
{
"category": "self",
"summary": "SUSE Bug 1232207",
"url": "https://bugzilla.suse.com/1232207"
},
{
"category": "self",
"summary": "SUSE Bug 1232208",
"url": "https://bugzilla.suse.com/1232208"
},
{
"category": "self",
"summary": "SUSE Bug 1232217",
"url": "https://bugzilla.suse.com/1232217"
},
{
"category": "self",
"summary": "SUSE Bug 1232218",
"url": "https://bugzilla.suse.com/1232218"
},
{
"category": "self",
"summary": "SUSE Bug 1232220",
"url": "https://bugzilla.suse.com/1232220"
},
{
"category": "self",
"summary": "SUSE Bug 1232221",
"url": "https://bugzilla.suse.com/1232221"
},
{
"category": "self",
"summary": "SUSE Bug 1232222",
"url": "https://bugzilla.suse.com/1232222"
},
{
"category": "self",
"summary": "SUSE Bug 1232224",
"url": "https://bugzilla.suse.com/1232224"
},
{
"category": "self",
"summary": "SUSE Bug 1232232",
"url": "https://bugzilla.suse.com/1232232"
},
{
"category": "self",
"summary": "SUSE Bug 1232250",
"url": "https://bugzilla.suse.com/1232250"
},
{
"category": "self",
"summary": "SUSE Bug 1232251",
"url": "https://bugzilla.suse.com/1232251"
},
{
"category": "self",
"summary": "SUSE Bug 1232253",
"url": "https://bugzilla.suse.com/1232253"
},
{
"category": "self",
"summary": "SUSE Bug 1232254",
"url": "https://bugzilla.suse.com/1232254"
},
{
"category": "self",
"summary": "SUSE Bug 1232255",
"url": "https://bugzilla.suse.com/1232255"
},
{
"category": "self",
"summary": "SUSE Bug 1232256",
"url": "https://bugzilla.suse.com/1232256"
},
{
"category": "self",
"summary": "SUSE Bug 1232258",
"url": "https://bugzilla.suse.com/1232258"
},
{
"category": "self",
"summary": "SUSE Bug 1232259",
"url": "https://bugzilla.suse.com/1232259"
},
{
"category": "self",
"summary": "SUSE Bug 1232260",
"url": "https://bugzilla.suse.com/1232260"
},
{
"category": "self",
"summary": "SUSE Bug 1232262",
"url": "https://bugzilla.suse.com/1232262"
},
{
"category": "self",
"summary": "SUSE Bug 1232263",
"url": "https://bugzilla.suse.com/1232263"
},
{
"category": "self",
"summary": "SUSE Bug 1232264",
"url": "https://bugzilla.suse.com/1232264"
},
{
"category": "self",
"summary": "SUSE Bug 1232272",
"url": "https://bugzilla.suse.com/1232272"
},
{
"category": "self",
"summary": "SUSE Bug 1232275",
"url": "https://bugzilla.suse.com/1232275"
},
{
"category": "self",
"summary": "SUSE Bug 1232279",
"url": "https://bugzilla.suse.com/1232279"
},
{
"category": "self",
"summary": "SUSE Bug 1232282",
"url": "https://bugzilla.suse.com/1232282"
},
{
"category": "self",
"summary": "SUSE Bug 1232285",
"url": "https://bugzilla.suse.com/1232285"
},
{
"category": "self",
"summary": "SUSE Bug 1232287",
"url": "https://bugzilla.suse.com/1232287"
},
{
"category": "self",
"summary": "SUSE Bug 1232295",
"url": "https://bugzilla.suse.com/1232295"
},
{
"category": "self",
"summary": "SUSE Bug 1232305",
"url": "https://bugzilla.suse.com/1232305"
},
{
"category": "self",
"summary": "SUSE Bug 1232307",
"url": "https://bugzilla.suse.com/1232307"
},
{
"category": "self",
"summary": "SUSE Bug 1232309",
"url": "https://bugzilla.suse.com/1232309"
},
{
"category": "self",
"summary": "SUSE Bug 1232310",
"url": "https://bugzilla.suse.com/1232310"
},
{
"category": "self",
"summary": "SUSE Bug 1232312",
"url": "https://bugzilla.suse.com/1232312"
},
{
"category": "self",
"summary": "SUSE Bug 1232313",
"url": "https://bugzilla.suse.com/1232313"
},
{
"category": "self",
"summary": "SUSE Bug 1232314",
"url": "https://bugzilla.suse.com/1232314"
},
{
"category": "self",
"summary": "SUSE Bug 1232315",
"url": "https://bugzilla.suse.com/1232315"
},
{
"category": "self",
"summary": "SUSE Bug 1232316",
"url": "https://bugzilla.suse.com/1232316"
},
{
"category": "self",
"summary": "SUSE Bug 1232317",
"url": "https://bugzilla.suse.com/1232317"
},
{
"category": "self",
"summary": "SUSE Bug 1232318",
"url": "https://bugzilla.suse.com/1232318"
},
{
"category": "self",
"summary": "SUSE Bug 1232329",
"url": "https://bugzilla.suse.com/1232329"
},
{
"category": "self",
"summary": "SUSE Bug 1232332",
"url": "https://bugzilla.suse.com/1232332"
},
{
"category": "self",
"summary": "SUSE Bug 1232333",
"url": "https://bugzilla.suse.com/1232333"
},
{
"category": "self",
"summary": "SUSE Bug 1232334",
"url": "https://bugzilla.suse.com/1232334"
},
{
"category": "self",
"summary": "SUSE Bug 1232335",
"url": "https://bugzilla.suse.com/1232335"
},
{
"category": "self",
"summary": "SUSE Bug 1232337",
"url": "https://bugzilla.suse.com/1232337"
},
{
"category": "self",
"summary": "SUSE Bug 1232339",
"url": "https://bugzilla.suse.com/1232339"
},
{
"category": "self",
"summary": "SUSE Bug 1232340",
"url": "https://bugzilla.suse.com/1232340"
},
{
"category": "self",
"summary": "SUSE Bug 1232342",
"url": "https://bugzilla.suse.com/1232342"
},
{
"category": "self",
"summary": "SUSE Bug 1232345",
"url": "https://bugzilla.suse.com/1232345"
},
{
"category": "self",
"summary": "SUSE Bug 1232349",
"url": "https://bugzilla.suse.com/1232349"
},
{
"category": "self",
"summary": "SUSE Bug 1232352",
"url": "https://bugzilla.suse.com/1232352"
},
{
"category": "self",
"summary": "SUSE Bug 1232354",
"url": "https://bugzilla.suse.com/1232354"
},
{
"category": "self",
"summary": "SUSE Bug 1232355",
"url": "https://bugzilla.suse.com/1232355"
},
{
"category": "self",
"summary": "SUSE Bug 1232357",
"url": "https://bugzilla.suse.com/1232357"
},
{
"category": "self",
"summary": "SUSE Bug 1232358",
"url": "https://bugzilla.suse.com/1232358"
},
{
"category": "self",
"summary": "SUSE Bug 1232359",
"url": "https://bugzilla.suse.com/1232359"
},
{
"category": "self",
"summary": "SUSE Bug 1232361",
"url": "https://bugzilla.suse.com/1232361"
},
{
"category": "self",
"summary": "SUSE Bug 1232362",
"url": "https://bugzilla.suse.com/1232362"
},
{
"category": "self",
"summary": "SUSE Bug 1232366",
"url": "https://bugzilla.suse.com/1232366"
},
{
"category": "self",
"summary": "SUSE Bug 1232367",
"url": "https://bugzilla.suse.com/1232367"
},
{
"category": "self",
"summary": "SUSE Bug 1232368",
"url": "https://bugzilla.suse.com/1232368"
},
{
"category": "self",
"summary": "SUSE Bug 1232369",
"url": "https://bugzilla.suse.com/1232369"
},
{
"category": "self",
"summary": "SUSE Bug 1232370",
"url": "https://bugzilla.suse.com/1232370"
},
{
"category": "self",
"summary": "SUSE Bug 1232371",
"url": "https://bugzilla.suse.com/1232371"
},
{
"category": "self",
"summary": "SUSE Bug 1232374",
"url": "https://bugzilla.suse.com/1232374"
},
{
"category": "self",
"summary": "SUSE Bug 1232378",
"url": "https://bugzilla.suse.com/1232378"
},
{
"category": "self",
"summary": "SUSE Bug 1232381",
"url": "https://bugzilla.suse.com/1232381"
},
{
"category": "self",
"summary": "SUSE Bug 1232383",
"url": "https://bugzilla.suse.com/1232383"
},
{
"category": "self",
"summary": "SUSE Bug 1232385",
"url": "https://bugzilla.suse.com/1232385"
},
{
"category": "self",
"summary": "SUSE Bug 1232386",
"url": "https://bugzilla.suse.com/1232386"
},
{
"category": "self",
"summary": "SUSE Bug 1232387",
"url": "https://bugzilla.suse.com/1232387"
},
{
"category": "self",
"summary": "SUSE Bug 1232392",
"url": "https://bugzilla.suse.com/1232392"
},
{
"category": "self",
"summary": "SUSE Bug 1232394",
"url": "https://bugzilla.suse.com/1232394"
},
{
"category": "self",
"summary": "SUSE Bug 1232395",
"url": "https://bugzilla.suse.com/1232395"
},
{
"category": "self",
"summary": "SUSE Bug 1232396",
"url": "https://bugzilla.suse.com/1232396"
},
{
"category": "self",
"summary": "SUSE Bug 1232413",
"url": "https://bugzilla.suse.com/1232413"
},
{
"category": "self",
"summary": "SUSE Bug 1232416",
"url": "https://bugzilla.suse.com/1232416"
},
{
"category": "self",
"summary": "SUSE Bug 1232417",
"url": "https://bugzilla.suse.com/1232417"
},
{
"category": "self",
"summary": "SUSE Bug 1232418",
"url": "https://bugzilla.suse.com/1232418"
},
{
"category": "self",
"summary": "SUSE Bug 1232424",
"url": "https://bugzilla.suse.com/1232424"
},
{
"category": "self",
"summary": "SUSE Bug 1232427",
"url": "https://bugzilla.suse.com/1232427"
},
{
"category": "self",
"summary": "SUSE Bug 1232432",
"url": "https://bugzilla.suse.com/1232432"
},
{
"category": "self",
"summary": "SUSE Bug 1232435",
"url": "https://bugzilla.suse.com/1232435"
},
{
"category": "self",
"summary": "SUSE Bug 1232436",
"url": "https://bugzilla.suse.com/1232436"
},
{
"category": "self",
"summary": "SUSE Bug 1232442",
"url": "https://bugzilla.suse.com/1232442"
},
{
"category": "self",
"summary": "SUSE Bug 1232446",
"url": "https://bugzilla.suse.com/1232446"
},
{
"category": "self",
"summary": "SUSE Bug 1232483",
"url": "https://bugzilla.suse.com/1232483"
},
{
"category": "self",
"summary": "SUSE Bug 1232494",
"url": "https://bugzilla.suse.com/1232494"
},
{
"category": "self",
"summary": "SUSE Bug 1232498",
"url": "https://bugzilla.suse.com/1232498"
},
{
"category": "self",
"summary": "SUSE Bug 1232499",
"url": "https://bugzilla.suse.com/1232499"
},
{
"category": "self",
"summary": "SUSE Bug 1232500",
"url": "https://bugzilla.suse.com/1232500"
},
{
"category": "self",
"summary": "SUSE Bug 1232501",
"url": "https://bugzilla.suse.com/1232501"
},
{
"category": "self",
"summary": "SUSE Bug 1232502",
"url": "https://bugzilla.suse.com/1232502"
},
{
"category": "self",
"summary": "SUSE Bug 1232503",
"url": "https://bugzilla.suse.com/1232503"
},
{
"category": "self",
"summary": "SUSE Bug 1232504",
"url": "https://bugzilla.suse.com/1232504"
},
{
"category": "self",
"summary": "SUSE Bug 1232505",
"url": "https://bugzilla.suse.com/1232505"
},
{
"category": "self",
"summary": "SUSE Bug 1232506",
"url": "https://bugzilla.suse.com/1232506"
},
{
"category": "self",
"summary": "SUSE Bug 1232507",
"url": "https://bugzilla.suse.com/1232507"
},
{
"category": "self",
"summary": "SUSE Bug 1232511",
"url": "https://bugzilla.suse.com/1232511"
},
{
"category": "self",
"summary": "SUSE Bug 1232519",
"url": "https://bugzilla.suse.com/1232519"
},
{
"category": "self",
"summary": "SUSE Bug 1232520",
"url": "https://bugzilla.suse.com/1232520"
},
{
"category": "self",
"summary": "SUSE Bug 1232529",
"url": "https://bugzilla.suse.com/1232529"
},
{
"category": "self",
"summary": "SUSE Bug 1232552",
"url": "https://bugzilla.suse.com/1232552"
},
{
"category": "self",
"summary": "SUSE Bug 1232623",
"url": "https://bugzilla.suse.com/1232623"
},
{
"category": "self",
"summary": "SUSE Bug 1232626",
"url": "https://bugzilla.suse.com/1232626"
},
{
"category": "self",
"summary": "SUSE Bug 1232627",
"url": "https://bugzilla.suse.com/1232627"
},
{
"category": "self",
"summary": "SUSE Bug 1232628",
"url": "https://bugzilla.suse.com/1232628"
},
{
"category": "self",
"summary": "SUSE Bug 1232629",
"url": "https://bugzilla.suse.com/1232629"
},
{
"category": "self",
"summary": "SUSE Bug 1232704",
"url": "https://bugzilla.suse.com/1232704"
},
{
"category": "self",
"summary": "SUSE Bug 1232757",
"url": "https://bugzilla.suse.com/1232757"
},
{
"category": "self",
"summary": "SUSE Bug 1232768",
"url": "https://bugzilla.suse.com/1232768"
},
{
"category": "self",
"summary": "SUSE Bug 1232819",
"url": "https://bugzilla.suse.com/1232819"
},
{
"category": "self",
"summary": "SUSE Bug 1232823",
"url": "https://bugzilla.suse.com/1232823"
},
{
"category": "self",
"summary": "SUSE Bug 1232860",
"url": "https://bugzilla.suse.com/1232860"
},
{
"category": "self",
"summary": "SUSE Bug 1232869",
"url": "https://bugzilla.suse.com/1232869"
},
{
"category": "self",
"summary": "SUSE Bug 1232870",
"url": "https://bugzilla.suse.com/1232870"
},
{
"category": "self",
"summary": "SUSE Bug 1232873",
"url": "https://bugzilla.suse.com/1232873"
},
{
"category": "self",
"summary": "SUSE Bug 1232876",
"url": "https://bugzilla.suse.com/1232876"
},
{
"category": "self",
"summary": "SUSE Bug 1232877",
"url": "https://bugzilla.suse.com/1232877"
},
{
"category": "self",
"summary": "SUSE Bug 1232878",
"url": "https://bugzilla.suse.com/1232878"
},
{
"category": "self",
"summary": "SUSE Bug 1232880",
"url": "https://bugzilla.suse.com/1232880"
},
{
"category": "self",
"summary": "SUSE Bug 1232881",
"url": "https://bugzilla.suse.com/1232881"
},
{
"category": "self",
"summary": "SUSE Bug 1232884",
"url": "https://bugzilla.suse.com/1232884"
},
{
"category": "self",
"summary": "SUSE Bug 1232885",
"url": "https://bugzilla.suse.com/1232885"
},
{
"category": "self",
"summary": "SUSE Bug 1232887",
"url": "https://bugzilla.suse.com/1232887"
},
{
"category": "self",
"summary": "SUSE Bug 1232888",
"url": "https://bugzilla.suse.com/1232888"
},
{
"category": "self",
"summary": "SUSE Bug 1232890",
"url": "https://bugzilla.suse.com/1232890"
},
{
"category": "self",
"summary": "SUSE Bug 1232892",
"url": "https://bugzilla.suse.com/1232892"
},
{
"category": "self",
"summary": "SUSE Bug 1232894",
"url": "https://bugzilla.suse.com/1232894"
},
{
"category": "self",
"summary": "SUSE Bug 1232896",
"url": "https://bugzilla.suse.com/1232896"
},
{
"category": "self",
"summary": "SUSE Bug 1232897",
"url": "https://bugzilla.suse.com/1232897"
},
{
"category": "self",
"summary": "SUSE Bug 1232905",
"url": "https://bugzilla.suse.com/1232905"
},
{
"category": "self",
"summary": "SUSE Bug 1232907",
"url": "https://bugzilla.suse.com/1232907"
},
{
"category": "self",
"summary": "SUSE Bug 1232914",
"url": "https://bugzilla.suse.com/1232914"
},
{
"category": "self",
"summary": "SUSE Bug 1232919",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "self",
"summary": "SUSE Bug 1232925",
"url": "https://bugzilla.suse.com/1232925"
},
{
"category": "self",
"summary": "SUSE Bug 1232926",
"url": "https://bugzilla.suse.com/1232926"
},
{
"category": "self",
"summary": "SUSE Bug 1232928",
"url": "https://bugzilla.suse.com/1232928"
},
{
"category": "self",
"summary": "SUSE Bug 1232935",
"url": "https://bugzilla.suse.com/1232935"
},
{
"category": "self",
"summary": "SUSE Bug 1233029",
"url": "https://bugzilla.suse.com/1233029"
},
{
"category": "self",
"summary": "SUSE Bug 1233032",
"url": "https://bugzilla.suse.com/1233032"
},
{
"category": "self",
"summary": "SUSE Bug 1233035",
"url": "https://bugzilla.suse.com/1233035"
},
{
"category": "self",
"summary": "SUSE Bug 1233036",
"url": "https://bugzilla.suse.com/1233036"
},
{
"category": "self",
"summary": "SUSE Bug 1233041",
"url": "https://bugzilla.suse.com/1233041"
},
{
"category": "self",
"summary": "SUSE Bug 1233044",
"url": "https://bugzilla.suse.com/1233044"
},
{
"category": "self",
"summary": "SUSE Bug 1233049",
"url": "https://bugzilla.suse.com/1233049"
},
{
"category": "self",
"summary": "SUSE Bug 1233050",
"url": "https://bugzilla.suse.com/1233050"
},
{
"category": "self",
"summary": "SUSE Bug 1233051",
"url": "https://bugzilla.suse.com/1233051"
},
{
"category": "self",
"summary": "SUSE Bug 1233056",
"url": "https://bugzilla.suse.com/1233056"
},
{
"category": "self",
"summary": "SUSE Bug 1233057",
"url": "https://bugzilla.suse.com/1233057"
},
{
"category": "self",
"summary": "SUSE Bug 1233061",
"url": "https://bugzilla.suse.com/1233061"
},
{
"category": "self",
"summary": "SUSE Bug 1233062",
"url": "https://bugzilla.suse.com/1233062"
},
{
"category": "self",
"summary": "SUSE Bug 1233063",
"url": "https://bugzilla.suse.com/1233063"
},
{
"category": "self",
"summary": "SUSE Bug 1233065",
"url": "https://bugzilla.suse.com/1233065"
},
{
"category": "self",
"summary": "SUSE Bug 1233067",
"url": "https://bugzilla.suse.com/1233067"
},
{
"category": "self",
"summary": "SUSE Bug 1233070",
"url": "https://bugzilla.suse.com/1233070"
},
{
"category": "self",
"summary": "SUSE Bug 1233073",
"url": "https://bugzilla.suse.com/1233073"
},
{
"category": "self",
"summary": "SUSE Bug 1233074",
"url": "https://bugzilla.suse.com/1233074"
},
{
"category": "self",
"summary": "SUSE Bug 1233088",
"url": "https://bugzilla.suse.com/1233088"
},
{
"category": "self",
"summary": "SUSE Bug 1233091",
"url": "https://bugzilla.suse.com/1233091"
},
{
"category": "self",
"summary": "SUSE Bug 1233092",
"url": "https://bugzilla.suse.com/1233092"
},
{
"category": "self",
"summary": "SUSE Bug 1233097",
"url": "https://bugzilla.suse.com/1233097"
},
{
"category": "self",
"summary": "SUSE Bug 1233100",
"url": "https://bugzilla.suse.com/1233100"
},
{
"category": "self",
"summary": "SUSE Bug 1233103",
"url": "https://bugzilla.suse.com/1233103"
},
{
"category": "self",
"summary": "SUSE Bug 1233104",
"url": "https://bugzilla.suse.com/1233104"
},
{
"category": "self",
"summary": "SUSE Bug 1233105",
"url": "https://bugzilla.suse.com/1233105"
},
{
"category": "self",
"summary": "SUSE Bug 1233106",
"url": "https://bugzilla.suse.com/1233106"
},
{
"category": "self",
"summary": "SUSE Bug 1233107",
"url": "https://bugzilla.suse.com/1233107"
},
{
"category": "self",
"summary": "SUSE Bug 1233108",
"url": "https://bugzilla.suse.com/1233108"
},
{
"category": "self",
"summary": "SUSE Bug 1233110",
"url": "https://bugzilla.suse.com/1233110"
},
{
"category": "self",
"summary": "SUSE Bug 1233111",
"url": "https://bugzilla.suse.com/1233111"
},
{
"category": "self",
"summary": "SUSE Bug 1233113",
"url": "https://bugzilla.suse.com/1233113"
},
{
"category": "self",
"summary": "SUSE Bug 1233114",
"url": "https://bugzilla.suse.com/1233114"
},
{
"category": "self",
"summary": "SUSE Bug 1233115",
"url": "https://bugzilla.suse.com/1233115"
},
{
"category": "self",
"summary": "SUSE Bug 1233117",
"url": "https://bugzilla.suse.com/1233117"
},
{
"category": "self",
"summary": "SUSE Bug 1233119",
"url": "https://bugzilla.suse.com/1233119"
},
{
"category": "self",
"summary": "SUSE Bug 1233123",
"url": "https://bugzilla.suse.com/1233123"
},
{
"category": "self",
"summary": "SUSE Bug 1233125",
"url": "https://bugzilla.suse.com/1233125"
},
{
"category": "self",
"summary": "SUSE Bug 1233127",
"url": "https://bugzilla.suse.com/1233127"
},
{
"category": "self",
"summary": "SUSE Bug 1233129",
"url": "https://bugzilla.suse.com/1233129"
},
{
"category": "self",
"summary": "SUSE Bug 1233130",
"url": "https://bugzilla.suse.com/1233130"
},
{
"category": "self",
"summary": "SUSE Bug 1233132",
"url": "https://bugzilla.suse.com/1233132"
},
{
"category": "self",
"summary": "SUSE Bug 1233135",
"url": "https://bugzilla.suse.com/1233135"
},
{
"category": "self",
"summary": "SUSE Bug 1233176",
"url": "https://bugzilla.suse.com/1233176"
},
{
"category": "self",
"summary": "SUSE Bug 1233179",
"url": "https://bugzilla.suse.com/1233179"
},
{
"category": "self",
"summary": "SUSE Bug 1233185",
"url": "https://bugzilla.suse.com/1233185"
},
{
"category": "self",
"summary": "SUSE Bug 1233188",
"url": "https://bugzilla.suse.com/1233188"
},
{
"category": "self",
"summary": "SUSE Bug 1233189",
"url": "https://bugzilla.suse.com/1233189"
},
{
"category": "self",
"summary": "SUSE Bug 1233191",
"url": "https://bugzilla.suse.com/1233191"
},
{
"category": "self",
"summary": "SUSE Bug 1233193",
"url": "https://bugzilla.suse.com/1233193"
},
{
"category": "self",
"summary": "SUSE Bug 1233197",
"url": "https://bugzilla.suse.com/1233197"
},
{
"category": "self",
"summary": "SUSE Bug 1233201",
"url": "https://bugzilla.suse.com/1233201"
},
{
"category": "self",
"summary": "SUSE Bug 1233203",
"url": "https://bugzilla.suse.com/1233203"
},
{
"category": "self",
"summary": "SUSE Bug 1233204",
"url": "https://bugzilla.suse.com/1233204"
},
{
"category": "self",
"summary": "SUSE Bug 1233205",
"url": "https://bugzilla.suse.com/1233205"
},
{
"category": "self",
"summary": "SUSE Bug 1233206",
"url": "https://bugzilla.suse.com/1233206"
},
{
"category": "self",
"summary": "SUSE Bug 1233207",
"url": "https://bugzilla.suse.com/1233207"
},
{
"category": "self",
"summary": "SUSE Bug 1233208",
"url": "https://bugzilla.suse.com/1233208"
},
{
"category": "self",
"summary": "SUSE Bug 1233209",
"url": "https://bugzilla.suse.com/1233209"
},
{
"category": "self",
"summary": "SUSE Bug 1233210",
"url": "https://bugzilla.suse.com/1233210"
},
{
"category": "self",
"summary": "SUSE Bug 1233211",
"url": "https://bugzilla.suse.com/1233211"
},
{
"category": "self",
"summary": "SUSE Bug 1233212",
"url": "https://bugzilla.suse.com/1233212"
},
{
"category": "self",
"summary": "SUSE Bug 1233216",
"url": "https://bugzilla.suse.com/1233216"
},
{
"category": "self",
"summary": "SUSE Bug 1233217",
"url": "https://bugzilla.suse.com/1233217"
},
{
"category": "self",
"summary": "SUSE Bug 1233219",
"url": "https://bugzilla.suse.com/1233219"
},
{
"category": "self",
"summary": "SUSE Bug 1233226",
"url": "https://bugzilla.suse.com/1233226"
},
{
"category": "self",
"summary": "SUSE Bug 1233238",
"url": "https://bugzilla.suse.com/1233238"
},
{
"category": "self",
"summary": "SUSE Bug 1233241",
"url": "https://bugzilla.suse.com/1233241"
},
{
"category": "self",
"summary": "SUSE Bug 1233244",
"url": "https://bugzilla.suse.com/1233244"
},
{
"category": "self",
"summary": "SUSE Bug 1233253",
"url": "https://bugzilla.suse.com/1233253"
},
{
"category": "self",
"summary": "SUSE Bug 1233255",
"url": "https://bugzilla.suse.com/1233255"
},
{
"category": "self",
"summary": "SUSE Bug 1233293",
"url": "https://bugzilla.suse.com/1233293"
},
{
"category": "self",
"summary": "SUSE Bug 1233298",
"url": "https://bugzilla.suse.com/1233298"
},
{
"category": "self",
"summary": "SUSE Bug 1233305",
"url": "https://bugzilla.suse.com/1233305"
},
{
"category": "self",
"summary": "SUSE Bug 1233320",
"url": "https://bugzilla.suse.com/1233320"
},
{
"category": "self",
"summary": "SUSE Bug 1233350",
"url": "https://bugzilla.suse.com/1233350"
},
{
"category": "self",
"summary": "SUSE Bug 1233443",
"url": "https://bugzilla.suse.com/1233443"
},
{
"category": "self",
"summary": "SUSE Bug 1233452",
"url": "https://bugzilla.suse.com/1233452"
},
{
"category": "self",
"summary": "SUSE Bug 1233453",
"url": "https://bugzilla.suse.com/1233453"
},
{
"category": "self",
"summary": "SUSE Bug 1233454",
"url": "https://bugzilla.suse.com/1233454"
},
{
"category": "self",
"summary": "SUSE Bug 1233456",
"url": "https://bugzilla.suse.com/1233456"
},
{
"category": "self",
"summary": "SUSE Bug 1233457",
"url": "https://bugzilla.suse.com/1233457"
},
{
"category": "self",
"summary": "SUSE Bug 1233458",
"url": "https://bugzilla.suse.com/1233458"
},
{
"category": "self",
"summary": "SUSE Bug 1233460",
"url": "https://bugzilla.suse.com/1233460"
},
{
"category": "self",
"summary": "SUSE Bug 1233462",
"url": "https://bugzilla.suse.com/1233462"
},
{
"category": "self",
"summary": "SUSE Bug 1233463",
"url": "https://bugzilla.suse.com/1233463"
},
{
"category": "self",
"summary": "SUSE Bug 1233464",
"url": "https://bugzilla.suse.com/1233464"
},
{
"category": "self",
"summary": "SUSE Bug 1233465",
"url": "https://bugzilla.suse.com/1233465"
},
{
"category": "self",
"summary": "SUSE Bug 1233468",
"url": "https://bugzilla.suse.com/1233468"
},
{
"category": "self",
"summary": "SUSE Bug 1233471",
"url": "https://bugzilla.suse.com/1233471"
},
{
"category": "self",
"summary": "SUSE Bug 1233476",
"url": "https://bugzilla.suse.com/1233476"
},
{
"category": "self",
"summary": "SUSE Bug 1233478",
"url": "https://bugzilla.suse.com/1233478"
},
{
"category": "self",
"summary": "SUSE Bug 1233479",
"url": "https://bugzilla.suse.com/1233479"
},
{
"category": "self",
"summary": "SUSE Bug 1233481",
"url": "https://bugzilla.suse.com/1233481"
},
{
"category": "self",
"summary": "SUSE Bug 1233484",
"url": "https://bugzilla.suse.com/1233484"
},
{
"category": "self",
"summary": "SUSE Bug 1233485",
"url": "https://bugzilla.suse.com/1233485"
},
{
"category": "self",
"summary": "SUSE Bug 1233487",
"url": "https://bugzilla.suse.com/1233487"
},
{
"category": "self",
"summary": "SUSE Bug 1233490",
"url": "https://bugzilla.suse.com/1233490"
},
{
"category": "self",
"summary": "SUSE Bug 1233491",
"url": "https://bugzilla.suse.com/1233491"
},
{
"category": "self",
"summary": "SUSE Bug 1233523",
"url": "https://bugzilla.suse.com/1233523"
},
{
"category": "self",
"summary": "SUSE Bug 1233524",
"url": "https://bugzilla.suse.com/1233524"
},
{
"category": "self",
"summary": "SUSE Bug 1233540",
"url": "https://bugzilla.suse.com/1233540"
},
{
"category": "self",
"summary": "SUSE Bug 1233547",
"url": "https://bugzilla.suse.com/1233547"
},
{
"category": "self",
"summary": "SUSE Bug 1233548",
"url": "https://bugzilla.suse.com/1233548"
},
{
"category": "self",
"summary": "SUSE Bug 1233550",
"url": "https://bugzilla.suse.com/1233550"
},
{
"category": "self",
"summary": "SUSE Bug 1233552",
"url": "https://bugzilla.suse.com/1233552"
},
{
"category": "self",
"summary": "SUSE Bug 1233553",
"url": "https://bugzilla.suse.com/1233553"
},
{
"category": "self",
"summary": "SUSE Bug 1233554",
"url": "https://bugzilla.suse.com/1233554"
},
{
"category": "self",
"summary": "SUSE Bug 1233555",
"url": "https://bugzilla.suse.com/1233555"
},
{
"category": "self",
"summary": "SUSE Bug 1233557",
"url": "https://bugzilla.suse.com/1233557"
},
{
"category": "self",
"summary": "SUSE Bug 1233560",
"url": "https://bugzilla.suse.com/1233560"
},
{
"category": "self",
"summary": "SUSE Bug 1233561",
"url": "https://bugzilla.suse.com/1233561"
},
{
"category": "self",
"summary": "SUSE Bug 1233564",
"url": "https://bugzilla.suse.com/1233564"
},
{
"category": "self",
"summary": "SUSE Bug 1233566",
"url": "https://bugzilla.suse.com/1233566"
},
{
"category": "self",
"summary": "SUSE Bug 1233567",
"url": "https://bugzilla.suse.com/1233567"
},
{
"category": "self",
"summary": "SUSE Bug 1233568",
"url": "https://bugzilla.suse.com/1233568"
},
{
"category": "self",
"summary": "SUSE Bug 1233570",
"url": "https://bugzilla.suse.com/1233570"
},
{
"category": "self",
"summary": "SUSE Bug 1233572",
"url": "https://bugzilla.suse.com/1233572"
},
{
"category": "self",
"summary": "SUSE Bug 1233573",
"url": "https://bugzilla.suse.com/1233573"
},
{
"category": "self",
"summary": "SUSE Bug 1233577",
"url": "https://bugzilla.suse.com/1233577"
},
{
"category": "self",
"summary": "SUSE Bug 1233580",
"url": "https://bugzilla.suse.com/1233580"
},
{
"category": "self",
"summary": "SUSE Bug 1233640",
"url": "https://bugzilla.suse.com/1233640"
},
{
"category": "self",
"summary": "SUSE Bug 1233641",
"url": "https://bugzilla.suse.com/1233641"
},
{
"category": "self",
"summary": "SUSE Bug 1233642",
"url": "https://bugzilla.suse.com/1233642"
},
{
"category": "self",
"summary": "SUSE Bug 1233721",
"url": "https://bugzilla.suse.com/1233721"
},
{
"category": "self",
"summary": "SUSE Bug 1233754",
"url": "https://bugzilla.suse.com/1233754"
},
{
"category": "self",
"summary": "SUSE Bug 1233756",
"url": "https://bugzilla.suse.com/1233756"
},
{
"category": "self",
"summary": "SUSE Bug 1233769",
"url": "https://bugzilla.suse.com/1233769"
},
{
"category": "self",
"summary": "SUSE Bug 1233771",
"url": "https://bugzilla.suse.com/1233771"
},
{
"category": "self",
"summary": "SUSE Bug 1233977",
"url": "https://bugzilla.suse.com/1233977"
},
{
"category": "self",
"summary": "SUSE Bug 1234009",
"url": "https://bugzilla.suse.com/1234009"
},
{
"category": "self",
"summary": "SUSE Bug 1234011",
"url": "https://bugzilla.suse.com/1234011"
},
{
"category": "self",
"summary": "SUSE Bug 1234012",
"url": "https://bugzilla.suse.com/1234012"
},
{
"category": "self",
"summary": "SUSE Bug 1234025",
"url": "https://bugzilla.suse.com/1234025"
},
{
"category": "self",
"summary": "SUSE Bug 1234039",
"url": "https://bugzilla.suse.com/1234039"
},
{
"category": "self",
"summary": "SUSE Bug 1234040",
"url": "https://bugzilla.suse.com/1234040"
},
{
"category": "self",
"summary": "SUSE Bug 1234041",
"url": "https://bugzilla.suse.com/1234041"
},
{
"category": "self",
"summary": "SUSE Bug 1234042",
"url": "https://bugzilla.suse.com/1234042"
},
{
"category": "self",
"summary": "SUSE Bug 1234043",
"url": "https://bugzilla.suse.com/1234043"
},
{
"category": "self",
"summary": "SUSE Bug 1234044",
"url": "https://bugzilla.suse.com/1234044"
},
{
"category": "self",
"summary": "SUSE Bug 1234045",
"url": "https://bugzilla.suse.com/1234045"
},
{
"category": "self",
"summary": "SUSE Bug 1234046",
"url": "https://bugzilla.suse.com/1234046"
},
{
"category": "self",
"summary": "SUSE Bug 1234072",
"url": "https://bugzilla.suse.com/1234072"
},
{
"category": "self",
"summary": "SUSE Bug 1234078",
"url": "https://bugzilla.suse.com/1234078"
},
{
"category": "self",
"summary": "SUSE Bug 1234081",
"url": "https://bugzilla.suse.com/1234081"
},
{
"category": "self",
"summary": "SUSE Bug 1234083",
"url": "https://bugzilla.suse.com/1234083"
},
{
"category": "self",
"summary": "SUSE Bug 1234085",
"url": "https://bugzilla.suse.com/1234085"
},
{
"category": "self",
"summary": "SUSE Bug 1234087",
"url": "https://bugzilla.suse.com/1234087"
},
{
"category": "self",
"summary": "SUSE Bug 1234093",
"url": "https://bugzilla.suse.com/1234093"
},
{
"category": "self",
"summary": "SUSE Bug 1234098",
"url": "https://bugzilla.suse.com/1234098"
},
{
"category": "self",
"summary": "SUSE Bug 1234108",
"url": "https://bugzilla.suse.com/1234108"
},
{
"category": "self",
"summary": "SUSE Bug 1234121",
"url": "https://bugzilla.suse.com/1234121"
},
{
"category": "self",
"summary": "SUSE Bug 1234223",
"url": "https://bugzilla.suse.com/1234223"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52766 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52766/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52778 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52778/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52800 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52800/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52881 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52917 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52917/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52918 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52918/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52919 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52919/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52920 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52920/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52921 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52921/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52922 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52922/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-6270 page",
"url": "https://www.suse.com/security/cve/CVE-2023-6270/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26596 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26596/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26703 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26741 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26741/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26758 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26758/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26761 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26761/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26767 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26767/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26782 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26864 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26943 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26943/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26953 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26953/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27017 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27017/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27026 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27026/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27043 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27043/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27407 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27407/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35888 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35888/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35980 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36000 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36000/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36031 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36031/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36244 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36244/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36484 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36484/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36883 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36883/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36886 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36886/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36905 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36920 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36920/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36927 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36927/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36954 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36954/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36968 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36968/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38576 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38576/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38577 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38577/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38589 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38589/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38599 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38599/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40914 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41016 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41016/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41023 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41023/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41031 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41031/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41047 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41047/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41082 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41082/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42102 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42102/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42145 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42145/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44932 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44932/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44958 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44958/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44964 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44964/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44995 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44995/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45016 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45016/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45025 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45025/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46678 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46678/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46680 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46681 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46721 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46721/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46754 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46765 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46765/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46766 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46766/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46770 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46770/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46775 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46775/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46777 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46777/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46788 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46788/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46797 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46800 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46800/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46802 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46802/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46803 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46803/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46804 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46804/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46805 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46805/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46806 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46806/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46807 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46807/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46809 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46809/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46810 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46811 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46811/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46812 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46812/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46813 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46814 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46815 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46815/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46816 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46816/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46817 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46817/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46818 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46818/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46819 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46819/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46821 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46825 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46825/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46826 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46826/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46827 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46828 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46830 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46831 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46834 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46835 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46836 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46836/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46840 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46840/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46841 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46841/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46842 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46842/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46843 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46843/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46845 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46845/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46846 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46846/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46848 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46848/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46849 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46849/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46851 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46851/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46852 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46852/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46853 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46853/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46854 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46854/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46855 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46855/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46857 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46857/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46859 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46859/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46860 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46860/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46861 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46864 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46870 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46871 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46871/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47658 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47658/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47660 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47660/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47661 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47661/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47662 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47662/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47663 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47663/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47664 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47664/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47665 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47665/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47666 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47666/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47667 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47667/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47668 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47669 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47669/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47670 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47671 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47671/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47672 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47672/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47673 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47674 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47674/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47675 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47675/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47679 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47679/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47681 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47682 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47682/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47684 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47684/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47685 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47685/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47686 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47686/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47687 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47688 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47688/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47692 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47692/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47693 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47695 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47695/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47696 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47696/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47697 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47698 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47698/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47699 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47701 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47702 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47703 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47704 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47704/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47705 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47705/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47706 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47706/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47707 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47707/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47709 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47709/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47710 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47710/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47712 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47712/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47713 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47714 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47715 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47718 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47719 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47720 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47720/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47723 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47727 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47728 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47730 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47730/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47731 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47731/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47732 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47735 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47737 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47737/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47738 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47739 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47741 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47741/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47742 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47742/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47743 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47743/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47744 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47744/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47745 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47745/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47747 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47747/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47748 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47748/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47749 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47749/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47750 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47750/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47751 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47751/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47752 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47753 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47754 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47756 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47756/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47757 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47757/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49850 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49850/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49851 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49851/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49852 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49852/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49853 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49853/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49855 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49855/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49858 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49860 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49860/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49861 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49862 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49862/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49863 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49863/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49864 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49866 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49866/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49867 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49867/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49868 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49868/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49870 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49871 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49871/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49874 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49875 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49877 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49877/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49878 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49878/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49879 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49879/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49881 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49882 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49882/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49883 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49883/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49884 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49886 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49886/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49888 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49888/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49890 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49891 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49891/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49892 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49892/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49894 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49894/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49895 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49895/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49896 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49896/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49897 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49897/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49898 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49898/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49899 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49899/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49900 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49900/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49901 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49901/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49902 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49902/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49903 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49903/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49905 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49906 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49906/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49907 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49907/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49908 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49908/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49909 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49909/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49911 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49912 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49912/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49913 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49914 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49917 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49917/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49918 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49918/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49919 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49919/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49920 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49920/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49921 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49921/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49922 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49922/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49923 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49923/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49925 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49925/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49928 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49928/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49929 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49929/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49930 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49930/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49931 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49931/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49933 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49933/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49934 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49935 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49935/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49936 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49936/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49937 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49937/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49938 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49938/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49939 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49939/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49944 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49944/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49945 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49945/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49946 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49946/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49947 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49949 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49949/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49950 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49950/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49952 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49952/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49953 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49953/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49954 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49954/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49955 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49955/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49957 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49957/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49958 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49958/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49959 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49959/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49960 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49960/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49961 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49961/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49962 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49962/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49963 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49963/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49965 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49965/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49966 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49966/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49967 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49967/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49968 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49968/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49969 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49969/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49972 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49972/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49973 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49973/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49974 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49975 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49975/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49976 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49976/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49981 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49981/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49982 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49982/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49983 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49983/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49985 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49985/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49986 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49986/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49987 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49987/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49989 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49989/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49991 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49991/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49993 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49993/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49995 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49995/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49996 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50000 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50000/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50001 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50001/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50002 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50002/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50003 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50003/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50004 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50004/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50006 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50006/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50007 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50007/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50008 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50008/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50009 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50012 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50012/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50013 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50014 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50014/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50015 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50015/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50017 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50017/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50019 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50019/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50020 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50020/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50021 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50021/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50022 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50022/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50023 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50023/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50024 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50024/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50025 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50025/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50026 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50026/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50027 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50027/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50028 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50028/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50031 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50031/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50033 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50033/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50035 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50035/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50040 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50040/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50041 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50041/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50042 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50042/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50044 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50044/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50045 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50045/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50046 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50046/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50047 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50047/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50048 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50048/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50049 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50049/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50055 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50058 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50059 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50059/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50060 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50061 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50062 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50062/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50063 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50064 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50064/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50067 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50067/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50069 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50069/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50073 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50073/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50074 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50074/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50075 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50075/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50076 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50077 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50077/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50078 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50080 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50081 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50081/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50082 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50082/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50084 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50084/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50087 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50087/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50088 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50089 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50089/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50093 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50093/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50095 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50095/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50096 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50098 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50098/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50099 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50099/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50100 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50100/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50101 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50101/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50102 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50102/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50103 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50103/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50108 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50108/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50110 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50110/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50115 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50116 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50116/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50117 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50117/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50121 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50121/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50124 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50124/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50125 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50127 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50127/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50128 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50128/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50130 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50130/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50131 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50131/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50134 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50134/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50135 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50136 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50138 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50138/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50139 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50139/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50141 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50141/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50145 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50145/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50146 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50146/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50147 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50147/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50148 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50148/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50150 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50150/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50153 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50153/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50154 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50155 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50155/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50156 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50156/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50157 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50157/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50158 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50158/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50159 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50160 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50160/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50166 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50166/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50167 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50167/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50169 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50169/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50171 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50171/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50172 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50172/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50175 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50175/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50176 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50176/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50177 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50179 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50179/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50180 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50180/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50181 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50182 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50182/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50183 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50183/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50184 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50184/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50186 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50187 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50187/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50188 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50188/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50189 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50189/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50192 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50192/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50194 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50194/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50195 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50195/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50196 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50196/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50198 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50198/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50200 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50200/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50201 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50201/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50205 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50205/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50208 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50208/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50209 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50209/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50210 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50210/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50215 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50215/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50216 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50216/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50218 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50218/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50221 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50221/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50224/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50225 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50225/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50228 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50228/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50229 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50229/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50230 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50230/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50231 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50231/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50232 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50232/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50233 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50233/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50234 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50234/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50235 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50235/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50236 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50236/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50237 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50237/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50240 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50240/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50245 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50245/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50246 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50246/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50248 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50248/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50249 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50249/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50250 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50250/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50252 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50252/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50255 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50255/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50257 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50257/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50261 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50261/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50264 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50264/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50265 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50265/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50267 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50267/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50268 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50268/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50269 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50269/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50271 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50271/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50273 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50273/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50274 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50274/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50275 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50275/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50276 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50276/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50279 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50279/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50282 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50282/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50287 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50287/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50289 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50289/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50290 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50290/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50292 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50292/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50295 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50295/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50296 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50296/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50298 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50298/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50301 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50301/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50302 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50302/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53042 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53042/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53043 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53043/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53045 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53045/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53048 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53048/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53051 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53052 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53055 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53056 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53058 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53059 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53059/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53060 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53061 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53063 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53066 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53066/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53068 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53072 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53072/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53074 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53074/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53076 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53079 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53081 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53081/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53082 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53082/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53085 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53088 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53093 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53093/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53094 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53094/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53095 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53095/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53096 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53100 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53100/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53101 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53101/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53104 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53104/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53106 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53106/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53108 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53108/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53110 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53110/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53112 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53112/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53114 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53114/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53121 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53121/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53138 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53138/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-03-27T12:56:21Z",
"generator": {
"date": "2025-03-27T12:56:21Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20246-1",
"initial_release_date": "2025-03-27T12:56:21Z",
"revision_history": [
{
"date": "2025-03-27T12:56:21Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-6.4.0-22.1.aarch64",
"product": {
"name": "kernel-rt-6.4.0-22.1.aarch64",
"product_id": "kernel-rt-6.4.0-22.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-6.4.0-22.1.aarch64",
"product": {
"name": "kernel-rt-devel-6.4.0-22.1.aarch64",
"product_id": "kernel-rt-devel-6.4.0-22.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-6.4.0-22.1.noarch",
"product": {
"name": "kernel-devel-rt-6.4.0-22.1.noarch",
"product_id": "kernel-devel-rt-6.4.0-22.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-6.4.0-22.1.noarch",
"product": {
"name": "kernel-source-rt-6.4.0-22.1.noarch",
"product_id": "kernel-source-rt-6.4.0-22.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-6.4.0-22.1.x86_64",
"product": {
"name": "kernel-rt-6.4.0-22.1.x86_64",
"product_id": "kernel-rt-6.4.0-22.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-6.4.0-22.1.x86_64",
"product": {
"name": "kernel-rt-devel-6.4.0-22.1.x86_64",
"product_id": "kernel-rt-devel-6.4.0-22.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-6.4.0-22.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-6.4.0-22.1.x86_64",
"product_id": "kernel-rt-livepatch-6.4.0-22.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-rt-6.4.0-22.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch"
},
"product_reference": "kernel-devel-rt-6.4.0-22.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-6.4.0-22.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64"
},
"product_reference": "kernel-rt-6.4.0-22.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-6.4.0-22.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64"
},
"product_reference": "kernel-rt-6.4.0-22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-6.4.0-22.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64"
},
"product_reference": "kernel-rt-devel-6.4.0-22.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-6.4.0-22.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64"
},
"product_reference": "kernel-rt-devel-6.4.0-22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-livepatch-6.4.0-22.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64"
},
"product_reference": "kernel-rt-livepatch-6.4.0-22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-6.4.0-22.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
},
"product_reference": "kernel-source-rt-6.4.0-22.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-52766",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52766"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler\n\nDo not loop over ring headers in hci_dma_irq_handler() that are not\nallocated and enabled in hci_dma_init(). Otherwise out of bounds access\nwill occur from rings-\u003eheaders[i] access when i \u003e= number of allocated\nring headers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52766",
"url": "https://www.suse.com/security/cve/CVE-2023-52766"
},
{
"category": "external",
"summary": "SUSE Bug 1230620 for CVE-2023-52766",
"url": "https://bugzilla.suse.com/1230620"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2023-52766"
},
{
"cve": "CVE-2023-52778",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52778"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: deal with large GSO size\n\nAfter the blamed commit below, the TCP sockets (and the MPTCP subflows)\ncan build egress packets larger than 64K. That exceeds the maximum DSS\ndata size, the length being misrepresent on the wire and the stream being\ncorrupted, as later observed on the receiver:\n\n WARNING: CPU: 0 PID: 9696 at net/mptcp/protocol.c:705 __mptcp_move_skbs_from_subflow+0x2604/0x26e0\n CPU: 0 PID: 9696 Comm: syz-executor.7 Not tainted 6.6.0-rc5-gcd8bdf563d46 #45\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014\n netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4\u0027.\n RIP: 0010:__mptcp_move_skbs_from_subflow+0x2604/0x26e0 net/mptcp/protocol.c:705\n RSP: 0018:ffffc90000006e80 EFLAGS: 00010246\n RAX: ffffffff83e9f674 RBX: ffff88802f45d870 RCX: ffff888102ad0000\n netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4\u0027.\n RDX: 0000000080000303 RSI: 0000000000013908 RDI: 0000000000003908\n RBP: ffffc90000007110 R08: ffffffff83e9e078 R09: 1ffff1100e548c8a\n R10: dffffc0000000000 R11: ffffed100e548c8b R12: 0000000000013908\n R13: dffffc0000000000 R14: 0000000000003908 R15: 000000000031cf29\n FS: 00007f239c47e700(0000) GS:ffff88811b200000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f239c45cd78 CR3: 000000006a66c006 CR4: 0000000000770ef0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600\n PKRU: 55555554\n Call Trace:\n \u003cIRQ\u003e\n mptcp_data_ready+0x263/0xac0 net/mptcp/protocol.c:819\n subflow_data_ready+0x268/0x6d0 net/mptcp/subflow.c:1409\n tcp_data_queue+0x21a1/0x7a60 net/ipv4/tcp_input.c:5151\n tcp_rcv_established+0x950/0x1d90 net/ipv4/tcp_input.c:6098\n tcp_v6_do_rcv+0x554/0x12f0 net/ipv6/tcp_ipv6.c:1483\n tcp_v6_rcv+0x2e26/0x3810 net/ipv6/tcp_ipv6.c:1749\n ip6_protocol_deliver_rcu+0xd6b/0x1ae0 net/ipv6/ip6_input.c:438\n ip6_input+0x1c5/0x470 net/ipv6/ip6_input.c:483\n ipv6_rcv+0xef/0x2c0 include/linux/netfilter.h:304\n __netif_receive_skb+0x1ea/0x6a0 net/core/dev.c:5532\n process_backlog+0x353/0x660 net/core/dev.c:5974\n __napi_poll+0xc6/0x5a0 net/core/dev.c:6536\n net_rx_action+0x6a0/0xfd0 net/core/dev.c:6603\n __do_softirq+0x184/0x524 kernel/softirq.c:553\n do_softirq+0xdd/0x130 kernel/softirq.c:454\n\nAddress the issue explicitly bounding the maximum GSO size to what MPTCP\nactually allows.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52778",
"url": "https://www.suse.com/security/cve/CVE-2023-52778"
},
{
"category": "external",
"summary": "SUSE Bug 1224948 for CVE-2023-52778",
"url": "https://bugzilla.suse.com/1224948"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2023-52778"
},
{
"cve": "CVE-2023-52800",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52800"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix htt pktlog locking\n\nThe ath11k active pdevs are protected by RCU but the htt pktlog handling\ncode calling ath11k_mac_get_ar_by_pdev_id() was not marked as a\nread-side critical section.\n\nMark the code in question as an RCU read-side critical section to avoid\nany potential use-after-free issues.\n\nCompile tested only.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52800",
"url": "https://www.suse.com/security/cve/CVE-2023-52800"
},
{
"category": "external",
"summary": "SUSE Bug 1230600 for CVE-2023-52800",
"url": "https://bugzilla.suse.com/1230600"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2023-52800"
},
{
"cve": "CVE-2023-52881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52881"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: do not accept ACK of bytes we never sent\n\nThis patch is based on a detailed report and ideas from Yepeng Pan\nand Christian Rossow.\n\nACK seq validation is currently following RFC 5961 5.2 guidelines:\n\n The ACK value is considered acceptable only if\n it is in the range of ((SND.UNA - MAX.SND.WND) \u003c= SEG.ACK \u003c=\n SND.NXT). All incoming segments whose ACK value doesn\u0027t satisfy the\n above condition MUST be discarded and an ACK sent back. It needs to\n be noted that RFC 793 on page 72 (fifth check) says: \"If the ACK is a\n duplicate (SEG.ACK \u003c SND.UNA), it can be ignored. If the ACK\n acknowledges something not yet sent (SEG.ACK \u003e SND.NXT) then send an\n ACK, drop the segment, and return\". The \"ignored\" above implies that\n the processing of the incoming data segment continues, which means\n the ACK value is treated as acceptable. This mitigation makes the\n ACK check more stringent since any ACK \u003c SND.UNA wouldn\u0027t be\n accepted, instead only ACKs that are in the range ((SND.UNA -\n MAX.SND.WND) \u003c= SEG.ACK \u003c= SND.NXT) get through.\n\nThis can be refined for new (and possibly spoofed) flows,\nby not accepting ACK for bytes that were never sent.\n\nThis greatly improves TCP security at a little cost.\n\nI added a Fixes: tag to make sure this patch will reach stable trees,\neven if the \u0027blamed\u0027 patch was adhering to the RFC.\n\ntp-\u003ebytes_acked was added in linux-4.2\n\nFollowing packetdrill test (courtesy of Yepeng Pan) shows\nthe issue at hand:\n\n0 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3\n+0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0\n+0 bind(3, ..., ...) = 0\n+0 listen(3, 1024) = 0\n\n// ---------------- Handshake ------------------- //\n\n// when window scale is set to 14 the window size can be extended to\n// 65535 * (2^14) = 1073725440. Linux would accept an ACK packet\n// with ack number in (Server_ISN+1-1073725440. Server_ISN+1)\n// ,though this ack number acknowledges some data never\n// sent by the server.\n\n+0 \u003c S 0:0(0) win 65535 \u003cmss 1400,nop,wscale 14\u003e\n+0 \u003e S. 0:0(0) ack 1 \u003c...\u003e\n+0 \u003c . 1:1(0) ack 1 win 65535\n+0 accept(3, ..., ...) = 4\n\n// For the established connection, we send an ACK packet,\n// the ack packet uses ack number 1 - 1073725300 + 2^32,\n// where 2^32 is used to wrap around.\n// Note: we used 1073725300 instead of 1073725440 to avoid possible\n// edge cases.\n// 1 - 1073725300 + 2^32 = 3221241997\n\n// Oops, old kernels happily accept this packet.\n+0 \u003c . 1:1001(1000) ack 3221241997 win 65535\n\n// After the kernel fix the following will be replaced by a challenge ACK,\n// and prior malicious frame would be dropped.\n+0 \u003e . 1:1(0) ack 1001",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52881",
"url": "https://www.suse.com/security/cve/CVE-2023-52881"
},
{
"category": "external",
"summary": "SUSE Bug 1223384 for CVE-2023-52881",
"url": "https://bugzilla.suse.com/1223384"
},
{
"category": "external",
"summary": "SUSE Bug 1225611 for CVE-2023-52881",
"url": "https://bugzilla.suse.com/1225611"
},
{
"category": "external",
"summary": "SUSE Bug 1226152 for CVE-2023-52881",
"url": "https://bugzilla.suse.com/1226152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2023-52881"
},
{
"cve": "CVE-2023-52917",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52917"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52917",
"url": "https://www.suse.com/security/cve/CVE-2023-52917"
},
{
"category": "external",
"summary": "SUSE Bug 1231849 for CVE-2023-52917",
"url": "https://bugzilla.suse.com/1231849"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2023-52917"
},
{
"cve": "CVE-2023-52918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52918"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pci: cx23885: check cx23885_vdev_init() return\n\ncx23885_vdev_init() can return a NULL pointer, but that pointer\nis used in the next line without a check.\n\nAdd a NULL pointer check and go to the error unwind if it is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52918",
"url": "https://www.suse.com/security/cve/CVE-2023-52918"
},
{
"category": "external",
"summary": "SUSE Bug 1232047 for CVE-2023-52918",
"url": "https://bugzilla.suse.com/1232047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2023-52918"
},
{
"cve": "CVE-2023-52919",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52919"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nci: fix possible NULL pointer dereference in send_acknowledge()\n\nHandle memory allocation failure from nci_skb_alloc() (calling\nalloc_skb()) to avoid possible NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52919",
"url": "https://www.suse.com/security/cve/CVE-2023-52919"
},
{
"category": "external",
"summary": "SUSE Bug 1231988 for CVE-2023-52919",
"url": "https://bugzilla.suse.com/1231988"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2023-52919"
},
{
"cve": "CVE-2023-52920",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52920"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: support non-r10 register spill/fill to/from stack in precision tracking\n\nUse instruction (jump) history to record instructions that performed\nregister spill/fill to/from stack, regardless if this was done through\nread-only r10 register, or any other register after copying r10 into it\n*and* potentially adjusting offset.\n\nTo make this work reliably, we push extra per-instruction flags into\ninstruction history, encoding stack slot index (spi) and stack frame\nnumber in extra 10 bit flags we take away from prev_idx in instruction\nhistory. We don\u0027t touch idx field for maximum performance, as it\u0027s\nchecked most frequently during backtracking.\n\nThis change removes basically the last remaining practical limitation of\nprecision backtracking logic in BPF verifier. It fixes known\ndeficiencies, but also opens up new opportunities to reduce number of\nverified states, explored in the subsequent patches.\n\nThere are only three differences in selftests\u0027 BPF object files\naccording to veristat, all in the positive direction (less states).\n\nFile Program Insns (A) Insns (B) Insns (DIFF) States (A) States (B) States (DIFF)\n-------------------------------------- ------------- --------- --------- ------------- ---------- ---------- -------------\ntest_cls_redirect_dynptr.bpf.linked3.o cls_redirect 2987 2864 -123 (-4.12%) 240 231 -9 (-3.75%)\nxdp_synproxy_kern.bpf.linked3.o syncookie_tc 82848 82661 -187 (-0.23%) 5107 5073 -34 (-0.67%)\nxdp_synproxy_kern.bpf.linked3.o syncookie_xdp 85116 84964 -152 (-0.18%) 5162 5130 -32 (-0.62%)\n\nNote, I avoided renaming jmp_history to more generic insn_hist to\nminimize number of lines changed and potential merge conflicts between\nbpf and bpf-next trees.\n\nNotice also cur_hist_entry pointer reset to NULL at the beginning of\ninstruction verification loop. This pointer avoids the problem of\nrelying on last jump history entry\u0027s insn_idx to determine whether we\nalready have entry for current instruction or not. It can happen that we\nadded jump history entry because current instruction is_jmp_point(), but\nalso we need to add instruction flags for stack access. In this case, we\ndon\u0027t want to entries, so we need to reuse last added entry, if it is\npresent.\n\nRelying on insn_idx comparison has the same ambiguity problem as the one\nthat was fixed recently in [0], so we avoid that.\n\n [0] https://patchwork.kernel.org/project/netdevbpf/patch/20231110002638.4168352-3-andrii@kernel.org/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52920",
"url": "https://www.suse.com/security/cve/CVE-2023-52920"
},
{
"category": "external",
"summary": "SUSE Bug 1232823 for CVE-2023-52920",
"url": "https://bugzilla.suse.com/1232823"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2023-52920"
},
{
"cve": "CVE-2023-52921",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52921"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix possible UAF in amdgpu_cs_pass1()\n\nSince the gang_size check is outside of chunk parsing\nloop, we need to reset i before we free the chunk data.\n\nSuggested by Ye Zhang (@VAR10CK) of Baidu Security.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52921",
"url": "https://www.suse.com/security/cve/CVE-2023-52921"
},
{
"category": "external",
"summary": "SUSE Bug 1233452 for CVE-2023-52921",
"url": "https://bugzilla.suse.com/1233452"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2023-52921"
},
{
"cve": "CVE-2023-52922",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52922"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: bcm: Fix UAF in bcm_proc_show()\n\nBUG: KASAN: slab-use-after-free in bcm_proc_show+0x969/0xa80\nRead of size 8 at addr ffff888155846230 by task cat/7862\n\nCPU: 1 PID: 7862 Comm: cat Not tainted 6.5.0-rc1-00153-gc8746099c197 #230\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xd5/0x150\n print_report+0xc1/0x5e0\n kasan_report+0xba/0xf0\n bcm_proc_show+0x969/0xa80\n seq_read_iter+0x4f6/0x1260\n seq_read+0x165/0x210\n proc_reg_read+0x227/0x300\n vfs_read+0x1d5/0x8d0\n ksys_read+0x11e/0x240\n do_syscall_64+0x35/0xb0\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nAllocated by task 7846:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n __kasan_kmalloc+0x9e/0xa0\n bcm_sendmsg+0x264b/0x44e0\n sock_sendmsg+0xda/0x180\n ____sys_sendmsg+0x735/0x920\n ___sys_sendmsg+0x11d/0x1b0\n __sys_sendmsg+0xfa/0x1d0\n do_syscall_64+0x35/0xb0\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nFreed by task 7846:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n kasan_save_free_info+0x27/0x40\n ____kasan_slab_free+0x161/0x1c0\n slab_free_freelist_hook+0x119/0x220\n __kmem_cache_free+0xb4/0x2e0\n rcu_core+0x809/0x1bd0\n\nbcm_op is freed before procfs entry be removed in bcm_release(),\nthis lead to bcm_proc_show() may read the freed bcm_op.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52922",
"url": "https://www.suse.com/security/cve/CVE-2023-52922"
},
{
"category": "external",
"summary": "SUSE Bug 1233977 for CVE-2023-52922",
"url": "https://bugzilla.suse.com/1233977"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2023-52922"
},
{
"cve": "CVE-2023-6270",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-6270"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial of service condition or potential code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-6270",
"url": "https://www.suse.com/security/cve/CVE-2023-6270"
},
{
"category": "external",
"summary": "SUSE Bug 1218562 for CVE-2023-6270",
"url": "https://bugzilla.suse.com/1218562"
},
{
"category": "external",
"summary": "SUSE Bug 1218813 for CVE-2023-6270",
"url": "https://bugzilla.suse.com/1218813"
},
{
"category": "external",
"summary": "SUSE Bug 1221578 for CVE-2023-6270",
"url": "https://bugzilla.suse.com/1221578"
},
{
"category": "external",
"summary": "SUSE Bug 1221598 for CVE-2023-6270",
"url": "https://bugzilla.suse.com/1221598"
},
{
"category": "external",
"summary": "SUSE Bug 1223016 for CVE-2023-6270",
"url": "https://bugzilla.suse.com/1223016"
},
{
"category": "external",
"summary": "SUSE Bug 1227675 for CVE-2023-6270",
"url": "https://bugzilla.suse.com/1227675"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2023-6270"
},
{
"cve": "CVE-2024-26596",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26596"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events\n\nAfter the blamed commit, we started doing this dereference for every\nNETDEV_CHANGEUPPER and NETDEV_PRECHANGEUPPER event in the system.\n\nstatic inline struct dsa_port *dsa_user_to_port(const struct net_device *dev)\n{\n\tstruct dsa_user_priv *p = netdev_priv(dev);\n\n\treturn p-\u003edp;\n}\n\nWhich is obviously bogus, because not all net_devices have a netdev_priv()\nof type struct dsa_user_priv. But struct dsa_user_priv is fairly small,\nand p-\u003edp means dereferencing 8 bytes starting with offset 16. Most\ndrivers allocate that much private memory anyway, making our access not\nfault, and we discard the bogus data quickly afterwards, so this wasn\u0027t\ncaught.\n\nBut the dummy interface is somewhat special in that it calls\nalloc_netdev() with a priv size of 0. So every netdev_priv() dereference\nis invalid, and we get this when we emit a NETDEV_PRECHANGEUPPER event\nwith a VLAN as its new upper:\n\n$ ip link add dummy1 type dummy\n$ ip link add link dummy1 name dummy1.100 type vlan id 100\n[ 43.309174] ==================================================================\n[ 43.316456] BUG: KASAN: slab-out-of-bounds in dsa_user_prechangeupper+0x30/0xe8\n[ 43.323835] Read of size 8 at addr ffff3f86481d2990 by task ip/374\n[ 43.330058]\n[ 43.342436] Call trace:\n[ 43.366542] dsa_user_prechangeupper+0x30/0xe8\n[ 43.371024] dsa_user_netdevice_event+0xb38/0xee8\n[ 43.375768] notifier_call_chain+0xa4/0x210\n[ 43.379985] raw_notifier_call_chain+0x24/0x38\n[ 43.384464] __netdev_upper_dev_link+0x3ec/0x5d8\n[ 43.389120] netdev_upper_dev_link+0x70/0xa8\n[ 43.393424] register_vlan_dev+0x1bc/0x310\n[ 43.397554] vlan_newlink+0x210/0x248\n[ 43.401247] rtnl_newlink+0x9fc/0xe30\n[ 43.404942] rtnetlink_rcv_msg+0x378/0x580\n\nAvoid the kernel oops by dereferencing after the type check, as customary.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26596",
"url": "https://www.suse.com/security/cve/CVE-2024-26596"
},
{
"category": "external",
"summary": "SUSE Bug 1220355 for CVE-2024-26596",
"url": "https://bugzilla.suse.com/1220355"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-26596"
},
{
"cve": "CVE-2024-26703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/timerlat: Move hrtimer_init to timerlat_fd open()\n\nCurrently, the timerlat\u0027s hrtimer is initialized at the first read of\ntimerlat_fd, and destroyed at close(). It works, but it causes an error\nif the user program open() and close() the file without reading.\n\nHere\u0027s an example:\n\n # echo NO_OSNOISE_WORKLOAD \u003e /sys/kernel/debug/tracing/osnoise/options\n # echo timerlat \u003e /sys/kernel/debug/tracing/current_tracer\n\n # cat \u003c\u003cEOF \u003e ./timerlat_load.py\n # !/usr/bin/env python3\n\n timerlat_fd = open(\"/sys/kernel/tracing/osnoise/per_cpu/cpu0/timerlat_fd\", \u0027r\u0027)\n timerlat_fd.close();\n EOF\n\n # ./taskset -c 0 ./timerlat_load.py\n\u003cBOOM\u003e\n\n BUG: kernel NULL pointer dereference, address: 0000000000000010\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 1 PID: 2673 Comm: python3 Not tainted 6.6.13-200.fc39.x86_64 #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-1.fc39 04/01/2014\n RIP: 0010:hrtimer_active+0xd/0x50\n Code: 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 48 8b 57 30 \u003c8b\u003e 42 10 a8 01 74 09 f3 90 8b 42 10 a8 01 75 f7 80 7f 38 00 75 1d\n RSP: 0018:ffffb031009b7e10 EFLAGS: 00010286\n RAX: 000000000002db00 RBX: ffff9118f786db08 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffff9117a0e64400 RDI: ffff9118f786db08\n RBP: ffff9118f786db80 R08: ffff9117a0ddd420 R09: ffff9117804d4f70\n R10: 0000000000000000 R11: 0000000000000000 R12: ffff9118f786db08\n R13: ffff91178fdd5e20 R14: ffff9117840978c0 R15: 0000000000000000\n FS: 00007f2ffbab1740(0000) GS:ffff9118f7840000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000010 CR3: 00000001b402e000 CR4: 0000000000750ee0\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __die+0x23/0x70\n ? page_fault_oops+0x171/0x4e0\n ? srso_alias_return_thunk+0x5/0x7f\n ? avc_has_extended_perms+0x237/0x520\n ? exc_page_fault+0x7f/0x180\n ? asm_exc_page_fault+0x26/0x30\n ? hrtimer_active+0xd/0x50\n hrtimer_cancel+0x15/0x40\n timerlat_fd_release+0x48/0xe0\n __fput+0xf5/0x290\n __x64_sys_close+0x3d/0x80\n do_syscall_64+0x60/0x90\n ? srso_alias_return_thunk+0x5/0x7f\n ? __x64_sys_ioctl+0x72/0xd0\n ? srso_alias_return_thunk+0x5/0x7f\n ? syscall_exit_to_user_mode+0x2b/0x40\n ? srso_alias_return_thunk+0x5/0x7f\n ? do_syscall_64+0x6c/0x90\n ? srso_alias_return_thunk+0x5/0x7f\n ? exit_to_user_mode_prepare+0x142/0x1f0\n ? srso_alias_return_thunk+0x5/0x7f\n ? syscall_exit_to_user_mode+0x2b/0x40\n ? srso_alias_return_thunk+0x5/0x7f\n ? do_syscall_64+0x6c/0x90\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n RIP: 0033:0x7f2ffb321594\n Code: 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 80 3d d5 cd 0d 00 00 74 13 b8 03 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 3c c3 0f 1f 00 55 48 89 e5 48 83 ec 10 89 7d\n RSP: 002b:00007ffe8d8eef18 EFLAGS: 00000202 ORIG_RAX: 0000000000000003\n RAX: ffffffffffffffda RBX: 00007f2ffba4e668 RCX: 00007f2ffb321594\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003\n RBP: 00007ffe8d8eef40 R08: 0000000000000000 R09: 0000000000000000\n R10: 55c926e3167eae79 R11: 0000000000000202 R12: 0000000000000003\n R13: 00007ffe8d8ef030 R14: 0000000000000000 R15: 00007f2ffba4e668\n \u003c/TASK\u003e\n CR2: 0000000000000010\n ---[ end trace 0000000000000000 ]---\n\nMove hrtimer_init to timerlat_fd open() to avoid this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26703",
"url": "https://www.suse.com/security/cve/CVE-2024-26703"
},
{
"category": "external",
"summary": "SUSE Bug 1222423 for CVE-2024-26703",
"url": "https://bugzilla.suse.com/1222423"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-26703"
},
{
"cve": "CVE-2024-26741",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26741"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished().\n\nsyzkaller reported a warning [0] in inet_csk_destroy_sock() with no\nrepro.\n\n WARN_ON(inet_sk(sk)-\u003einet_num \u0026\u0026 !inet_csk(sk)-\u003eicsk_bind_hash);\n\nHowever, the syzkaller\u0027s log hinted that connect() failed just before\nthe warning due to FAULT_INJECTION. [1]\n\nWhen connect() is called for an unbound socket, we search for an\navailable ephemeral port. If a bhash bucket exists for the port, we\ncall __inet_check_established() or __inet6_check_established() to check\nif the bucket is reusable.\n\nIf reusable, we add the socket into ehash and set inet_sk(sk)-\u003einet_num.\n\nLater, we look up the corresponding bhash2 bucket and try to allocate\nit if it does not exist.\n\nAlthough it rarely occurs in real use, if the allocation fails, we must\nrevert the changes by check_established(). Otherwise, an unconnected\nsocket could illegally occupy an ehash entry.\n\nNote that we do not put tw back into ehash because sk might have\nalready responded to a packet for tw and it would be better to free\ntw earlier under such memory presure.\n\n[0]:\nWARNING: CPU: 0 PID: 350830 at net/ipv4/inet_connection_sock.c:1193 inet_csk_destroy_sock (net/ipv4/inet_connection_sock.c:1193)\nModules linked in:\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nRIP: 0010:inet_csk_destroy_sock (net/ipv4/inet_connection_sock.c:1193)\nCode: 41 5c 41 5d 41 5e e9 2d 4a 3d fd e8 28 4a 3d fd 48 89 ef e8 f0 cd 7d ff 5b 5d 41 5c 41 5d 41 5e e9 13 4a 3d fd e8 0e 4a 3d fd \u003c0f\u003e 0b e9 61 fe ff ff e8 02 4a 3d fd 4c 89 e7 be 03 00 00 00 e8 05\nRSP: 0018:ffffc9000b21fd38 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: 0000000000009e78 RCX: ffffffff840bae40\nRDX: ffff88806e46c600 RSI: ffffffff840bb012 RDI: ffff88811755cca8\nRBP: ffff88811755c880 R08: 0000000000000003 R09: 0000000000000000\nR10: 0000000000009e78 R11: 0000000000000000 R12: ffff88811755c8e0\nR13: ffff88811755c892 R14: ffff88811755c918 R15: 0000000000000000\nFS: 00007f03e5243800(0000) GS:ffff88811ae00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b32f21000 CR3: 0000000112ffe001 CR4: 0000000000770ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? inet_csk_destroy_sock (net/ipv4/inet_connection_sock.c:1193)\n dccp_close (net/dccp/proto.c:1078)\n inet_release (net/ipv4/af_inet.c:434)\n __sock_release (net/socket.c:660)\n sock_close (net/socket.c:1423)\n __fput (fs/file_table.c:377)\n __fput_sync (fs/file_table.c:462)\n __x64_sys_close (fs/open.c:1557 fs/open.c:1539 fs/open.c:1539)\n do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129)\nRIP: 0033:0x7f03e53852bb\nCode: 03 00 00 00 0f 05 48 3d 00 f0 ff ff 77 41 c3 48 83 ec 18 89 7c 24 0c e8 43 c9 f5 ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 c9 f5 ff 8b 44\nRSP: 002b:00000000005dfba0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003\nRAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f03e53852bb\nRDX: 0000000000000002 RSI: 0000000000000002 RDI: 0000000000000003\nRBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000167c\nR10: 0000000008a79680 R11: 0000000000000293 R12: 00007f03e4e43000\nR13: 00007f03e4e43170 R14: 00007f03e4e43178 R15: 00007f03e4e43170\n \u003c/TASK\u003e\n\n[1]:\nFAULT_INJECTION: forcing a failure.\nname failslab, interval 1, probability 0, space 0, times 0\nCPU: 0 PID: 350833 Comm: syz-executor.1 Not tainted 6.7.0-12272-g2121c43f88f5 #9\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl (lib/dump_stack.c:107 (discriminator 1))\n should_fail_ex (lib/fault-inject.c:52 lib/fault-inject.c:153)\n should_failslab (mm/slub.c:3748)\n kmem_cache_alloc (mm/slub.c:3763 mm/slub.c:3842 mm/slub.c:3867)\n inet_bind2_bucket_create \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26741",
"url": "https://www.suse.com/security/cve/CVE-2024-26741"
},
{
"category": "external",
"summary": "SUSE Bug 1222587 for CVE-2024-26741",
"url": "https://bugzilla.suse.com/1222587"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-26741"
},
{
"cve": "CVE-2024-26758",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26758"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: Don\u0027t ignore suspended array in md_check_recovery()\n\nmddev_suspend() never stop sync_thread, hence it doesn\u0027t make sense to\nignore suspended array in md_check_recovery(), which might cause\nsync_thread can\u0027t be unregistered.\n\nAfter commit f52f5c71f3d4 (\"md: fix stopping sync thread\"), following\nhang can be triggered by test shell/integrity-caching.sh:\n\n1) suspend the array:\nraid_postsuspend\n mddev_suspend\n\n2) stop the array:\nraid_dtr\n md_stop\n __md_stop_writes\n stop_sync_thread\n set_bit(MD_RECOVERY_INTR, \u0026mddev-\u003erecovery);\n md_wakeup_thread_directly(mddev-\u003esync_thread);\n wait_event(..., !test_bit(MD_RECOVERY_RUNNING, \u0026mddev-\u003erecovery))\n\n3) sync thread done:\nmd_do_sync\n set_bit(MD_RECOVERY_DONE, \u0026mddev-\u003erecovery);\n md_wakeup_thread(mddev-\u003ethread);\n\n4) daemon thread can\u0027t unregister sync thread:\nmd_check_recovery\n if (mddev-\u003esuspended)\n return; -\u003e return directly\n md_read_sync_thread\n clear_bit(MD_RECOVERY_RUNNING, \u0026mddev-\u003erecovery);\n -\u003e MD_RECOVERY_RUNNING can\u0027t be cleared, hence step 2 hang;\n\nThis problem is not just related to dm-raid, fix it by ignoring\nsuspended array in md_check_recovery(). And follow up patches will\nimprove dm-raid better to frozen sync thread during suspend.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26758",
"url": "https://www.suse.com/security/cve/CVE-2024-26758"
},
{
"category": "external",
"summary": "SUSE Bug 1230341 for CVE-2024-26758",
"url": "https://bugzilla.suse.com/1230341"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-26758"
},
{
"cve": "CVE-2024-26761",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26761"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window\n\nThe Linux CXL subsystem is built on the assumption that HPA == SPA.\nThat is, the host physical address (HPA) the HDM decoder registers are\nprogrammed with are system physical addresses (SPA).\n\nDuring HDM decoder setup, the DVSEC CXL range registers (cxl-3.1,\n8.1.3.8) are checked if the memory is enabled and the CXL range is in\na HPA window that is described in a CFMWS structure of the CXL host\nbridge (cxl-3.1, 9.18.1.3).\n\nNow, if the HPA is not an SPA, the CXL range does not match a CFMWS\nwindow and the CXL memory range will be disabled then. The HDM decoder\nstops working which causes system memory being disabled and further a\nsystem hang during HDM decoder initialization, typically when a CXL\nenabled kernel boots.\n\nPrevent a system hang and do not disable the HDM decoder if the\ndecoder\u0027s CXL range is not found in a CFMWS window.\n\nNote the change only fixes a hardware hang, but does not implement\nHPA/SPA translation. Support for this can be added in a follow on\npatch series.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26761",
"url": "https://www.suse.com/security/cve/CVE-2024-26761"
},
{
"category": "external",
"summary": "SUSE Bug 1230375 for CVE-2024-26761",
"url": "https://bugzilla.suse.com/1230375"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-26761"
},
{
"cve": "CVE-2024-26767",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26767"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fixed integer types and null check locations\n\n[why]:\nissues fixed:\n- comparison with wider integer type in loop condition which can cause\ninfinite loops\n- pointer dereference before null check",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26767",
"url": "https://www.suse.com/security/cve/CVE-2024-26767"
},
{
"category": "external",
"summary": "SUSE Bug 1230339 for CVE-2024-26767",
"url": "https://bugzilla.suse.com/1230339"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-26767"
},
{
"cve": "CVE-2024-26782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26782"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix double-free on socket dismantle\n\nwhen MPTCP server accepts an incoming connection, it clones its listener\nsocket. However, the pointer to \u0027inet_opt\u0027 for the new socket has the same\nvalue as the original one: as a consequence, on program exit it\u0027s possible\nto observe the following splat:\n\n BUG: KASAN: double-free in inet_sock_destruct+0x54f/0x8b0\n Free of addr ffff888485950880 by task swapper/25/0\n\n CPU: 25 PID: 0 Comm: swapper/25 Kdump: loaded Not tainted 6.8.0-rc1+ #609\n Hardware name: Supermicro SYS-6027R-72RF/X9DRH-7TF/7F/iTF/iF, BIOS 3.0 07/26/2013\n Call Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x32/0x50\n print_report+0xca/0x620\n kasan_report_invalid_free+0x64/0x90\n __kasan_slab_free+0x1aa/0x1f0\n kfree+0xed/0x2e0\n inet_sock_destruct+0x54f/0x8b0\n __sk_destruct+0x48/0x5b0\n rcu_do_batch+0x34e/0xd90\n rcu_core+0x559/0xac0\n __do_softirq+0x183/0x5a4\n irq_exit_rcu+0x12d/0x170\n sysvec_apic_timer_interrupt+0x6b/0x80\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_sysvec_apic_timer_interrupt+0x16/0x20\n RIP: 0010:cpuidle_enter_state+0x175/0x300\n Code: 30 00 0f 84 1f 01 00 00 83 e8 01 83 f8 ff 75 e5 48 83 c4 18 44 89 e8 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc fb 45 85 ed \u003c0f\u003e 89 60 ff ff ff 48 c1 e5 06 48 c7 43 18 00 00 00 00 48 83 44 2b\n RSP: 0018:ffff888481cf7d90 EFLAGS: 00000202\n RAX: 0000000000000000 RBX: ffff88887facddc8 RCX: 0000000000000000\n RDX: 1ffff1110ff588b1 RSI: 0000000000000019 RDI: ffff88887fac4588\n RBP: 0000000000000004 R08: 0000000000000002 R09: 0000000000043080\n R10: 0009b02ea273363f R11: ffff88887fabf42b R12: ffffffff932592e0\n R13: 0000000000000004 R14: 0000000000000000 R15: 00000022c880ec80\n cpuidle_enter+0x4a/0xa0\n do_idle+0x310/0x410\n cpu_startup_entry+0x51/0x60\n start_secondary+0x211/0x270\n secondary_startup_64_no_verify+0x184/0x18b\n \u003c/TASK\u003e\n\n Allocated by task 6853:\n kasan_save_stack+0x1c/0x40\n kasan_save_track+0x10/0x30\n __kasan_kmalloc+0xa6/0xb0\n __kmalloc+0x1eb/0x450\n cipso_v4_sock_setattr+0x96/0x360\n netlbl_sock_setattr+0x132/0x1f0\n selinux_netlbl_socket_post_create+0x6c/0x110\n selinux_socket_post_create+0x37b/0x7f0\n security_socket_post_create+0x63/0xb0\n __sock_create+0x305/0x450\n __sys_socket_create.part.23+0xbd/0x130\n __sys_socket+0x37/0xb0\n __x64_sys_socket+0x6f/0xb0\n do_syscall_64+0x83/0x160\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\n Freed by task 6858:\n kasan_save_stack+0x1c/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x12c/0x1f0\n kfree+0xed/0x2e0\n inet_sock_destruct+0x54f/0x8b0\n __sk_destruct+0x48/0x5b0\n subflow_ulp_release+0x1f0/0x250\n tcp_cleanup_ulp+0x6e/0x110\n tcp_v4_destroy_sock+0x5a/0x3a0\n inet_csk_destroy_sock+0x135/0x390\n tcp_fin+0x416/0x5c0\n tcp_data_queue+0x1bc8/0x4310\n tcp_rcv_state_process+0x15a3/0x47b0\n tcp_v4_do_rcv+0x2c1/0x990\n tcp_v4_rcv+0x41fb/0x5ed0\n ip_protocol_deliver_rcu+0x6d/0x9f0\n ip_local_deliver_finish+0x278/0x360\n ip_local_deliver+0x182/0x2c0\n ip_rcv+0xb5/0x1c0\n __netif_receive_skb_one_core+0x16e/0x1b0\n process_backlog+0x1e3/0x650\n __napi_poll+0xa6/0x500\n net_rx_action+0x740/0xbb0\n __do_softirq+0x183/0x5a4\n\n The buggy address belongs to the object at ffff888485950880\n which belongs to the cache kmalloc-64 of size 64\n The buggy address is located 0 bytes inside of\n 64-byte region [ffff888485950880, ffff8884859508c0)\n\n The buggy address belongs to the physical page:\n page:0000000056d1e95e refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888485950700 pfn:0x485950\n flags: 0x57ffffc0000800(slab|node=1|zone=2|lastcpupid=0x1fffff)\n page_type: 0xffffffff()\n raw: 0057ffffc0000800 ffff88810004c640 ffffea00121b8ac0 dead000000000006\n raw: ffff888485950700 0000000000200019 00000001ffffffff 0000000000000000\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n ffff888485950780: fa fb fb\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26782",
"url": "https://www.suse.com/security/cve/CVE-2024-26782"
},
{
"category": "external",
"summary": "SUSE Bug 1222590 for CVE-2024-26782",
"url": "https://bugzilla.suse.com/1222590"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-26782"
},
{
"cve": "CVE-2024-26864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26864"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Fix refcnt handling in __inet_hash_connect().\n\nsyzbot reported a warning in sk_nulls_del_node_init_rcu().\n\nThe commit 66b60b0c8c4a (\"dccp/tcp: Unhash sk from ehash for tb2 alloc\nfailure after check_estalblished().\") tried to fix an issue that an\nunconnected socket occupies an ehash entry when bhash2 allocation fails.\n\nIn such a case, we need to revert changes done by check_established(),\nwhich does not hold refcnt when inserting socket into ehash.\n\nSo, to revert the change, we need to __sk_nulls_add_node_rcu() instead\nof sk_nulls_add_node_rcu().\n\nOtherwise, sock_put() will cause refcnt underflow and leak the socket.\n\n[0]:\nWARNING: CPU: 0 PID: 23948 at include/net/sock.h:799 sk_nulls_del_node_init_rcu+0x166/0x1a0 include/net/sock.h:799\nModules linked in:\nCPU: 0 PID: 23948 Comm: syz-executor.2 Not tainted 6.8.0-rc6-syzkaller-00159-gc055fc00c07b #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\nRIP: 0010:sk_nulls_del_node_init_rcu+0x166/0x1a0 include/net/sock.h:799\nCode: e8 7f 71 c6 f7 83 fb 02 7c 25 e8 35 6d c6 f7 4d 85 f6 0f 95 c0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 1b 6d c6 f7 90 \u003c0f\u003e 0b 90 eb b2 e8 10 6d c6 f7 4c 89 e7 be 04 00 00 00 e8 63 e7 d2\nRSP: 0018:ffffc900032d7848 EFLAGS: 00010246\nRAX: ffffffff89cd0035 RBX: 0000000000000001 RCX: 0000000000040000\nRDX: ffffc90004de1000 RSI: 000000000003ffff RDI: 0000000000040000\nRBP: 1ffff1100439ac26 R08: ffffffff89ccffe3 R09: 1ffff1100439ac28\nR10: dffffc0000000000 R11: ffffed100439ac29 R12: ffff888021cd6140\nR13: dffffc0000000000 R14: ffff88802a9bf5c0 R15: ffff888021cd6130\nFS: 00007f3b823f16c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f3b823f0ff8 CR3: 000000004674a000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n __inet_hash_connect+0x140f/0x20b0 net/ipv4/inet_hashtables.c:1139\n dccp_v6_connect+0xcb9/0x1480 net/dccp/ipv6.c:956\n __inet_stream_connect+0x262/0xf30 net/ipv4/af_inet.c:678\n inet_stream_connect+0x65/0xa0 net/ipv4/af_inet.c:749\n __sys_connect_file net/socket.c:2048 [inline]\n __sys_connect+0x2df/0x310 net/socket.c:2065\n __do_sys_connect net/socket.c:2075 [inline]\n __se_sys_connect net/socket.c:2072 [inline]\n __x64_sys_connect+0x7a/0x90 net/socket.c:2072\n do_syscall_64+0xf9/0x240\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\nRIP: 0033:0x7f3b8167dda9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f3b823f10c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002a\nRAX: ffffffffffffffda RBX: 00007f3b817abf80 RCX: 00007f3b8167dda9\nRDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000003\nRBP: 00007f3b823f1120 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001\nR13: 000000000000000b R14: 00007f3b817abf80 R15: 00007ffd3beb57b8\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26864",
"url": "https://www.suse.com/security/cve/CVE-2024-26864"
},
{
"category": "external",
"summary": "SUSE Bug 1223112 for CVE-2024-26864",
"url": "https://bugzilla.suse.com/1223112"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-26864"
},
{
"cve": "CVE-2024-26943",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26943"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnouveau/dmem: handle kcalloc() allocation failure\n\nThe kcalloc() in nouveau_dmem_evict_chunk() will return null if\nthe physical memory has run out. As a result, if we dereference\nsrc_pfns, dst_pfns or dma_addrs, the null pointer dereference bugs\nwill happen.\n\nMoreover, the GPU is going away. If the kcalloc() fails, we could not\nevict all pages mapping a chunk. So this patch adds a __GFP_NOFAIL\nflag in kcalloc().\n\nFinally, as there is no need to have physically contiguous memory,\nthis patch switches kcalloc() to kvcalloc() in order to avoid\nfailing allocations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26943",
"url": "https://www.suse.com/security/cve/CVE-2024-26943"
},
{
"category": "external",
"summary": "SUSE Bug 1230527 for CVE-2024-26943",
"url": "https://bugzilla.suse.com/1230527"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-26943"
},
{
"cve": "CVE-2024-26953",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26953"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: esp: fix bad handling of pages from page_pool\n\nWhen the skb is reorganized during esp_output (!esp-\u003einline), the pages\ncoming from the original skb fragments are supposed to be released back\nto the system through put_page. But if the skb fragment pages are\noriginating from a page_pool, calling put_page on them will trigger a\npage_pool leak which will eventually result in a crash.\n\nThis leak can be easily observed when using CONFIG_DEBUG_VM and doing\nipsec + gre (non offloaded) forwarding:\n\n BUG: Bad page state in process ksoftirqd/16 pfn:1451b6\n page:00000000de2b8d32 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1451b6000 pfn:0x1451b6\n flags: 0x200000000000000(node=0|zone=2)\n page_type: 0xffffffff()\n raw: 0200000000000000 dead000000000040 ffff88810d23c000 0000000000000000\n raw: 00000001451b6000 0000000000000001 00000000ffffffff 0000000000000000\n page dumped because: page_pool leak\n Modules linked in: ip_gre gre mlx5_ib mlx5_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink iptable_nat nf_nat xt_addrtype br_netfilter rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm ib_uverbs ib_core overlay zram zsmalloc fuse [last unloaded: mlx5_core]\n CPU: 16 PID: 96 Comm: ksoftirqd/16 Not tainted 6.8.0-rc4+ #22\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x36/0x50\n bad_page+0x70/0xf0\n free_unref_page_prepare+0x27a/0x460\n free_unref_page+0x38/0x120\n esp_ssg_unref.isra.0+0x15f/0x200\n esp_output_tail+0x66d/0x780\n esp_xmit+0x2c5/0x360\n validate_xmit_xfrm+0x313/0x370\n ? validate_xmit_skb+0x1d/0x330\n validate_xmit_skb_list+0x4c/0x70\n sch_direct_xmit+0x23e/0x350\n __dev_queue_xmit+0x337/0xba0\n ? nf_hook_slow+0x3f/0xd0\n ip_finish_output2+0x25e/0x580\n iptunnel_xmit+0x19b/0x240\n ip_tunnel_xmit+0x5fb/0xb60\n ipgre_xmit+0x14d/0x280 [ip_gre]\n dev_hard_start_xmit+0xc3/0x1c0\n __dev_queue_xmit+0x208/0xba0\n ? nf_hook_slow+0x3f/0xd0\n ip_finish_output2+0x1ca/0x580\n ip_sublist_rcv_finish+0x32/0x40\n ip_sublist_rcv+0x1b2/0x1f0\n ? ip_rcv_finish_core.constprop.0+0x460/0x460\n ip_list_rcv+0x103/0x130\n __netif_receive_skb_list_core+0x181/0x1e0\n netif_receive_skb_list_internal+0x1b3/0x2c0\n napi_gro_receive+0xc8/0x200\n gro_cell_poll+0x52/0x90\n __napi_poll+0x25/0x1a0\n net_rx_action+0x28e/0x300\n __do_softirq+0xc3/0x276\n ? sort_range+0x20/0x20\n run_ksoftirqd+0x1e/0x30\n smpboot_thread_fn+0xa6/0x130\n kthread+0xcd/0x100\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x31/0x50\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e\n\nThe suggested fix is to introduce a new wrapper (skb_page_unref) that\ncovers page refcounting for page_pool pages as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26953",
"url": "https://www.suse.com/security/cve/CVE-2024-26953"
},
{
"category": "external",
"summary": "SUSE Bug 1223656 for CVE-2024-26953",
"url": "https://bugzilla.suse.com/1223656"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-26953"
},
{
"cve": "CVE-2024-27017",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27017"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo: walk over current view on netlink dump\n\nThe generation mask can be updated while netlink dump is in progress.\nThe pipapo set backend walk iterator cannot rely on it to infer what\nview of the datastructure is to be used. Add notation to specify if user\nwants to read/update the set.\n\nBased on patch from Florian Westphal.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27017",
"url": "https://www.suse.com/security/cve/CVE-2024-27017"
},
{
"category": "external",
"summary": "SUSE Bug 1223733 for CVE-2024-27017",
"url": "https://bugzilla.suse.com/1223733"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-27017"
},
{
"cve": "CVE-2024-27026",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27026"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvmxnet3: Fix missing reserved tailroom\n\nUse rbi-\u003elen instead of rcd-\u003elen for non-dataring packet.\n\nFound issue:\n XDP_WARN: xdp_update_frame_from_buff(line:278): Driver BUG: missing reserved tailroom\n WARNING: CPU: 0 PID: 0 at net/core/xdp.c:586 xdp_warn+0xf/0x20\n CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W O 6.5.1 #1\n RIP: 0010:xdp_warn+0xf/0x20\n ...\n ? xdp_warn+0xf/0x20\n xdp_do_redirect+0x15f/0x1c0\n vmxnet3_run_xdp+0x17a/0x400 [vmxnet3]\n vmxnet3_process_xdp+0xe4/0x760 [vmxnet3]\n ? vmxnet3_tq_tx_complete.isra.0+0x21e/0x2c0 [vmxnet3]\n vmxnet3_rq_rx_complete+0x7ad/0x1120 [vmxnet3]\n vmxnet3_poll_rx_only+0x2d/0xa0 [vmxnet3]\n __napi_poll+0x20/0x180\n net_rx_action+0x177/0x390",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27026",
"url": "https://www.suse.com/security/cve/CVE-2024-27026"
},
{
"category": "external",
"summary": "SUSE Bug 1223700 for CVE-2024-27026",
"url": "https://bugzilla.suse.com/1223700"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-27026"
},
{
"cve": "CVE-2024-27043",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27043"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: edia: dvbdev: fix a use-after-free\n\nIn dvb_register_device, *pdvbdev is set equal to dvbdev, which is freed\nin several error-handling paths. However, *pdvbdev is not set to NULL\nafter dvbdev\u0027s deallocation, causing use-after-frees in many places,\nfor example, in the following call chain:\n\nbudget_register\n |-\u003e dvb_dmxdev_init\n |-\u003e dvb_register_device\n |-\u003e dvb_dmxdev_release\n |-\u003e dvb_unregister_device\n |-\u003e dvb_remove_device\n |-\u003e dvb_device_put\n |-\u003e kref_put\n\nWhen calling dvb_unregister_device, dmxdev-\u003edvbdev (i.e. *pdvbdev in\ndvb_register_device) could point to memory that had been freed in\ndvb_register_device. Thereafter, this pointer is transferred to\nkref_put and triggering a use-after-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27043",
"url": "https://www.suse.com/security/cve/CVE-2024-27043"
},
{
"category": "external",
"summary": "SUSE Bug 1218562 for CVE-2024-27043",
"url": "https://bugzilla.suse.com/1218562"
},
{
"category": "external",
"summary": "SUSE Bug 1223824 for CVE-2024-27043",
"url": "https://bugzilla.suse.com/1223824"
},
{
"category": "external",
"summary": "SUSE Bug 1223825 for CVE-2024-27043",
"url": "https://bugzilla.suse.com/1223825"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-27043"
},
{
"cve": "CVE-2024-27407",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27407"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Fixed overflow check in mi_enum_attr()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27407",
"url": "https://www.suse.com/security/cve/CVE-2024-27407"
},
{
"category": "external",
"summary": "SUSE Bug 1224429 for CVE-2024-27407",
"url": "https://bugzilla.suse.com/1224429"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-27407"
},
{
"cve": "CVE-2024-35888",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35888"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nerspan: make sure erspan_base_hdr is present in skb-\u003ehead\n\nsyzbot reported a problem in ip6erspan_rcv() [1]\n\nIssue is that ip6erspan_rcv() (and erspan_rcv()) no longer make\nsure erspan_base_hdr is present in skb linear part (skb-\u003ehead)\nbefore getting @ver field from it.\n\nAdd the missing pskb_may_pull() calls.\n\nv2: Reload iph pointer in erspan_rcv() after pskb_may_pull()\n because skb-\u003ehead might have changed.\n\n[1]\n\n BUG: KMSAN: uninit-value in pskb_may_pull_reason include/linux/skbuff.h:2742 [inline]\n BUG: KMSAN: uninit-value in pskb_may_pull include/linux/skbuff.h:2756 [inline]\n BUG: KMSAN: uninit-value in ip6erspan_rcv net/ipv6/ip6_gre.c:541 [inline]\n BUG: KMSAN: uninit-value in gre_rcv+0x11f8/0x1930 net/ipv6/ip6_gre.c:610\n pskb_may_pull_reason include/linux/skbuff.h:2742 [inline]\n pskb_may_pull include/linux/skbuff.h:2756 [inline]\n ip6erspan_rcv net/ipv6/ip6_gre.c:541 [inline]\n gre_rcv+0x11f8/0x1930 net/ipv6/ip6_gre.c:610\n ip6_protocol_deliver_rcu+0x1d4c/0x2ca0 net/ipv6/ip6_input.c:438\n ip6_input_finish net/ipv6/ip6_input.c:483 [inline]\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492\n ip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586\n dst_input include/net/dst.h:460 [inline]\n ip6_rcv_finish+0x955/0x970 net/ipv6/ip6_input.c:79\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ipv6_rcv+0xde/0x390 net/ipv6/ip6_input.c:310\n __netif_receive_skb_one_core net/core/dev.c:5538 [inline]\n __netif_receive_skb+0x1da/0xa00 net/core/dev.c:5652\n netif_receive_skb_internal net/core/dev.c:5738 [inline]\n netif_receive_skb+0x58/0x660 net/core/dev.c:5798\n tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1549\n tun_get_user+0x5566/0x69e0 drivers/net/tun.c:2002\n tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048\n call_write_iter include/linux/fs.h:2108 [inline]\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0xb63/0x1520 fs/read_write.c:590\n ksys_write+0x20f/0x4c0 fs/read_write.c:643\n __do_sys_write fs/read_write.c:655 [inline]\n __se_sys_write fs/read_write.c:652 [inline]\n __x64_sys_write+0x93/0xe0 fs/read_write.c:652\n do_syscall_64+0xd5/0x1f0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3804 [inline]\n slab_alloc_node mm/slub.c:3845 [inline]\n kmem_cache_alloc_node+0x613/0xc50 mm/slub.c:3888\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:577\n __alloc_skb+0x35b/0x7a0 net/core/skbuff.c:668\n alloc_skb include/linux/skbuff.h:1318 [inline]\n alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6504\n sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2795\n tun_alloc_skb drivers/net/tun.c:1525 [inline]\n tun_get_user+0x209a/0x69e0 drivers/net/tun.c:1846\n tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048\n call_write_iter include/linux/fs.h:2108 [inline]\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0xb63/0x1520 fs/read_write.c:590\n ksys_write+0x20f/0x4c0 fs/read_write.c:643\n __do_sys_write fs/read_write.c:655 [inline]\n __se_sys_write fs/read_write.c:652 [inline]\n __x64_sys_write+0x93/0xe0 fs/read_write.c:652\n do_syscall_64+0xd5/0x1f0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nCPU: 1 PID: 5045 Comm: syz-executor114 Not tainted 6.9.0-rc1-syzkaller-00021-g962490525cff #0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35888",
"url": "https://www.suse.com/security/cve/CVE-2024-35888"
},
{
"category": "external",
"summary": "SUSE Bug 1224518 for CVE-2024-35888",
"url": "https://bugzilla.suse.com/1224518"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-35888"
},
{
"cve": "CVE-2024-35980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35980"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: tlb: Fix TLBI RANGE operand\n\nKVM/arm64 relies on TLBI RANGE feature to flush TLBs when the dirty\npages are collected by VMM and the page table entries become write\nprotected during live migration. Unfortunately, the operand passed\nto the TLBI RANGE instruction isn\u0027t correctly sorted out due to the\ncommit 117940aa6e5f (\"KVM: arm64: Define kvm_tlb_flush_vmid_range()\").\nIt leads to crash on the destination VM after live migration because\nTLBs aren\u0027t flushed completely and some of the dirty pages are missed.\n\nFor example, I have a VM where 8GB memory is assigned, starting from\n0x40000000 (1GB). Note that the host has 4KB as the base page size.\nIn the middile of migration, kvm_tlb_flush_vmid_range() is executed\nto flush TLBs. It passes MAX_TLBI_RANGE_PAGES as the argument to\n__kvm_tlb_flush_vmid_range() and __flush_s2_tlb_range_op(). SCALE#3\nand NUM#31, corresponding to MAX_TLBI_RANGE_PAGES, isn\u0027t supported\nby __TLBI_RANGE_NUM(). In this specific case, -1 has been returned\nfrom __TLBI_RANGE_NUM() for SCALE#3/2/1/0 and rejected by the loop\nin the __flush_tlb_range_op() until the variable @scale underflows\nand becomes -9, 0xffff708000040000 is set as the operand. The operand\nis wrong since it\u0027s sorted out by __TLBI_VADDR_RANGE() according to\ninvalid @scale and @num.\n\nFix it by extending __TLBI_RANGE_NUM() to support the combination of\nSCALE#3 and NUM#31. With the changes, [-1 31] instead of [-1 30] can\nbe returned from the macro, meaning the TLBs for 0x200000 pages in the\nabove example can be flushed in one shoot with SCALE#3 and NUM#31. The\nmacro TLBI_RANGE_MASK is dropped since no one uses it any more. The\ncomments are also adjusted accordingly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35980",
"url": "https://www.suse.com/security/cve/CVE-2024-35980"
},
{
"category": "external",
"summary": "SUSE Bug 1224574 for CVE-2024-35980",
"url": "https://bugzilla.suse.com/1224574"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-35980"
},
{
"cve": "CVE-2024-36000",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36000"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: fix missing hugetlb_lock for resv uncharge\n\nThere is a recent report on UFFDIO_COPY over hugetlb:\n\nhttps://lore.kernel.org/all/000000000000ee06de0616177560@google.com/\n\n350:\tlockdep_assert_held(\u0026hugetlb_lock);\n\nShould be an issue in hugetlb but triggered in an userfault context, where\nit goes into the unlikely path where two threads modifying the resv map\ntogether. Mike has a fix in that path for resv uncharge but it looks like\nthe locking criteria was overlooked: hugetlb_cgroup_uncharge_folio_rsvd()\nwill update the cgroup pointer, so it requires to be called with the lock\nheld.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36000",
"url": "https://www.suse.com/security/cve/CVE-2024-36000"
},
{
"category": "external",
"summary": "SUSE Bug 1224548 for CVE-2024-36000",
"url": "https://bugzilla.suse.com/1224548"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-36000"
},
{
"cve": "CVE-2024-36031",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36031"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nkeys: Fix overwrite of key expiration on instantiation\n\nThe expiry time of a key is unconditionally overwritten during\ninstantiation, defaulting to turn it permanent. This causes a problem\nfor DNS resolution as the expiration set by user-space is overwritten to\nTIME64_MAX, disabling further DNS updates. Fix this by restoring the\ncondition that key_set_expiry is only called when the pre-parser sets a\nspecific expiry.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36031",
"url": "https://www.suse.com/security/cve/CVE-2024-36031"
},
{
"category": "external",
"summary": "SUSE Bug 1225713 for CVE-2024-36031",
"url": "https://bugzilla.suse.com/1225713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-36031"
},
{
"cve": "CVE-2024-36244",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36244"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: taprio: extend minimum interval restriction to entire cycle too\n\nIt is possible for syzbot to side-step the restriction imposed by the\nblamed commit in the Fixes: tag, because the taprio UAPI permits a\ncycle-time different from (and potentially shorter than) the sum of\nentry intervals.\n\nWe need one more restriction, which is that the cycle time itself must\nbe larger than N * ETH_ZLEN bit times, where N is the number of schedule\nentries. This restriction needs to apply regardless of whether the cycle\ntime came from the user or was the implicit, auto-calculated value, so\nwe move the existing \"cycle == 0\" check outside the \"if \"(!new-\u003ecycle_time)\"\nbranch. This way covers both conditions and scenarios.\n\nAdd a selftest which illustrates the issue triggered by syzbot.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36244",
"url": "https://www.suse.com/security/cve/CVE-2024-36244"
},
{
"category": "external",
"summary": "SUSE Bug 1226797 for CVE-2024-36244",
"url": "https://bugzilla.suse.com/1226797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "low"
}
],
"title": "CVE-2024-36244"
},
{
"cve": "CVE-2024-36484",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36484"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: relax socket state check at accept time.\n\nChristoph reported the following splat:\n\nWARNING: CPU: 1 PID: 772 at net/ipv4/af_inet.c:761 __inet_accept+0x1f4/0x4a0\nModules linked in:\nCPU: 1 PID: 772 Comm: syz-executor510 Not tainted 6.9.0-rc7-g7da7119fe22b #56\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014\nRIP: 0010:__inet_accept+0x1f4/0x4a0 net/ipv4/af_inet.c:759\nCode: 04 38 84 c0 0f 85 87 00 00 00 41 c7 04 24 03 00 00 00 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 ec b7 da fd \u003c0f\u003e 0b e9 7f fe ff ff e8 e0 b7 da fd 0f 0b e9 fe fe ff ff 89 d9 80\nRSP: 0018:ffffc90000c2fc58 EFLAGS: 00010293\nRAX: ffffffff836bdd14 RBX: 0000000000000000 RCX: ffff888104668000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: dffffc0000000000 R08: ffffffff836bdb89 R09: fffff52000185f64\nR10: dffffc0000000000 R11: fffff52000185f64 R12: dffffc0000000000\nR13: 1ffff92000185f98 R14: ffff88810754d880 R15: ffff8881007b7800\nFS: 000000001c772880(0000) GS:ffff88811b280000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fb9fcf2e178 CR3: 00000001045d2002 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n inet_accept+0x138/0x1d0 net/ipv4/af_inet.c:786\n do_accept+0x435/0x620 net/socket.c:1929\n __sys_accept4_file net/socket.c:1969 [inline]\n __sys_accept4+0x9b/0x110 net/socket.c:1999\n __do_sys_accept net/socket.c:2016 [inline]\n __se_sys_accept net/socket.c:2013 [inline]\n __x64_sys_accept+0x7d/0x90 net/socket.c:2013\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x58/0x100 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x4315f9\nCode: fd ff 48 81 c4 80 00 00 00 e9 f1 fe ff ff 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 0f 83 ab b4 fd ff c3 66 2e 0f 1f 84 00 00 00 00\nRSP: 002b:00007ffdb26d9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002b\nRAX: ffffffffffffffda RBX: 0000000000400300 RCX: 00000000004315f9\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004\nRBP: 00000000006e1018 R08: 0000000000400300 R09: 0000000000400300\nR10: 0000000000400300 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000040cdf0 R14: 000000000040ce80 R15: 0000000000000055\n \u003c/TASK\u003e\n\nThe reproducer invokes shutdown() before entering the listener status.\nAfter commit 94062790aedb (\"tcp: defer shutdown(SEND_SHUTDOWN) for\nTCP_SYN_RECV sockets\"), the above causes the child to reach the accept\nsyscall in FIN_WAIT1 status.\n\nEric noted we can relax the existing assertion in __inet_accept()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36484",
"url": "https://www.suse.com/security/cve/CVE-2024-36484"
},
{
"category": "external",
"summary": "SUSE Bug 1226872 for CVE-2024-36484",
"url": "https://bugzilla.suse.com/1226872"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-36484"
},
{
"cve": "CVE-2024-36883",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36883"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix out-of-bounds access in ops_init\n\nnet_alloc_generic is called by net_alloc, which is called without any\nlocking. It reads max_gen_ptrs, which is changed under pernet_ops_rwsem. It\nis read twice, first to allocate an array, then to set s.len, which is\nlater used to limit the bounds of the array access.\n\nIt is possible that the array is allocated and another thread is\nregistering a new pernet ops, increments max_gen_ptrs, which is then used\nto set s.len with a larger than allocated length for the variable array.\n\nFix it by reading max_gen_ptrs only once in net_alloc_generic. If\nmax_gen_ptrs is later incremented, it will be caught in net_assign_generic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36883",
"url": "https://www.suse.com/security/cve/CVE-2024-36883"
},
{
"category": "external",
"summary": "SUSE Bug 1225725 for CVE-2024-36883",
"url": "https://bugzilla.suse.com/1225725"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-36883"
},
{
"cve": "CVE-2024-36886",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36886"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix UAF in error path\n\nSam Page (sam4k) working with Trend Micro Zero Day Initiative reported\na UAF in the tipc_buf_append() error path:\n\nBUG: KASAN: slab-use-after-free in kfree_skb_list_reason+0x47e/0x4c0\nlinux/net/core/skbuff.c:1183\nRead of size 8 at addr ffff88804d2a7c80 by task poc/8034\n\nCPU: 1 PID: 8034 Comm: poc Not tainted 6.8.2 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.16.0-debian-1.16.0-5 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack linux/lib/dump_stack.c:88\n dump_stack_lvl+0xd9/0x1b0 linux/lib/dump_stack.c:106\n print_address_description linux/mm/kasan/report.c:377\n print_report+0xc4/0x620 linux/mm/kasan/report.c:488\n kasan_report+0xda/0x110 linux/mm/kasan/report.c:601\n kfree_skb_list_reason+0x47e/0x4c0 linux/net/core/skbuff.c:1183\n skb_release_data+0x5af/0x880 linux/net/core/skbuff.c:1026\n skb_release_all linux/net/core/skbuff.c:1094\n __kfree_skb linux/net/core/skbuff.c:1108\n kfree_skb_reason+0x12d/0x210 linux/net/core/skbuff.c:1144\n kfree_skb linux/./include/linux/skbuff.h:1244\n tipc_buf_append+0x425/0xb50 linux/net/tipc/msg.c:186\n tipc_link_input+0x224/0x7c0 linux/net/tipc/link.c:1324\n tipc_link_rcv+0x76e/0x2d70 linux/net/tipc/link.c:1824\n tipc_rcv+0x45f/0x10f0 linux/net/tipc/node.c:2159\n tipc_udp_recv+0x73b/0x8f0 linux/net/tipc/udp_media.c:390\n udp_queue_rcv_one_skb+0xad2/0x1850 linux/net/ipv4/udp.c:2108\n udp_queue_rcv_skb+0x131/0xb00 linux/net/ipv4/udp.c:2186\n udp_unicast_rcv_skb+0x165/0x3b0 linux/net/ipv4/udp.c:2346\n __udp4_lib_rcv+0x2594/0x3400 linux/net/ipv4/udp.c:2422\n ip_protocol_deliver_rcu+0x30c/0x4e0 linux/net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x2e4/0x520 linux/net/ipv4/ip_input.c:233\n NF_HOOK linux/./include/linux/netfilter.h:314\n NF_HOOK linux/./include/linux/netfilter.h:308\n ip_local_deliver+0x18e/0x1f0 linux/net/ipv4/ip_input.c:254\n dst_input linux/./include/net/dst.h:461\n ip_rcv_finish linux/net/ipv4/ip_input.c:449\n NF_HOOK linux/./include/linux/netfilter.h:314\n NF_HOOK linux/./include/linux/netfilter.h:308\n ip_rcv+0x2c5/0x5d0 linux/net/ipv4/ip_input.c:569\n __netif_receive_skb_one_core+0x199/0x1e0 linux/net/core/dev.c:5534\n __netif_receive_skb+0x1f/0x1c0 linux/net/core/dev.c:5648\n process_backlog+0x101/0x6b0 linux/net/core/dev.c:5976\n __napi_poll.constprop.0+0xba/0x550 linux/net/core/dev.c:6576\n napi_poll linux/net/core/dev.c:6645\n net_rx_action+0x95a/0xe90 linux/net/core/dev.c:6781\n __do_softirq+0x21f/0x8e7 linux/kernel/softirq.c:553\n do_softirq linux/kernel/softirq.c:454\n do_softirq+0xb2/0xf0 linux/kernel/softirq.c:441\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n __local_bh_enable_ip+0x100/0x120 linux/kernel/softirq.c:381\n local_bh_enable linux/./include/linux/bottom_half.h:33\n rcu_read_unlock_bh linux/./include/linux/rcupdate.h:851\n __dev_queue_xmit+0x871/0x3ee0 linux/net/core/dev.c:4378\n dev_queue_xmit linux/./include/linux/netdevice.h:3169\n neigh_hh_output linux/./include/net/neighbour.h:526\n neigh_output linux/./include/net/neighbour.h:540\n ip_finish_output2+0x169f/0x2550 linux/net/ipv4/ip_output.c:235\n __ip_finish_output linux/net/ipv4/ip_output.c:313\n __ip_finish_output+0x49e/0x950 linux/net/ipv4/ip_output.c:295\n ip_finish_output+0x31/0x310 linux/net/ipv4/ip_output.c:323\n NF_HOOK_COND linux/./include/linux/netfilter.h:303\n ip_output+0x13b/0x2a0 linux/net/ipv4/ip_output.c:433\n dst_output linux/./include/net/dst.h:451\n ip_local_out linux/net/ipv4/ip_output.c:129\n ip_send_skb+0x3e5/0x560 linux/net/ipv4/ip_output.c:1492\n udp_send_skb+0x73f/0x1530 linux/net/ipv4/udp.c:963\n udp_sendmsg+0x1a36/0x2b40 linux/net/ipv4/udp.c:1250\n inet_sendmsg+0x105/0x140 linux/net/ipv4/af_inet.c:850\n sock_sendmsg_nosec linux/net/socket.c:730\n __sock_sendmsg linux/net/socket.c:745\n __sys_sendto+0x42c/0x4e0 linux/net/socket.c:2191\n __do_sys_sendto linux/net/socket.c:2203\n __se_sys_sendto linux/net/socket.c:2199\n __x64_sys_sendto+0xe0/0x1c0 linux/net/socket.c:2199\n do_syscall_x64 linux/arch/x86/entry/common.c:52\n do_syscall_\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36886",
"url": "https://www.suse.com/security/cve/CVE-2024-36886"
},
{
"category": "external",
"summary": "SUSE Bug 1225730 for CVE-2024-36886",
"url": "https://bugzilla.suse.com/1225730"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-36886",
"url": "https://bugzilla.suse.com/1225742"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-36886"
},
{
"cve": "CVE-2024-36905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36905"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets\n\nTCP_SYN_RECV state is really special, it is only used by\ncross-syn connections, mostly used by fuzzers.\n\nIn the following crash [1], syzbot managed to trigger a divide\nby zero in tcp_rcv_space_adjust()\n\nA socket makes the following state transitions,\nwithout ever calling tcp_init_transfer(),\nmeaning tcp_init_buffer_space() is also not called.\n\n TCP_CLOSE\nconnect()\n TCP_SYN_SENT\n TCP_SYN_RECV\nshutdown() -\u003e tcp_shutdown(sk, SEND_SHUTDOWN)\n TCP_FIN_WAIT1\n\nTo fix this issue, change tcp_shutdown() to not\nperform a TCP_SYN_RECV -\u003e TCP_FIN_WAIT1 transition,\nwhich makes no sense anyway.\n\nWhen tcp_rcv_state_process() later changes socket state\nfrom TCP_SYN_RECV to TCP_ESTABLISH, then look at\nsk-\u003esk_shutdown to finally enter TCP_FIN_WAIT1 state,\nand send a FIN packet from a sane socket state.\n\nThis means tcp_send_fin() can now be called from BH\ncontext, and must use GFP_ATOMIC allocations.\n\n[1]\ndivide error: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 1 PID: 5084 Comm: syz-executor358 Not tainted 6.9.0-rc6-syzkaller-00022-g98369dccd2f8 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\n RIP: 0010:tcp_rcv_space_adjust+0x2df/0x890 net/ipv4/tcp_input.c:767\nCode: e3 04 4c 01 eb 48 8b 44 24 38 0f b6 04 10 84 c0 49 89 d5 0f 85 a5 03 00 00 41 8b 8e c8 09 00 00 89 e8 29 c8 48 0f af c3 31 d2 \u003c48\u003e f7 f1 48 8d 1c 43 49 8d 96 76 08 00 00 48 89 d0 48 c1 e8 03 48\nRSP: 0018:ffffc900031ef3f0 EFLAGS: 00010246\nRAX: 0c677a10441f8f42 RBX: 000000004fb95e7e RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: 0000000027d4b11f R08: ffffffff89e535a4 R09: 1ffffffff25e6ab7\nR10: dffffc0000000000 R11: ffffffff8135e920 R12: ffff88802a9f8d30\nR13: dffffc0000000000 R14: ffff88802a9f8d00 R15: 1ffff1100553f2da\nFS: 00005555775c0380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f1155bf2304 CR3: 000000002b9f2000 CR4: 0000000000350ef0\nCall Trace:\n \u003cTASK\u003e\n tcp_recvmsg_locked+0x106d/0x25a0 net/ipv4/tcp.c:2513\n tcp_recvmsg+0x25d/0x920 net/ipv4/tcp.c:2578\n inet6_recvmsg+0x16a/0x730 net/ipv6/af_inet6.c:680\n sock_recvmsg_nosec net/socket.c:1046 [inline]\n sock_recvmsg+0x109/0x280 net/socket.c:1068\n ____sys_recvmsg+0x1db/0x470 net/socket.c:2803\n ___sys_recvmsg net/socket.c:2845 [inline]\n do_recvmmsg+0x474/0xae0 net/socket.c:2939\n __sys_recvmmsg net/socket.c:3018 [inline]\n __do_sys_recvmmsg net/socket.c:3041 [inline]\n __se_sys_recvmmsg net/socket.c:3034 [inline]\n __x64_sys_recvmmsg+0x199/0x250 net/socket.c:3034\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7faeb6363db9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffcc1997168 EFLAGS: 00000246 ORIG_RAX: 000000000000012b\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007faeb6363db9\nRDX: 0000000000000001 RSI: 0000000020000bc0 RDI: 0000000000000005\nRBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000001c\nR10: 0000000000000122 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36905",
"url": "https://www.suse.com/security/cve/CVE-2024-36905"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-36905",
"url": "https://bugzilla.suse.com/1225742"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-36905"
},
{
"cve": "CVE-2024-36920",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36920"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Avoid memcpy field-spanning write WARNING\n\nWhen the \"storcli2 show\" command is executed for eHBA-9600, mpi3mr driver\nprints this WARNING message:\n\n memcpy: detected field-spanning write (size 128) of single field \"bsg_reply_buf-\u003ereply_buf\" at drivers/scsi/mpi3mr/mpi3mr_app.c:1658 (size 1)\n WARNING: CPU: 0 PID: 12760 at drivers/scsi/mpi3mr/mpi3mr_app.c:1658 mpi3mr_bsg_request+0x6b12/0x7f10 [mpi3mr]\n\nThe cause of the WARN is 128 bytes memcpy to the 1 byte size array \"__u8\nreplay_buf[1]\" in the struct mpi3mr_bsg_in_reply_buf. The array is intended\nto be a flexible length array, so the WARN is a false positive.\n\nTo suppress the WARN, remove the constant number \u00271\u0027 from the array\ndeclaration and clarify that it has flexible length. Also, adjust the\nmemory allocation size to match the change.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36920",
"url": "https://www.suse.com/security/cve/CVE-2024-36920"
},
{
"category": "external",
"summary": "SUSE Bug 1225768 for CVE-2024-36920",
"url": "https://bugzilla.suse.com/1225768"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-36920"
},
{
"cve": "CVE-2024-36927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36927"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: Fix uninit-value access in __ip_make_skb()\n\nKMSAN reported uninit-value access in __ip_make_skb() [1]. __ip_make_skb()\ntests HDRINCL to know if the skb has icmphdr. However, HDRINCL can cause a\nrace condition. If calling setsockopt(2) with IP_HDRINCL changes HDRINCL\nwhile __ip_make_skb() is running, the function will access icmphdr in the\nskb even if it is not included. This causes the issue reported by KMSAN.\n\nCheck FLOWI_FLAG_KNOWN_NH on fl4-\u003eflowi4_flags instead of testing HDRINCL\non the socket.\n\nAlso, fl4-\u003efl4_icmp_type and fl4-\u003efl4_icmp_code are not initialized. These\nare union in struct flowi4 and are implicitly initialized by\nflowi4_init_output(), but we should not rely on specific union layout.\n\nInitialize these explicitly in raw_sendmsg().\n\n[1]\nBUG: KMSAN: uninit-value in __ip_make_skb+0x2b74/0x2d20 net/ipv4/ip_output.c:1481\n __ip_make_skb+0x2b74/0x2d20 net/ipv4/ip_output.c:1481\n ip_finish_skb include/net/ip.h:243 [inline]\n ip_push_pending_frames+0x4c/0x5c0 net/ipv4/ip_output.c:1508\n raw_sendmsg+0x2381/0x2690 net/ipv4/raw.c:654\n inet_sendmsg+0x27b/0x2a0 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x274/0x3c0 net/socket.c:745\n __sys_sendto+0x62c/0x7b0 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x130/0x200 net/socket.c:2199\n do_syscall_64+0xd8/0x1f0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3804 [inline]\n slab_alloc_node mm/slub.c:3845 [inline]\n kmem_cache_alloc_node+0x5f6/0xc50 mm/slub.c:3888\n kmalloc_reserve+0x13c/0x4a0 net/core/skbuff.c:577\n __alloc_skb+0x35a/0x7c0 net/core/skbuff.c:668\n alloc_skb include/linux/skbuff.h:1318 [inline]\n __ip_append_data+0x49ab/0x68c0 net/ipv4/ip_output.c:1128\n ip_append_data+0x1e7/0x260 net/ipv4/ip_output.c:1365\n raw_sendmsg+0x22b1/0x2690 net/ipv4/raw.c:648\n inet_sendmsg+0x27b/0x2a0 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x274/0x3c0 net/socket.c:745\n __sys_sendto+0x62c/0x7b0 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x130/0x200 net/socket.c:2199\n do_syscall_64+0xd8/0x1f0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nCPU: 1 PID: 15709 Comm: syz-executor.7 Not tainted 6.8.0-11567-gb3603fcb79b1 #25\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-1.fc39 04/01/2014",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36927",
"url": "https://www.suse.com/security/cve/CVE-2024-36927"
},
{
"category": "external",
"summary": "SUSE Bug 1225813 for CVE-2024-36927",
"url": "https://bugzilla.suse.com/1225813"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-36927"
},
{
"cve": "CVE-2024-36954",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36954"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix a possible memleak in tipc_buf_append\n\n__skb_linearize() doesn\u0027t free the skb when it fails, so move\n\u0027*buf = NULL\u0027 after __skb_linearize(), so that the skb can be\nfreed on the err path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36954",
"url": "https://www.suse.com/security/cve/CVE-2024-36954"
},
{
"category": "external",
"summary": "SUSE Bug 1225764 for CVE-2024-36954",
"url": "https://bugzilla.suse.com/1225764"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-36954"
},
{
"cve": "CVE-2024-36968",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36968"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()\n\nl2cap_le_flowctl_init() can cause both div-by-zero and an integer\noverflow since hdev-\u003ele_mtu may not fall in the valid range.\n\nMove MTU from hci_dev to hci_conn to validate MTU and stop the connection\nprocess earlier if MTU is invalid.\nAlso, add a missing validation in read_buffer_size() and make it return\nan error value if the validation fails.\nNow hci_conn_add() returns ERR_PTR() as it can fail due to the both a\nkzalloc failure and invalid MTU value.\n\ndivide error: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 0 PID: 67 Comm: kworker/u5:0 Tainted: G W 6.9.0-rc5+ #20\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nWorkqueue: hci0 hci_rx_work\nRIP: 0010:l2cap_le_flowctl_init+0x19e/0x3f0 net/bluetooth/l2cap_core.c:547\nCode: e8 17 17 0c 00 66 41 89 9f 84 00 00 00 bf 01 00 00 00 41 b8 02 00 00 00 4c\n89 fe 4c 89 e2 89 d9 e8 27 17 0c 00 44 89 f0 31 d2 \u003c66\u003e f7 f3 89 c3 ff c3 4d 8d\nb7 88 00 00 00 4c 89 f0 48 c1 e8 03 42\nRSP: 0018:ffff88810bc0f858 EFLAGS: 00010246\nRAX: 00000000000002a0 RBX: 0000000000000000 RCX: dffffc0000000000\nRDX: 0000000000000000 RSI: ffff88810bc0f7c0 RDI: ffffc90002dcb66f\nRBP: ffff88810bc0f880 R08: aa69db2dda70ff01 R09: 0000ffaaaaaaaaaa\nR10: 0084000000ffaaaa R11: 0000000000000000 R12: ffff88810d65a084\nR13: dffffc0000000000 R14: 00000000000002a0 R15: ffff88810d65a000\nFS: 0000000000000000(0000) GS:ffff88811ac00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020000100 CR3: 0000000103268003 CR4: 0000000000770ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n l2cap_le_connect_req net/bluetooth/l2cap_core.c:4902 [inline]\n l2cap_le_sig_cmd net/bluetooth/l2cap_core.c:5420 [inline]\n l2cap_le_sig_channel net/bluetooth/l2cap_core.c:5486 [inline]\n l2cap_recv_frame+0xe59d/0x11710 net/bluetooth/l2cap_core.c:6809\n l2cap_recv_acldata+0x544/0x10a0 net/bluetooth/l2cap_core.c:7506\n hci_acldata_packet net/bluetooth/hci_core.c:3939 [inline]\n hci_rx_work+0x5e5/0xb20 net/bluetooth/hci_core.c:4176\n process_one_work kernel/workqueue.c:3254 [inline]\n process_scheduled_works+0x90f/0x1530 kernel/workqueue.c:3335\n worker_thread+0x926/0xe70 kernel/workqueue.c:3416\n kthread+0x2e3/0x380 kernel/kthread.c:388\n ret_from_fork+0x5c/0x90 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\nModules linked in:\n---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36968",
"url": "https://www.suse.com/security/cve/CVE-2024-36968"
},
{
"category": "external",
"summary": "SUSE Bug 1226130 for CVE-2024-36968",
"url": "https://bugzilla.suse.com/1226130"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-36968"
},
{
"cve": "CVE-2024-38576",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38576"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu: Fix buffer overflow in print_cpu_stall_info()\n\nThe rcuc-starvation output from print_cpu_stall_info() might overflow the\nbuffer if there is a huge difference in jiffies difference. The situation\nmight seem improbable, but computers sometimes get very confused about\ntime, which can result in full-sized integers, and, in this case,\nbuffer overflow.\n\nAlso, the unsigned jiffies difference is printed using %ld, which is\nnormally for signed integers. This is intentional for debugging purposes,\nbut it is not obvious from the code.\n\nThis commit therefore changes sprintf() to snprintf() and adds a\nclarifying comment about intention of %ld format.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38576",
"url": "https://www.suse.com/security/cve/CVE-2024-38576"
},
{
"category": "external",
"summary": "SUSE Bug 1226623 for CVE-2024-38576",
"url": "https://bugzilla.suse.com/1226623"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-38576"
},
{
"cve": "CVE-2024-38577",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38577"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow\n\nThere is a possibility of buffer overflow in\nshow_rcu_tasks_trace_gp_kthread() if counters, passed\nto sprintf() are huge. Counter numbers, needed for this\nare unrealistically high, but buffer overflow is still\npossible.\n\nUse snprintf() with buffer size instead of sprintf().\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38577",
"url": "https://www.suse.com/security/cve/CVE-2024-38577"
},
{
"category": "external",
"summary": "SUSE Bug 1226631 for CVE-2024-38577",
"url": "https://bugzilla.suse.com/1226631"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-38577"
},
{
"cve": "CVE-2024-38589",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38589"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetrom: fix possible dead-lock in nr_rt_ioctl()\n\nsyzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1]\n\nMake sure we always acquire nr_node_list_lock before nr_node_lock(nr_node)\n\n[1]\nWARNING: possible circular locking dependency detected\n6.9.0-rc7-syzkaller-02147-g654de42f3fc6 #0 Not tainted\n------------------------------------------------------\nsyz-executor350/5129 is trying to acquire lock:\n ffff8880186e2070 (\u0026nr_node-\u003enode_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n ffff8880186e2070 (\u0026nr_node-\u003enode_lock){+...}-{2:2}, at: nr_node_lock include/net/netrom.h:152 [inline]\n ffff8880186e2070 (\u0026nr_node-\u003enode_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:464 [inline]\n ffff8880186e2070 (\u0026nr_node-\u003enode_lock){+...}-{2:2}, at: nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697\n\nbut task is already holding lock:\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_rt_ioctl+0x10a/0x1090 net/netrom/nr_route.c:697\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-\u003e #1 (nr_node_list_lock){+...}-{2:2}:\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754\n __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\n _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178\n spin_lock_bh include/linux/spinlock.h:356 [inline]\n nr_remove_node net/netrom/nr_route.c:299 [inline]\n nr_del_node+0x4b4/0x820 net/netrom/nr_route.c:355\n nr_rt_ioctl+0xa95/0x1090 net/netrom/nr_route.c:683\n sock_do_ioctl+0x158/0x460 net/socket.c:1222\n sock_ioctl+0x629/0x8e0 net/socket.c:1341\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:904 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n-\u003e #0 (\u0026nr_node-\u003enode_lock){+...}-{2:2}:\n check_prev_add kernel/locking/lockdep.c:3134 [inline]\n check_prevs_add kernel/locking/lockdep.c:3253 [inline]\n validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869\n __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754\n __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\n _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178\n spin_lock_bh include/linux/spinlock.h:356 [inline]\n nr_node_lock include/net/netrom.h:152 [inline]\n nr_dec_obs net/netrom/nr_route.c:464 [inline]\n nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697\n sock_do_ioctl+0x158/0x460 net/socket.c:1222\n sock_ioctl+0x629/0x8e0 net/socket.c:1341\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:904 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nother info that might help us debug this:\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(nr_node_list_lock);\n lock(\u0026nr_node-\u003enode_lock);\n lock(nr_node_list_lock);\n lock(\u0026nr_node-\u003enode_lock);\n\n *** DEADLOCK ***\n\n1 lock held by syz-executor350/5129:\n #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]\n #0: ffffffff8f70\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38589",
"url": "https://www.suse.com/security/cve/CVE-2024-38589"
},
{
"category": "external",
"summary": "SUSE Bug 1226748 for CVE-2024-38589",
"url": "https://bugzilla.suse.com/1226748"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-38589"
},
{
"cve": "CVE-2024-38599",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38599"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njffs2: prevent xattr node from overflowing the eraseblock\n\nAdd a check to make sure that the requested xattr node size is no larger\nthan the eraseblock minus the cleanmarker.\n\nUnlike the usual inode nodes, the xattr nodes aren\u0027t split into parts\nand spread across multiple eraseblocks, which means that a xattr node\nmust not occupy more than one eraseblock. If the requested xattr value is\ntoo large, the xattr node can spill onto the next eraseblock, overwriting\nthe nodes and causing errors such as:\n\njffs2: argh. node added in wrong place at 0x0000b050(2)\njffs2: nextblock 0x0000a000, expected at 0000b00c\njffs2: error: (823) do_verify_xattr_datum: node CRC failed at 0x01e050,\nread=0xfc892c93, calc=0x000000\njffs2: notice: (823) jffs2_get_inode_nodes: Node header CRC failed\nat 0x01e00c. {848f,2fc4,0fef511f,59a3d171}\njffs2: Node at 0x0000000c with length 0x00001044 would run over the\nend of the erase block\njffs2: Perhaps the file system was created with the wrong erase size?\njffs2: jffs2_scan_eraseblock(): Magic bitmask 0x1985 not found\nat 0x00000010: 0x1044 instead\n\nThis breaks the filesystem and can lead to KASAN crashes such as:\n\nBUG: KASAN: slab-out-of-bounds in jffs2_sum_add_kvec+0x125e/0x15d0\nRead of size 4 at addr ffff88802c31e914 by task repro/830\nCPU: 0 PID: 830 Comm: repro Not tainted 6.9.0-rc3+ #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS Arch Linux 1.16.3-1-1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xc6/0x120\n print_report+0xc4/0x620\n ? __virt_addr_valid+0x308/0x5b0\n kasan_report+0xc1/0xf0\n ? jffs2_sum_add_kvec+0x125e/0x15d0\n ? jffs2_sum_add_kvec+0x125e/0x15d0\n jffs2_sum_add_kvec+0x125e/0x15d0\n jffs2_flash_direct_writev+0xa8/0xd0\n jffs2_flash_writev+0x9c9/0xef0\n ? __x64_sys_setxattr+0xc4/0x160\n ? do_syscall_64+0x69/0x140\n ? entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [...]\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38599",
"url": "https://www.suse.com/security/cve/CVE-2024-38599"
},
{
"category": "external",
"summary": "SUSE Bug 1223384 for CVE-2024-38599",
"url": "https://bugzilla.suse.com/1223384"
},
{
"category": "external",
"summary": "SUSE Bug 1226848 for CVE-2024-38599",
"url": "https://bugzilla.suse.com/1226848"
},
{
"category": "external",
"summary": "SUSE Bug 1227283 for CVE-2024-38599",
"url": "https://bugzilla.suse.com/1227283"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-38599"
},
{
"cve": "CVE-2024-40914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40914"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/huge_memory: don\u0027t unpoison huge_zero_folio\n\nWhen I did memory failure tests recently, below panic occurs:\n\n kernel BUG at include/linux/mm.h:1135!\n invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 9 PID: 137 Comm: kswapd1 Not tainted 6.9.0-rc4-00491-gd5ce28f156fe-dirty #14\n RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0\n RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246\n RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8\n RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0\n RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492\n R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000\n R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00\n FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0\n Call Trace:\n \u003cTASK\u003e\n do_shrink_slab+0x14f/0x6a0\n shrink_slab+0xca/0x8c0\n shrink_node+0x2d0/0x7d0\n balance_pgdat+0x33a/0x720\n kswapd+0x1f3/0x410\n kthread+0xd5/0x100\n ret_from_fork+0x2f/0x50\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n Modules linked in: mce_inject hwpoison_inject\n ---[ end trace 0000000000000000 ]---\n RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0\n RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246\n RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8\n RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0\n RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492\n R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000\n R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00\n FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0\n\nThe root cause is that HWPoison flag will be set for huge_zero_folio\nwithout increasing the folio refcnt. But then unpoison_memory() will\ndecrease the folio refcnt unexpectedly as it appears like a successfully\nhwpoisoned folio leading to VM_BUG_ON_PAGE(page_ref_count(page) == 0) when\nreleasing huge_zero_folio.\n\nSkip unpoisoning huge_zero_folio in unpoison_memory() to fix this issue. \nWe\u0027re not prepared to unpoison huge_zero_folio yet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40914",
"url": "https://www.suse.com/security/cve/CVE-2024-40914"
},
{
"category": "external",
"summary": "SUSE Bug 1227842 for CVE-2024-40914",
"url": "https://bugzilla.suse.com/1227842"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-40914"
},
{
"cve": "CVE-2024-41016",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41016"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()\n\nxattr in ocfs2 maybe \u0027non-indexed\u0027, which saved with additional space\nrequested. It\u0027s better to check if the memory is out of bound before\nmemcmp, although this possibility mainly comes from crafted poisonous\nimages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41016",
"url": "https://www.suse.com/security/cve/CVE-2024-41016"
},
{
"category": "external",
"summary": "SUSE Bug 1228410 for CVE-2024-41016",
"url": "https://bugzilla.suse.com/1228410"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-41016"
},
{
"cve": "CVE-2024-41023",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41023"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/deadline: Fix task_struct reference leak\n\nDuring the execution of the following stress test with linux-rt:\n\nstress-ng --cyclic 30 --timeout 30 --minimize --quiet\n\nkmemleak frequently reported a memory leak concerning the task_struct:\n\nunreferenced object 0xffff8881305b8000 (size 16136):\n comm \"stress-ng\", pid 614, jiffies 4294883961 (age 286.412s)\n object hex dump (first 32 bytes):\n 02 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .@..............\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n debug hex dump (first 16 bytes):\n 53 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 S...............\n backtrace:\n [\u003c00000000046b6790\u003e] dup_task_struct+0x30/0x540\n [\u003c00000000c5ca0f0b\u003e] copy_process+0x3d9/0x50e0\n [\u003c00000000ced59777\u003e] kernel_clone+0xb0/0x770\n [\u003c00000000a50befdc\u003e] __do_sys_clone+0xb6/0xf0\n [\u003c000000001dbf2008\u003e] do_syscall_64+0x5d/0xf0\n [\u003c00000000552900ff\u003e] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\nThe issue occurs in start_dl_timer(), which increments the task_struct\nreference count and sets a timer. The timer callback, dl_task_timer,\nis supposed to decrement the reference count upon expiration. However,\nif enqueue_task_dl() is called before the timer expires and cancels it,\nthe reference count is not decremented, leading to the leak.\n\nThis patch fixes the reference leak by ensuring the task_struct\nreference count is properly decremented when the timer is canceled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41023",
"url": "https://www.suse.com/security/cve/CVE-2024-41023"
},
{
"category": "external",
"summary": "SUSE Bug 1228430 for CVE-2024-41023",
"url": "https://bugzilla.suse.com/1228430"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-41023"
},
{
"cve": "CVE-2024-41031",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41031"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/filemap: skip to create PMD-sized page cache if needed\n\nOn ARM64, HPAGE_PMD_ORDER is 13 when the base page size is 64KB. The\nPMD-sized page cache can\u0027t be supported by xarray as the following error\nmessages indicate.\n\n------------[ cut here ]------------\nWARNING: CPU: 35 PID: 7484 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128\nModules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib \\\nnft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct \\\nnft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 \\\nip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm \\\nfuse xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 \\\nsha1_ce virtio_net net_failover virtio_console virtio_blk failover \\\ndimlib virtio_mmio\nCPU: 35 PID: 7484 Comm: test Kdump: loaded Tainted: G W 6.10.0-rc5-gavin+ #9\nHardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024\npstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\npc : xas_split_alloc+0xf8/0x128\nlr : split_huge_page_to_list_to_order+0x1c4/0x720\nsp : ffff800087a4f6c0\nx29: ffff800087a4f6c0 x28: ffff800087a4f720 x27: 000000001fffffff\nx26: 0000000000000c40 x25: 000000000000000d x24: ffff00010625b858\nx23: ffff800087a4f720 x22: ffffffdfc0780000 x21: 0000000000000000\nx20: 0000000000000000 x19: ffffffdfc0780000 x18: 000000001ff40000\nx17: 00000000ffffffff x16: 0000018000000000 x15: 51ec004000000000\nx14: 0000e00000000000 x13: 0000000000002000 x12: 0000000000000020\nx11: 51ec000000000000 x10: 51ece1c0ffff8000 x9 : ffffbeb961a44d28\nx8 : 0000000000000003 x7 : ffffffdfc0456420 x6 : ffff0000e1aa6eb8\nx5 : 20bf08b4fe778fca x4 : ffffffdfc0456420 x3 : 0000000000000c40\nx2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000\nCall trace:\n xas_split_alloc+0xf8/0x128\n split_huge_page_to_list_to_order+0x1c4/0x720\n truncate_inode_partial_folio+0xdc/0x160\n truncate_inode_pages_range+0x1b4/0x4a8\n truncate_pagecache_range+0x84/0xa0\n xfs_flush_unmap_range+0x70/0x90 [xfs]\n xfs_file_fallocate+0xfc/0x4d8 [xfs]\n vfs_fallocate+0x124/0x2e8\n ksys_fallocate+0x4c/0xa0\n __arm64_sys_fallocate+0x24/0x38\n invoke_syscall.constprop.0+0x7c/0xd8\n do_el0_svc+0xb4/0xd0\n el0_svc+0x44/0x1d8\n el0t_64_sync_handler+0x134/0x150\n el0t_64_sync+0x17c/0x180\n\nFix it by skipping to allocate PMD-sized page cache when its size is\nlarger than MAX_PAGECACHE_ORDER. For this specific case, we will fall to\nregular path where the readahead window is determined by BDI\u0027s sysfs file\n(read_ahead_kb).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41031",
"url": "https://www.suse.com/security/cve/CVE-2024-41031"
},
{
"category": "external",
"summary": "SUSE Bug 1228454 for CVE-2024-41031",
"url": "https://bugzilla.suse.com/1228454"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "low"
}
],
"title": "CVE-2024-41031"
},
{
"cve": "CVE-2024-41047",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41047"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Fix XDP program unloading while removing the driver\n\nThe commit 6533e558c650 (\"i40e: Fix reset path while removing\nthe driver\") introduced a new PF state \"__I40E_IN_REMOVE\" to block\nmodifying the XDP program while the driver is being removed.\nUnfortunately, such a change is useful only if the \".ndo_bpf()\"\ncallback was called out of the rmmod context because unloading the\nexisting XDP program is also a part of driver removing procedure.\nIn other words, from the rmmod context the driver is expected to\nunload the XDP program without reporting any errors. Otherwise,\nthe kernel warning with callstack is printed out to dmesg.\n\nExample failing scenario:\n 1. Load the i40e driver.\n 2. Load the XDP program.\n 3. Unload the i40e driver (using \"rmmod\" command).\n\nThe example kernel warning log:\n\n[ +0.004646] WARNING: CPU: 94 PID: 10395 at net/core/dev.c:9290 unregister_netdevice_many_notify+0x7a9/0x870\n[...]\n[ +0.010959] RIP: 0010:unregister_netdevice_many_notify+0x7a9/0x870\n[...]\n[ +0.002726] Call Trace:\n[ +0.002457] \u003cTASK\u003e\n[ +0.002119] ? __warn+0x80/0x120\n[ +0.003245] ? unregister_netdevice_many_notify+0x7a9/0x870\n[ +0.005586] ? report_bug+0x164/0x190\n[ +0.003678] ? handle_bug+0x3c/0x80\n[ +0.003503] ? exc_invalid_op+0x17/0x70\n[ +0.003846] ? asm_exc_invalid_op+0x1a/0x20\n[ +0.004200] ? unregister_netdevice_many_notify+0x7a9/0x870\n[ +0.005579] ? unregister_netdevice_many_notify+0x3cc/0x870\n[ +0.005586] unregister_netdevice_queue+0xf7/0x140\n[ +0.004806] unregister_netdev+0x1c/0x30\n[ +0.003933] i40e_vsi_release+0x87/0x2f0 [i40e]\n[ +0.004604] i40e_remove+0x1a1/0x420 [i40e]\n[ +0.004220] pci_device_remove+0x3f/0xb0\n[ +0.003943] device_release_driver_internal+0x19f/0x200\n[ +0.005243] driver_detach+0x48/0x90\n[ +0.003586] bus_remove_driver+0x6d/0xf0\n[ +0.003939] pci_unregister_driver+0x2e/0xb0\n[ +0.004278] i40e_exit_module+0x10/0x5f0 [i40e]\n[ +0.004570] __do_sys_delete_module.isra.0+0x197/0x310\n[ +0.005153] do_syscall_64+0x85/0x170\n[ +0.003684] ? syscall_exit_to_user_mode+0x69/0x220\n[ +0.004886] ? do_syscall_64+0x95/0x170\n[ +0.003851] ? exc_page_fault+0x7e/0x180\n[ +0.003932] entry_SYSCALL_64_after_hwframe+0x71/0x79\n[ +0.005064] RIP: 0033:0x7f59dc9347cb\n[ +0.003648] Code: 73 01 c3 48 8b 0d 65 16 0c 00 f7 d8 64 89 01 48 83\nc8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 b0 00 00 00 0f\n05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 35 16 0c 00 f7 d8 64 89 01 48\n[ +0.018753] RSP: 002b:00007ffffac99048 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0\n[ +0.007577] RAX: ffffffffffffffda RBX: 0000559b9bb2f6e0 RCX: 00007f59dc9347cb\n[ +0.007140] RDX: 0000000000000000 RSI: 0000000000000800 RDI: 0000559b9bb2f748\n[ +0.007146] RBP: 00007ffffac99070 R08: 1999999999999999 R09: 0000000000000000\n[ +0.007133] R10: 00007f59dc9a5ac0 R11: 0000000000000206 R12: 0000000000000000\n[ +0.007141] R13: 00007ffffac992d8 R14: 0000559b9bb2f6e0 R15: 0000000000000000\n[ +0.007151] \u003c/TASK\u003e\n[ +0.002204] ---[ end trace 0000000000000000 ]---\n\nFix this by checking if the XDP program is being loaded or unloaded.\nThen, block only loading a new program while \"__I40E_IN_REMOVE\" is set.\nAlso, move testing \"__I40E_IN_REMOVE\" flag to the beginning of XDP_SETUP\ncallback to avoid unnecessary operations and checks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41047",
"url": "https://www.suse.com/security/cve/CVE-2024-41047"
},
{
"category": "external",
"summary": "SUSE Bug 1228537 for CVE-2024-41047",
"url": "https://bugzilla.suse.com/1228537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-41047"
},
{
"cve": "CVE-2024-41082",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41082"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-fabrics: use reserved tag for reg read/write command\n\nIn some scenarios, if too many commands are issued by nvme command in\nthe same time by user tasks, this may exhaust all tags of admin_q. If\na reset (nvme reset or IO timeout) occurs before these commands finish,\nreconnect routine may fail to update nvme regs due to insufficient tags,\nwhich will cause kernel hang forever. In order to workaround this issue,\nmaybe we can let reg_read32()/reg_read64()/reg_write32() use reserved\ntags. This maybe safe for nvmf:\n\n1. For the disable ctrl path, we will not issue connect command\n2. For the enable ctrl / fw activate path, since connect and reg_xx()\n are called serially.\n\nSo the reserved tags may still be enough while reg_xx() use reserved tags.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41082",
"url": "https://www.suse.com/security/cve/CVE-2024-41082"
},
{
"category": "external",
"summary": "SUSE Bug 1228620 for CVE-2024-41082",
"url": "https://bugzilla.suse.com/1228620"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-41082"
},
{
"cve": "CVE-2024-42102",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42102"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again\"\n\nPatch series \"mm: Avoid possible overflows in dirty throttling\".\n\nDirty throttling logic assumes dirty limits in page units fit into\n32-bits. This patch series makes sure this is true (see patch 2/2 for\nmore details).\n\n\nThis patch (of 2):\n\nThis reverts commit 9319b647902cbd5cc884ac08a8a6d54ce111fc78.\n\nThe commit is broken in several ways. Firstly, the removed (u64) cast\nfrom the multiplication will introduce a multiplication overflow on 32-bit\narchs if wb_thresh * bg_thresh \u003e= 1\u003c\u003c32 (which is actually common - the\ndefault settings with 4GB of RAM will trigger this). Secondly, the\ndiv64_u64() is unnecessarily expensive on 32-bit archs. We have\ndiv64_ul() in case we want to be safe \u0026 cheap. Thirdly, if dirty\nthresholds are larger than 1\u003c\u003c32 pages, then dirty balancing is going to\nblow up in many other spectacular ways anyway so trying to fix one\npossible overflow is just moot.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42102",
"url": "https://www.suse.com/security/cve/CVE-2024-42102"
},
{
"category": "external",
"summary": "SUSE Bug 1222364 for CVE-2024-42102",
"url": "https://bugzilla.suse.com/1222364"
},
{
"category": "external",
"summary": "SUSE Bug 1233132 for CVE-2024-42102",
"url": "https://bugzilla.suse.com/1233132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-42102"
},
{
"cve": "CVE-2024-42145",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42145"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/core: Implement a limit on UMAD receive List\n\nThe existing behavior of ib_umad, which maintains received MAD\npackets in an unbounded list, poses a risk of uncontrolled growth.\nAs user-space applications extract packets from this list, the rate\nof extraction may not match the rate of incoming packets, leading\nto potential list overflow.\n\nTo address this, we introduce a limit to the size of the list. After\nconsidering typical scenarios, such as OpenSM processing, which can\nhandle approximately 100k packets per second, and the 1-second retry\ntimeout for most packets, we set the list size limit to 200k. Packets\nreceived beyond this limit are dropped, assuming they are likely timed\nout by the time they are handled by user-space.\n\nNotably, packets queued on the receive list due to reasons like\ntimed-out sends are preserved even when the list is full.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42145",
"url": "https://www.suse.com/security/cve/CVE-2024-42145"
},
{
"category": "external",
"summary": "SUSE Bug 1223384 for CVE-2024-42145",
"url": "https://bugzilla.suse.com/1223384"
},
{
"category": "external",
"summary": "SUSE Bug 1228743 for CVE-2024-42145",
"url": "https://bugzilla.suse.com/1228743"
},
{
"category": "external",
"summary": "SUSE Bug 1228744 for CVE-2024-42145",
"url": "https://bugzilla.suse.com/1228744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-42145"
},
{
"cve": "CVE-2024-44932",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44932"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix UAFs when destroying the queues\n\nThe second tagged commit started sometimes (very rarely, but possible)\nthrowing WARNs from\nnet/core/page_pool.c:page_pool_disable_direct_recycling().\nTurned out idpf frees interrupt vectors with embedded NAPIs *before*\nfreeing the queues making page_pools\u0027 NAPI pointers lead to freed\nmemory before these pools are destroyed by libeth.\nIt\u0027s not clear whether there are other accesses to the freed vectors\nwhen destroying the queues, but anyway, we usually free queue/interrupt\nvectors only when the queues are destroyed and the NAPIs are guaranteed\nto not be referenced anywhere.\n\nInvert the allocation and freeing logic making queue/interrupt vectors\nbe allocated first and freed last. Vectors don\u0027t require queues to be\npresent, so this is safe. Additionally, this change allows to remove\nthat useless queue-\u003eq_vector pointer cleanup, as vectors are still\nvalid when freeing the queues (+ both are freed within one function,\nso it\u0027s not clear why nullify the pointers at all).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44932",
"url": "https://www.suse.com/security/cve/CVE-2024-44932"
},
{
"category": "external",
"summary": "SUSE Bug 1229808 for CVE-2024-44932",
"url": "https://bugzilla.suse.com/1229808"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-44932"
},
{
"cve": "CVE-2024-44958",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44958"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/smt: Fix unbalance sched_smt_present dec/inc\n\nI got the following warn report while doing stress test:\n\njump label: negative count!\nWARNING: CPU: 3 PID: 38 at kernel/jump_label.c:263 static_key_slow_try_dec+0x9d/0xb0\nCall Trace:\n \u003cTASK\u003e\n __static_key_slow_dec_cpuslocked+0x16/0x70\n sched_cpu_deactivate+0x26e/0x2a0\n cpuhp_invoke_callback+0x3ad/0x10d0\n cpuhp_thread_fun+0x3f5/0x680\n smpboot_thread_fn+0x56d/0x8d0\n kthread+0x309/0x400\n ret_from_fork+0x41/0x70\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e\n\nBecause when cpuset_cpu_inactive() fails in sched_cpu_deactivate(),\nthe cpu offline failed, but sched_smt_present is decremented before\ncalling sched_cpu_deactivate(), it leads to unbalanced dec/inc, so\nfix it by incrementing sched_smt_present in the error path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44958",
"url": "https://www.suse.com/security/cve/CVE-2024-44958"
},
{
"category": "external",
"summary": "SUSE Bug 1230179 for CVE-2024-44958",
"url": "https://bugzilla.suse.com/1230179"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-44958"
},
{
"cve": "CVE-2024-44964",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44964"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix memory leaks and crashes while performing a soft reset\n\nThe second tagged commit introduced a UAF, as it removed restoring\nq_vector-\u003evport pointers after reinitializating the structures.\nThis is due to that all queue allocation functions are performed here\nwith the new temporary vport structure and those functions rewrite\nthe backpointers to the vport. Then, this new struct is freed and\nthe pointers start leading to nowhere.\n\nBut generally speaking, the current logic is very fragile. It claims\nto be more reliable when the system is low on memory, but in fact, it\nconsumes two times more memory as at the moment of running this\nfunction, there are two vports allocated with their queues and vectors.\nMoreover, it claims to prevent the driver from running into \"bad state\",\nbut in fact, any error during the rebuild leaves the old vport in the\npartially allocated state.\nFinally, if the interface is down when the function is called, it always\nallocates a new queue set, but when the user decides to enable the\ninterface later on, vport_open() allocates them once again, IOW there\u0027s\na clear memory leak here.\n\nJust don\u0027t allocate a new queue set when performing a reset, that solves\ncrashes and memory leaks. Readd the old queue number and reopen the\ninterface on rollback - that solves limbo states when the device is left\ndisabled and/or without HW queues enabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44964",
"url": "https://www.suse.com/security/cve/CVE-2024-44964"
},
{
"category": "external",
"summary": "SUSE Bug 1230220 for CVE-2024-44964",
"url": "https://bugzilla.suse.com/1230220"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-44964"
},
{
"cve": "CVE-2024-44995",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44995"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix a deadlock problem when config TC during resetting\n\nWhen config TC during the reset process, may cause a deadlock, the flow is\nas below:\n pf reset start\n |\n v\n ......\nsetup tc |\n | v\n v DOWN: napi_disable()\nnapi_disable()(skip) |\n | |\n v v\n ...... ......\n | |\n v |\nnapi_enable() |\n v\n UINIT: netif_napi_del()\n |\n v\n ......\n |\n v\n INIT: netif_napi_add()\n |\n v\n ...... global reset start\n | |\n v v\n UP: napi_enable()(skip) ......\n | |\n v v\n ...... napi_disable()\n\nIn reset process, the driver will DOWN the port and then UINIT, in this\ncase, the setup tc process will UP the port before UINIT, so cause the\nproblem. Adds a DOWN process in UINIT to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44995",
"url": "https://www.suse.com/security/cve/CVE-2024-44995"
},
{
"category": "external",
"summary": "SUSE Bug 1230231 for CVE-2024-44995",
"url": "https://bugzilla.suse.com/1230231"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-44995"
},
{
"cve": "CVE-2024-45016",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45016"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetem: fix return value if duplicate enqueue fails\n\nThere is a bug in netem_enqueue() introduced by\ncommit 5845f706388a (\"net: netem: fix skb length BUG_ON in __skb_to_sgvec\")\nthat can lead to a use-after-free.\n\nThis commit made netem_enqueue() always return NET_XMIT_SUCCESS\nwhen a packet is duplicated, which can cause the parent qdisc\u0027s q.qlen\nto be mistakenly incremented. When this happens qlen_notify() may be\nskipped on the parent during destruction, leaving a dangling pointer\nfor some classful qdiscs like DRR.\n\nThere are two ways for the bug happen:\n\n- If the duplicated packet is dropped by rootq-\u003eenqueue() and then\n the original packet is also dropped.\n- If rootq-\u003eenqueue() sends the duplicated packet to a different qdisc\n and the original packet is dropped.\n\nIn both cases NET_XMIT_SUCCESS is returned even though no packets\nare enqueued at the netem qdisc.\n\nThe fix is to defer the enqueue of the duplicate packet until after\nthe original packet has been guaranteed to return NET_XMIT_SUCCESS.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45016",
"url": "https://www.suse.com/security/cve/CVE-2024-45016"
},
{
"category": "external",
"summary": "SUSE Bug 1230429 for CVE-2024-45016",
"url": "https://bugzilla.suse.com/1230429"
},
{
"category": "external",
"summary": "SUSE Bug 1230998 for CVE-2024-45016",
"url": "https://bugzilla.suse.com/1230998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-45016"
},
{
"cve": "CVE-2024-45025",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45025"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE\n\ncopy_fd_bitmaps(new, old, count) is expected to copy the first\ncount/BITS_PER_LONG bits from old-\u003efull_fds_bits[] and fill\nthe rest with zeroes. What it does is copying enough words\n(BITS_TO_LONGS(count/BITS_PER_LONG)), then memsets the rest.\nThat works fine, *if* all bits past the cutoff point are\nclear. Otherwise we are risking garbage from the last word\nwe\u0027d copied.\n\nFor most of the callers that is true - expand_fdtable() has\ncount equal to old-\u003emax_fds, so there\u0027s no open descriptors\npast count, let alone fully occupied words in -\u003eopen_fds[],\nwhich is what bits in -\u003efull_fds_bits[] correspond to.\n\nThe other caller (dup_fd()) passes sane_fdtable_size(old_fdt, max_fds),\nwhich is the smallest multiple of BITS_PER_LONG that covers all\nopened descriptors below max_fds. In the common case (copying on\nfork()) max_fds is ~0U, so all opened descriptors will be below\nit and we are fine, by the same reasons why the call in expand_fdtable()\nis safe.\n\nUnfortunately, there is a case where max_fds is less than that\nand where we might, indeed, end up with junk in -\u003efull_fds_bits[] -\nclose_range(from, to, CLOSE_RANGE_UNSHARE) with\n\t* descriptor table being currently shared\n\t* \u0027to\u0027 being above the current capacity of descriptor table\n\t* \u0027from\u0027 being just under some chunk of opened descriptors.\nIn that case we end up with observably wrong behaviour - e.g. spawn\na child with CLONE_FILES, get all descriptors in range 0..127 open,\nthen close_range(64, ~0U, CLOSE_RANGE_UNSHARE) and watch dup(0) ending\nup with descriptor #128, despite #64 being observably not open.\n\nThe minimally invasive fix would be to deal with that in dup_fd().\nIf this proves to add measurable overhead, we can go that way, but\nlet\u0027s try to fix copy_fd_bitmaps() first.\n\n* new helper: bitmap_copy_and_expand(to, from, bits_to_copy, size).\n* make copy_fd_bitmaps() take the bitmap size in words, rather than\nbits; it\u0027s \u0027count\u0027 argument is always a multiple of BITS_PER_LONG,\nso we are not losing any information, and that way we can use the\nsame helper for all three bitmaps - compiler will see that count\nis a multiple of BITS_PER_LONG for the large ones, so it\u0027ll generate\nplain memcpy()+memset().\n\nReproducer added to tools/testing/selftests/core/close_range_test.c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45025",
"url": "https://www.suse.com/security/cve/CVE-2024-45025"
},
{
"category": "external",
"summary": "SUSE Bug 1230456 for CVE-2024-45025",
"url": "https://bugzilla.suse.com/1230456"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-45025"
},
{
"cve": "CVE-2024-46678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46678"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: change ipsec_lock from spin lock to mutex\n\nIn the cited commit, bond-\u003eipsec_lock is added to protect ipsec_list,\nhence xdo_dev_state_add and xdo_dev_state_delete are called inside\nthis lock. As ipsec_lock is a spin lock and such xfrmdev ops may sleep,\n\"scheduling while atomic\" will be triggered when changing bond\u0027s\nactive slave.\n\n[ 101.055189] BUG: scheduling while atomic: bash/902/0x00000200\n[ 101.055726] Modules linked in:\n[ 101.058211] CPU: 3 PID: 902 Comm: bash Not tainted 6.9.0-rc4+ #1\n[ 101.058760] Hardware name:\n[ 101.059434] Call Trace:\n[ 101.059436] \u003cTASK\u003e\n[ 101.060873] dump_stack_lvl+0x51/0x60\n[ 101.061275] __schedule_bug+0x4e/0x60\n[ 101.061682] __schedule+0x612/0x7c0\n[ 101.062078] ? __mod_timer+0x25c/0x370\n[ 101.062486] schedule+0x25/0xd0\n[ 101.062845] schedule_timeout+0x77/0xf0\n[ 101.063265] ? asm_common_interrupt+0x22/0x40\n[ 101.063724] ? __bpf_trace_itimer_state+0x10/0x10\n[ 101.064215] __wait_for_common+0x87/0x190\n[ 101.064648] ? usleep_range_state+0x90/0x90\n[ 101.065091] cmd_exec+0x437/0xb20 [mlx5_core]\n[ 101.065569] mlx5_cmd_do+0x1e/0x40 [mlx5_core]\n[ 101.066051] mlx5_cmd_exec+0x18/0x30 [mlx5_core]\n[ 101.066552] mlx5_crypto_create_dek_key+0xea/0x120 [mlx5_core]\n[ 101.067163] ? bonding_sysfs_store_option+0x4d/0x80 [bonding]\n[ 101.067738] ? kmalloc_trace+0x4d/0x350\n[ 101.068156] mlx5_ipsec_create_sa_ctx+0x33/0x100 [mlx5_core]\n[ 101.068747] mlx5e_xfrm_add_state+0x47b/0xaa0 [mlx5_core]\n[ 101.069312] bond_change_active_slave+0x392/0x900 [bonding]\n[ 101.069868] bond_option_active_slave_set+0x1c2/0x240 [bonding]\n[ 101.070454] __bond_opt_set+0xa6/0x430 [bonding]\n[ 101.070935] __bond_opt_set_notify+0x2f/0x90 [bonding]\n[ 101.071453] bond_opt_tryset_rtnl+0x72/0xb0 [bonding]\n[ 101.071965] bonding_sysfs_store_option+0x4d/0x80 [bonding]\n[ 101.072567] kernfs_fop_write_iter+0x10c/0x1a0\n[ 101.073033] vfs_write+0x2d8/0x400\n[ 101.073416] ? alloc_fd+0x48/0x180\n[ 101.073798] ksys_write+0x5f/0xe0\n[ 101.074175] do_syscall_64+0x52/0x110\n[ 101.074576] entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nAs bond_ipsec_add_sa_all and bond_ipsec_del_sa_all are only called\nfrom bond_change_active_slave, which requires holding the RTNL lock.\nAnd bond_ipsec_add_sa and bond_ipsec_del_sa are xfrm state\nxdo_dev_state_add and xdo_dev_state_delete APIs, which are in user\ncontext. So ipsec_lock doesn\u0027t have to be spin lock, change it to\nmutex, and thus the above issue can be resolved.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46678",
"url": "https://www.suse.com/security/cve/CVE-2024-46678"
},
{
"category": "external",
"summary": "SUSE Bug 1230550 for CVE-2024-46678",
"url": "https://bugzilla.suse.com/1230550"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46678"
},
{
"cve": "CVE-2024-46680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46680"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Fix random crash seen while removing driver\n\nThis fixes the random kernel crash seen while removing the driver, when\nrunning the load/unload test over multiple iterations.\n\n1) modprobe btnxpuart\n2) hciconfig hci0 reset\n3) hciconfig (check hci0 interface up with valid BD address)\n4) modprobe -r btnxpuart\nRepeat steps 1 to 4\n\nThe ps_wakeup() call in btnxpuart_close() schedules the psdata-\u003ework(),\nwhich gets scheduled after module is removed, causing a kernel crash.\n\nThis hidden issue got highlighted after enabling Power Save by default\nin 4183a7be7700 (Bluetooth: btnxpuart: Enable Power Save feature on\nstartup)\n\nThe new ps_cleanup() deasserts UART break immediately while closing\nserdev device, cancels any scheduled ps_work and destroys the ps_lock\nmutex.\n\n[ 85.884604] Unable to handle kernel paging request at virtual address ffffd4a61638f258\n[ 85.884624] Mem abort info:\n[ 85.884625] ESR = 0x0000000086000007\n[ 85.884628] EC = 0x21: IABT (current EL), IL = 32 bits\n[ 85.884633] SET = 0, FnV = 0\n[ 85.884636] EA = 0, S1PTW = 0\n[ 85.884638] FSC = 0x07: level 3 translation fault\n[ 85.884642] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000041dd0000\n[ 85.884646] [ffffd4a61638f258] pgd=1000000095fff003, p4d=1000000095fff003, pud=100000004823d003, pmd=100000004823e003, pte=0000000000000000\n[ 85.884662] Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP\n[ 85.890932] Modules linked in: algif_hash algif_skcipher af_alg overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 caam secvio error snd_soc_fsl_spdif snd_soc_fsl_micfil snd_soc_fsl_sai snd_soc_fsl_utils gpio_ir_recv rc_core fuse [last unloaded: btnxpuart(O)]\n[ 85.927297] CPU: 1 PID: 67 Comm: kworker/1:3 Tainted: G O 6.1.36+g937b1be4345a #1\n[ 85.936176] Hardware name: FSL i.MX8MM EVK board (DT)\n[ 85.936182] Workqueue: events 0xffffd4a61638f380\n[ 85.936198] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 85.952817] pc : 0xffffd4a61638f258\n[ 85.952823] lr : 0xffffd4a61638f258\n[ 85.952827] sp : ffff8000084fbd70\n[ 85.952829] x29: ffff8000084fbd70 x28: 0000000000000000 x27: 0000000000000000\n[ 85.963112] x26: ffffd4a69133f000 x25: ffff4bf1c8540990 x24: ffff4bf215b87305\n[ 85.963119] x23: ffff4bf215b87300 x22: ffff4bf1c85409d0 x21: ffff4bf1c8540970\n[ 85.977382] x20: 0000000000000000 x19: ffff4bf1c8540880 x18: 0000000000000000\n[ 85.977391] x17: 0000000000000000 x16: 0000000000000133 x15: 0000ffffe2217090\n[ 85.977399] x14: 0000000000000001 x13: 0000000000000133 x12: 0000000000000139\n[ 85.977407] x11: 0000000000000001 x10: 0000000000000a60 x9 : ffff8000084fbc50\n[ 85.977417] x8 : ffff4bf215b7d000 x7 : ffff4bf215b83b40 x6 : 00000000000003e8\n[ 85.977424] x5 : 00000000410fd030 x4 : 0000000000000000 x3 : 0000000000000000\n[ 85.977432] x2 : 0000000000000000 x1 : ffff4bf1c4265880 x0 : 0000000000000000\n[ 85.977443] Call trace:\n[ 85.977446] 0xffffd4a61638f258\n[ 85.977451] 0xffffd4a61638f3e8\n[ 85.977455] process_one_work+0x1d4/0x330\n[ 85.977464] worker_thread+0x6c/0x430\n[ 85.977471] kthread+0x108/0x10c\n[ 85.977476] ret_from_fork+0x10/0x20\n[ 85.977488] Code: bad PC value\n[ 85.977491] ---[ end trace 0000000000000000 ]---\n\nPreset since v6.9.11",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46680",
"url": "https://www.suse.com/security/cve/CVE-2024-46680"
},
{
"category": "external",
"summary": "SUSE Bug 1230557 for CVE-2024-46680",
"url": "https://bugzilla.suse.com/1230557"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46680"
},
{
"cve": "CVE-2024-46681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46681"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npktgen: use cpus_read_lock() in pg_net_init()\n\nI have seen the WARN_ON(smp_processor_id() != cpu) firing\nin pktgen_thread_worker() during tests.\n\nWe must use cpus_read_lock()/cpus_read_unlock()\naround the for_each_online_cpu(cpu) loop.\n\nWhile we are at it use WARN_ON_ONCE() to avoid a possible syslog flood.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46681",
"url": "https://www.suse.com/security/cve/CVE-2024-46681"
},
{
"category": "external",
"summary": "SUSE Bug 1230558 for CVE-2024-46681",
"url": "https://bugzilla.suse.com/1230558"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46681"
},
{
"cve": "CVE-2024-46721",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46721"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix possible NULL pointer dereference\n\nprofile-\u003eparent-\u003edents[AAFS_PROF_DIR] could be NULL only if its parent is made\nfrom __create_missing_ancestors(..) and \u0027ent-\u003eold\u0027 is NULL in\naa_replace_profiles(..).\nIn that case, it must return an error code and the code, -ENOENT represents\nits state that the path of its parent is not existed yet.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000030\nPGD 0 P4D 0\nPREEMPT SMP PTI\nCPU: 4 PID: 3362 Comm: apparmor_parser Not tainted 6.8.0-24-generic #24\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\nRIP: 0010:aafs_create.constprop.0+0x7f/0x130\nCode: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc \u003c4d\u003e 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae\nRSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0\nCall Trace:\n \u003cTASK\u003e\n ? show_regs+0x6d/0x80\n ? __die+0x24/0x80\n ? page_fault_oops+0x99/0x1b0\n ? kernelmode_fixup_or_oops+0xb2/0x140\n ? __bad_area_nosemaphore+0x1a5/0x2c0\n ? find_vma+0x34/0x60\n ? bad_area_nosemaphore+0x16/0x30\n ? do_user_addr_fault+0x2a2/0x6b0\n ? exc_page_fault+0x83/0x1b0\n ? asm_exc_page_fault+0x27/0x30\n ? aafs_create.constprop.0+0x7f/0x130\n ? aafs_create.constprop.0+0x51/0x130\n __aafs_profile_mkdir+0x3d6/0x480\n aa_replace_profiles+0x83f/0x1270\n policy_update+0xe3/0x180\n profile_load+0xbc/0x150\n ? rw_verify_area+0x47/0x140\n vfs_write+0x100/0x480\n ? __x64_sys_openat+0x55/0xa0\n ? syscall_exit_to_user_mode+0x86/0x260\n ksys_write+0x73/0x100\n __x64_sys_write+0x19/0x30\n x64_sys_call+0x7e/0x25c0\n do_syscall_64+0x7f/0x180\n entry_SYSCALL_64_after_hwframe+0x78/0x80\nRIP: 0033:0x7be9f211c574\nCode: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d d5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89\nRSP: 002b:00007ffd26f2b8c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 00005d504415e200 RCX: 00007be9f211c574\nRDX: 0000000000001fc1 RSI: 00005d504418bc80 RDI: 0000000000000004\nRBP: 0000000000001fc1 R08: 0000000000001fc1 R09: 0000000080000000\nR10: 0000000000000000 R11: 0000000000000202 R12: 00005d504418bc80\nR13: 0000000000000004 R14: 00007ffd26f2b9b0 R15: 00007ffd26f2ba30\n \u003c/TASK\u003e\nModules linked in: snd_seq_dummy snd_hrtimer qrtr snd_hda_codec_generic snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device i2c_i801 snd_timer i2c_smbus qxl snd soundcore drm_ttm_helper lpc_ich ttm joydev input_leds serio_raw mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs qemu_fw_cfg ip_tables x_tables autofs4 hid_generic usbhid hid ahci libahci psmouse virtio_rng xhci_pci xhci_pci_renesas\nCR2: 0000000000000030\n---[ end trace 0000000000000000 ]---\nRIP: 0010:aafs_create.constprop.0+0x7f/0x130\nCode: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc \u003c4d\u003e 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae\nRSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46721",
"url": "https://www.suse.com/security/cve/CVE-2024-46721"
},
{
"category": "external",
"summary": "SUSE Bug 1230710 for CVE-2024-46721",
"url": "https://bugzilla.suse.com/1230710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46721"
},
{
"cve": "CVE-2024-46754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46754"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Remove tst_run from lwt_seg6local_prog_ops.\n\nThe syzbot reported that the lwt_seg6 related BPF ops can be invoked\nvia bpf_test_run() without without entering input_action_end_bpf()\nfirst.\n\nMartin KaFai Lau said that self test for BPF_PROG_TYPE_LWT_SEG6LOCAL\nprobably didn\u0027t work since it was introduced in commit 04d4b274e2a\n(\"ipv6: sr: Add seg6local action End.BPF\"). The reason is that the\nper-CPU variable seg6_bpf_srh_states::srh is never assigned in the self\ntest case but each BPF function expects it.\n\nRemove test_run for BPF_PROG_TYPE_LWT_SEG6LOCAL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46754",
"url": "https://www.suse.com/security/cve/CVE-2024-46754"
},
{
"category": "external",
"summary": "SUSE Bug 1230801 for CVE-2024-46754",
"url": "https://bugzilla.suse.com/1230801"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46754"
},
{
"cve": "CVE-2024-46765",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46765"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: protect XDP configuration with a mutex\n\nThe main threat to data consistency in ice_xdp() is a possible asynchronous\nPF reset. It can be triggered by a user or by TX timeout handler.\n\nXDP setup and PF reset code access the same resources in the following\nsections:\n* ice_vsi_close() in ice_prepare_for_reset() - already rtnl-locked\n* ice_vsi_rebuild() for the PF VSI - not protected\n* ice_vsi_open() - already rtnl-locked\n\nWith an unfortunate timing, such accesses can result in a crash such as the\none below:\n\n[ +1.999878] ice 0000:b1:00.0: Registered XDP mem model MEM_TYPE_XSK_BUFF_POOL on Rx ring 14\n[ +2.002992] ice 0000:b1:00.0: Registered XDP mem model MEM_TYPE_XSK_BUFF_POOL on Rx ring 18\n[Mar15 18:17] ice 0000:b1:00.0 ens801f0np0: NETDEV WATCHDOG: CPU: 38: transmit queue 14 timed out 80692736 ms\n[ +0.000093] ice 0000:b1:00.0 ens801f0np0: tx_timeout: VSI_num: 6, Q 14, NTC: 0x0, HW_HEAD: 0x0, NTU: 0x0, INT: 0x4000001\n[ +0.000012] ice 0000:b1:00.0 ens801f0np0: tx_timeout recovery level 1, txqueue 14\n[ +0.394718] ice 0000:b1:00.0: PTP reset successful\n[ +0.006184] BUG: kernel NULL pointer dereference, address: 0000000000000098\n[ +0.000045] #PF: supervisor read access in kernel mode\n[ +0.000023] #PF: error_code(0x0000) - not-present page\n[ +0.000023] PGD 0 P4D 0\n[ +0.000018] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ +0.000023] CPU: 38 PID: 7540 Comm: kworker/38:1 Not tainted 6.8.0-rc7 #1\n[ +0.000031] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0014.082620210524 08/26/2021\n[ +0.000036] Workqueue: ice ice_service_task [ice]\n[ +0.000183] RIP: 0010:ice_clean_tx_ring+0xa/0xd0 [ice]\n[...]\n[ +0.000013] Call Trace:\n[ +0.000016] \u003cTASK\u003e\n[ +0.000014] ? __die+0x1f/0x70\n[ +0.000029] ? page_fault_oops+0x171/0x4f0\n[ +0.000029] ? schedule+0x3b/0xd0\n[ +0.000027] ? exc_page_fault+0x7b/0x180\n[ +0.000022] ? asm_exc_page_fault+0x22/0x30\n[ +0.000031] ? ice_clean_tx_ring+0xa/0xd0 [ice]\n[ +0.000194] ice_free_tx_ring+0xe/0x60 [ice]\n[ +0.000186] ice_destroy_xdp_rings+0x157/0x310 [ice]\n[ +0.000151] ice_vsi_decfg+0x53/0xe0 [ice]\n[ +0.000180] ice_vsi_rebuild+0x239/0x540 [ice]\n[ +0.000186] ice_vsi_rebuild_by_type+0x76/0x180 [ice]\n[ +0.000145] ice_rebuild+0x18c/0x840 [ice]\n[ +0.000145] ? delay_tsc+0x4a/0xc0\n[ +0.000022] ? delay_tsc+0x92/0xc0\n[ +0.000020] ice_do_reset+0x140/0x180 [ice]\n[ +0.000886] ice_service_task+0x404/0x1030 [ice]\n[ +0.000824] process_one_work+0x171/0x340\n[ +0.000685] worker_thread+0x277/0x3a0\n[ +0.000675] ? preempt_count_add+0x6a/0xa0\n[ +0.000677] ? _raw_spin_lock_irqsave+0x23/0x50\n[ +0.000679] ? __pfx_worker_thread+0x10/0x10\n[ +0.000653] kthread+0xf0/0x120\n[ +0.000635] ? __pfx_kthread+0x10/0x10\n[ +0.000616] ret_from_fork+0x2d/0x50\n[ +0.000612] ? __pfx_kthread+0x10/0x10\n[ +0.000604] ret_from_fork_asm+0x1b/0x30\n[ +0.000604] \u003c/TASK\u003e\n\nThe previous way of handling this through returning -EBUSY is not viable,\nparticularly when destroying AF_XDP socket, because the kernel proceeds\nwith removal anyway.\n\nThere is plenty of code between those calls and there is no need to create\na large critical section that covers all of them, same as there is no need\nto protect ice_vsi_rebuild() with rtnl_lock().\n\nAdd xdp_state_lock mutex to protect ice_vsi_rebuild() and ice_xdp().\n\nLeaving unprotected sections in between would result in two states that\nhave to be considered:\n1. when the VSI is closed, but not yet rebuild\n2. when VSI is already rebuild, but not yet open\n\nThe latter case is actually already handled through !netif_running() case,\nwe just need to adjust flag checking a little. The former one is not as\ntrivial, because between ice_vsi_close() and ice_vsi_rebuild(), a lot of\nhardware interaction happens, this can make adding/deleting rings exit\nwith an error. Luckily, VSI rebuild is pending and can apply new\nconfiguration for us in a managed fashion.\n\nTherefore, add an additional VSI state flag ICE_VSI_REBUILD_PENDING to\nindicate that ice_x\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46765",
"url": "https://www.suse.com/security/cve/CVE-2024-46765"
},
{
"category": "external",
"summary": "SUSE Bug 1230807 for CVE-2024-46765",
"url": "https://bugzilla.suse.com/1230807"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46765"
},
{
"cve": "CVE-2024-46766",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46766"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: move netif_queue_set_napi to rtnl-protected sections\n\nCurrently, netif_queue_set_napi() is called from ice_vsi_rebuild() that is\nnot rtnl-locked when called from the reset. This creates the need to take\nthe rtnl_lock just for a single function and complicates the\nsynchronization with .ndo_bpf. At the same time, there no actual need to\nfill napi-to-queue information at this exact point.\n\nFill napi-to-queue information when opening the VSI and clear it when the\nVSI is being closed. Those routines are already rtnl-locked.\n\nAlso, rewrite napi-to-queue assignment in a way that prevents inclusion of\nXDP queues, as this leads to out-of-bounds writes, such as one below.\n\n[ +0.000004] BUG: KASAN: slab-out-of-bounds in netif_queue_set_napi+0x1c2/0x1e0\n[ +0.000012] Write of size 8 at addr ffff889881727c80 by task bash/7047\n[ +0.000006] CPU: 24 PID: 7047 Comm: bash Not tainted 6.10.0-rc2+ #2\n[ +0.000004] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0014.082620210524 08/26/2021\n[ +0.000003] Call Trace:\n[ +0.000003] \u003cTASK\u003e\n[ +0.000002] dump_stack_lvl+0x60/0x80\n[ +0.000007] print_report+0xce/0x630\n[ +0.000007] ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n[ +0.000007] ? __virt_addr_valid+0x1c9/0x2c0\n[ +0.000005] ? netif_queue_set_napi+0x1c2/0x1e0\n[ +0.000003] kasan_report+0xe9/0x120\n[ +0.000004] ? netif_queue_set_napi+0x1c2/0x1e0\n[ +0.000004] netif_queue_set_napi+0x1c2/0x1e0\n[ +0.000005] ice_vsi_close+0x161/0x670 [ice]\n[ +0.000114] ice_dis_vsi+0x22f/0x270 [ice]\n[ +0.000095] ice_pf_dis_all_vsi.constprop.0+0xae/0x1c0 [ice]\n[ +0.000086] ice_prepare_for_reset+0x299/0x750 [ice]\n[ +0.000087] pci_dev_save_and_disable+0x82/0xd0\n[ +0.000006] pci_reset_function+0x12d/0x230\n[ +0.000004] reset_store+0xa0/0x100\n[ +0.000006] ? __pfx_reset_store+0x10/0x10\n[ +0.000002] ? __pfx_mutex_lock+0x10/0x10\n[ +0.000004] ? __check_object_size+0x4c1/0x640\n[ +0.000007] kernfs_fop_write_iter+0x30b/0x4a0\n[ +0.000006] vfs_write+0x5d6/0xdf0\n[ +0.000005] ? fd_install+0x180/0x350\n[ +0.000005] ? __pfx_vfs_write+0x10/0xA10\n[ +0.000004] ? do_fcntl+0x52c/0xcd0\n[ +0.000004] ? kasan_save_track+0x13/0x60\n[ +0.000003] ? kasan_save_free_info+0x37/0x60\n[ +0.000006] ksys_write+0xfa/0x1d0\n[ +0.000003] ? __pfx_ksys_write+0x10/0x10\n[ +0.000002] ? __x64_sys_fcntl+0x121/0x180\n[ +0.000004] ? _raw_spin_lock+0x87/0xe0\n[ +0.000005] do_syscall_64+0x80/0x170\n[ +0.000007] ? _raw_spin_lock+0x87/0xe0\n[ +0.000004] ? __pfx__raw_spin_lock+0x10/0x10\n[ +0.000003] ? file_close_fd_locked+0x167/0x230\n[ +0.000005] ? syscall_exit_to_user_mode+0x7d/0x220\n[ +0.000005] ? do_syscall_64+0x8c/0x170\n[ +0.000004] ? do_syscall_64+0x8c/0x170\n[ +0.000003] ? do_syscall_64+0x8c/0x170\n[ +0.000003] ? fput+0x1a/0x2c0\n[ +0.000004] ? filp_close+0x19/0x30\n[ +0.000004] ? do_dup2+0x25a/0x4c0\n[ +0.000004] ? __x64_sys_dup2+0x6e/0x2e0\n[ +0.000002] ? syscall_exit_to_user_mode+0x7d/0x220\n[ +0.000004] ? do_syscall_64+0x8c/0x170\n[ +0.000003] ? __count_memcg_events+0x113/0x380\n[ +0.000005] ? handle_mm_fault+0x136/0x820\n[ +0.000005] ? do_user_addr_fault+0x444/0xa80\n[ +0.000004] ? clear_bhb_loop+0x25/0x80\n[ +0.000004] ? clear_bhb_loop+0x25/0x80\n[ +0.000002] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ +0.000005] RIP: 0033:0x7f2033593154",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46766",
"url": "https://www.suse.com/security/cve/CVE-2024-46766"
},
{
"category": "external",
"summary": "SUSE Bug 1230762 for CVE-2024-46766",
"url": "https://bugzilla.suse.com/1230762"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46766"
},
{
"cve": "CVE-2024-46770",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46770"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Add netif_device_attach/detach into PF reset flow\n\nEthtool callbacks can be executed while reset is in progress and try to\naccess deleted resources, e.g. getting coalesce settings can result in a\nNULL pointer dereference seen below.\n\nReproduction steps:\nOnce the driver is fully initialized, trigger reset:\n\t# echo 1 \u003e /sys/class/net/\u003cinterface\u003e/device/reset\nwhen reset is in progress try to get coalesce settings using ethtool:\n\t# ethtool -c \u003cinterface\u003e\n\nBUG: kernel NULL pointer dereference, address: 0000000000000020\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] PREEMPT SMP PTI\nCPU: 11 PID: 19713 Comm: ethtool Tainted: G S 6.10.0-rc7+ #7\nRIP: 0010:ice_get_q_coalesce+0x2e/0xa0 [ice]\nRSP: 0018:ffffbab1e9bcf6a8 EFLAGS: 00010206\nRAX: 000000000000000c RBX: ffff94512305b028 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffff9451c3f2e588 RDI: ffff9451c3f2e588\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\nR10: ffff9451c3f2e580 R11: 000000000000001f R12: ffff945121fa9000\nR13: ffffbab1e9bcf760 R14: 0000000000000013 R15: ffffffff9e65dd40\nFS: 00007faee5fbe740(0000) GS:ffff94546fd80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000020 CR3: 0000000106c2e005 CR4: 00000000001706f0\nCall Trace:\n\u003cTASK\u003e\nice_get_coalesce+0x17/0x30 [ice]\ncoalesce_prepare_data+0x61/0x80\nethnl_default_doit+0xde/0x340\ngenl_family_rcv_msg_doit+0xf2/0x150\ngenl_rcv_msg+0x1b3/0x2c0\nnetlink_rcv_skb+0x5b/0x110\ngenl_rcv+0x28/0x40\nnetlink_unicast+0x19c/0x290\nnetlink_sendmsg+0x222/0x490\n__sys_sendto+0x1df/0x1f0\n__x64_sys_sendto+0x24/0x30\ndo_syscall_64+0x82/0x160\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7faee60d8e27\n\nCalling netif_device_detach() before reset makes the net core not call\nthe driver when ethtool command is issued, the attempt to execute an\nethtool command during reset will result in the following message:\n\n netlink error: No such device\n\ninstead of NULL pointer dereference. Once reset is done and\nice_rebuild() is executing, the netif_device_attach() is called to allow\nfor ethtool operations to occur again in a safe manner.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46770",
"url": "https://www.suse.com/security/cve/CVE-2024-46770"
},
{
"category": "external",
"summary": "SUSE Bug 1230763 for CVE-2024-46770",
"url": "https://bugzilla.suse.com/1230763"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46770"
},
{
"cve": "CVE-2024-46775",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46775"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Validate function returns\n\n[WHAT \u0026 HOW]\nFunction return values must be checked before data can be used\nin subsequent functions.\n\nThis fixes 4 CHECKED_RETURN issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46775",
"url": "https://www.suse.com/security/cve/CVE-2024-46775"
},
{
"category": "external",
"summary": "SUSE Bug 1230774 for CVE-2024-46775",
"url": "https://bugzilla.suse.com/1230774"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46775"
},
{
"cve": "CVE-2024-46777",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46777"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Avoid excessive partition lengths\n\nAvoid mounting filesystems where the partition would overflow the\n32-bits used for block number. Also refuse to mount filesystems where\nthe partition length is so large we cannot safely index bits in a\nblock bitmap.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46777",
"url": "https://www.suse.com/security/cve/CVE-2024-46777"
},
{
"category": "external",
"summary": "SUSE Bug 1230773 for CVE-2024-46777",
"url": "https://bugzilla.suse.com/1230773"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46777"
},
{
"cve": "CVE-2024-46788",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46788"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/osnoise: Use a cpumask to know what threads are kthreads\n\nThe start_kthread() and stop_thread() code was not always called with the\ninterface_lock held. This means that the kthread variable could be\nunexpectedly changed causing the kthread_stop() to be called on it when it\nshould not have been, leading to:\n\n while true; do\n rtla timerlat top -u -q \u0026 PID=$!;\n sleep 5;\n kill -INT $PID;\n sleep 0.001;\n kill -TERM $PID;\n wait $PID;\n done\n\nCausing the following OOPS:\n\n Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN PTI\n KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\n CPU: 5 UID: 0 PID: 885 Comm: timerlatu/5 Not tainted 6.11.0-rc4-test-00002-gbc754cc76d1b-dirty #125 a533010b71dab205ad2f507188ce8c82203b0254\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n RIP: 0010:hrtimer_active+0x58/0x300\n Code: 48 c1 ee 03 41 54 48 01 d1 48 01 d6 55 53 48 83 ec 20 80 39 00 0f 85 30 02 00 00 49 8b 6f 30 4c 8d 75 10 4c 89 f0 48 c1 e8 03 \u003c0f\u003e b6 3c 10 4c 89 f0 83 e0 07 83 c0 03 40 38 f8 7c 09 40 84 ff 0f\n RSP: 0018:ffff88811d97f940 EFLAGS: 00010202\n RAX: 0000000000000002 RBX: ffff88823c6b5b28 RCX: ffffed10478d6b6b\n RDX: dffffc0000000000 RSI: ffffed10478d6b6c RDI: ffff88823c6b5b28\n RBP: 0000000000000000 R08: ffff88823c6b5b58 R09: ffff88823c6b5b60\n R10: ffff88811d97f957 R11: 0000000000000010 R12: 00000000000a801d\n R13: ffff88810d8b35d8 R14: 0000000000000010 R15: ffff88823c6b5b28\n FS: 0000000000000000(0000) GS:ffff88823c680000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000561858ad7258 CR3: 000000007729e001 CR4: 0000000000170ef0\n Call Trace:\n \u003cTASK\u003e\n ? die_addr+0x40/0xa0\n ? exc_general_protection+0x154/0x230\n ? asm_exc_general_protection+0x26/0x30\n ? hrtimer_active+0x58/0x300\n ? __pfx_mutex_lock+0x10/0x10\n ? __pfx_locks_remove_file+0x10/0x10\n hrtimer_cancel+0x15/0x40\n timerlat_fd_release+0x8e/0x1f0\n ? security_file_release+0x43/0x80\n __fput+0x372/0xb10\n task_work_run+0x11e/0x1f0\n ? _raw_spin_lock+0x85/0xe0\n ? __pfx_task_work_run+0x10/0x10\n ? poison_slab_object+0x109/0x170\n ? do_exit+0x7a0/0x24b0\n do_exit+0x7bd/0x24b0\n ? __pfx_migrate_enable+0x10/0x10\n ? __pfx_do_exit+0x10/0x10\n ? __pfx_read_tsc+0x10/0x10\n ? ktime_get+0x64/0x140\n ? _raw_spin_lock_irq+0x86/0xe0\n do_group_exit+0xb0/0x220\n get_signal+0x17ba/0x1b50\n ? vfs_read+0x179/0xa40\n ? timerlat_fd_read+0x30b/0x9d0\n ? __pfx_get_signal+0x10/0x10\n ? __pfx_timerlat_fd_read+0x10/0x10\n arch_do_signal_or_restart+0x8c/0x570\n ? __pfx_arch_do_signal_or_restart+0x10/0x10\n ? vfs_read+0x179/0xa40\n ? ksys_read+0xfe/0x1d0\n ? __pfx_ksys_read+0x10/0x10\n syscall_exit_to_user_mode+0xbc/0x130\n do_syscall_64+0x74/0x110\n ? __pfx___rseq_handle_notify_resume+0x10/0x10\n ? __pfx_ksys_read+0x10/0x10\n ? fpregs_restore_userregs+0xdb/0x1e0\n ? fpregs_restore_userregs+0xdb/0x1e0\n ? syscall_exit_to_user_mode+0x116/0x130\n ? do_syscall_64+0x74/0x110\n ? do_syscall_64+0x74/0x110\n ? do_syscall_64+0x74/0x110\n entry_SYSCALL_64_after_hwframe+0x71/0x79\n RIP: 0033:0x7ff0070eca9c\n Code: Unable to access opcode bytes at 0x7ff0070eca72.\n RSP: 002b:00007ff006dff8c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\n RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00007ff0070eca9c\n RDX: 0000000000000400 RSI: 00007ff006dff9a0 RDI: 0000000000000003\n RBP: 00007ff006dffde0 R08: 0000000000000000 R09: 00007ff000000ba0\n R10: 00007ff007004b08 R11: 0000000000000246 R12: 0000000000000003\n R13: 00007ff006dff9a0 R14: 0000000000000007 R15: 0000000000000008\n \u003c/TASK\u003e\n Modules linked in: snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hwdep snd_hda_core\n ---[ end trace 0000000000000000 ]---\n\nThis is because it would mistakenly call kthread_stop() on a user space\nthread making it \"exit\" before it actually exits.\n\nSince kthread\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46788",
"url": "https://www.suse.com/security/cve/CVE-2024-46788"
},
{
"category": "external",
"summary": "SUSE Bug 1230817 for CVE-2024-46788",
"url": "https://bugzilla.suse.com/1230817"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46788"
},
{
"cve": "CVE-2024-46797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46797"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/qspinlock: Fix deadlock in MCS queue\n\nIf an interrupt occurs in queued_spin_lock_slowpath() after we increment\nqnodesp-\u003ecount and before node-\u003elock is initialized, another CPU might\nsee stale lock values in get_tail_qnode(). If the stale lock value happens\nto match the lock on that CPU, then we write to the \"next\" pointer of\nthe wrong qnode. This causes a deadlock as the former CPU, once it becomes\nthe head of the MCS queue, will spin indefinitely until it\u0027s \"next\" pointer\nis set by its successor in the queue.\n\nRunning stress-ng on a 16 core (16EC/16VP) shared LPAR, results in\noccasional lockups similar to the following:\n\n $ stress-ng --all 128 --vm-bytes 80% --aggressive \\\n --maximize --oomable --verify --syslog \\\n --metrics --times --timeout 5m\n\n watchdog: CPU 15 Hard LOCKUP\n ......\n NIP [c0000000000b78f4] queued_spin_lock_slowpath+0x1184/0x1490\n LR [c000000001037c5c] _raw_spin_lock+0x6c/0x90\n Call Trace:\n 0xc000002cfffa3bf0 (unreliable)\n _raw_spin_lock+0x6c/0x90\n raw_spin_rq_lock_nested.part.135+0x4c/0xd0\n sched_ttwu_pending+0x60/0x1f0\n __flush_smp_call_function_queue+0x1dc/0x670\n smp_ipi_demux_relaxed+0xa4/0x100\n xive_muxed_ipi_action+0x20/0x40\n __handle_irq_event_percpu+0x80/0x240\n handle_irq_event_percpu+0x2c/0x80\n handle_percpu_irq+0x84/0xd0\n generic_handle_irq+0x54/0x80\n __do_irq+0xac/0x210\n __do_IRQ+0x74/0xd0\n 0x0\n do_IRQ+0x8c/0x170\n hardware_interrupt_common_virt+0x29c/0x2a0\n --- interrupt: 500 at queued_spin_lock_slowpath+0x4b8/0x1490\n ......\n NIP [c0000000000b6c28] queued_spin_lock_slowpath+0x4b8/0x1490\n LR [c000000001037c5c] _raw_spin_lock+0x6c/0x90\n --- interrupt: 500\n 0xc0000029c1a41d00 (unreliable)\n _raw_spin_lock+0x6c/0x90\n futex_wake+0x100/0x260\n do_futex+0x21c/0x2a0\n sys_futex+0x98/0x270\n system_call_exception+0x14c/0x2f0\n system_call_vectored_common+0x15c/0x2ec\n\nThe following code flow illustrates how the deadlock occurs.\nFor the sake of brevity, assume that both locks (A and B) are\ncontended and we call the queued_spin_lock_slowpath() function.\n\n CPU0 CPU1\n ---- ----\n spin_lock_irqsave(A) |\n spin_unlock_irqrestore(A) |\n spin_lock(B) |\n | |\n v |\n id = qnodesp-\u003ecount++; |\n (Note that nodes[0].lock == A) |\n | |\n v |\n Interrupt |\n (happens before \"nodes[0].lock = B\") |\n | |\n v |\n spin_lock_irqsave(A) |\n | |\n v |\n id = qnodesp-\u003ecount++ |\n nodes[1].lock = A |\n | |\n v |\n Tail of MCS queue |\n | spin_lock_irqsave(A)\n v |\n Head of MCS queue v\n | CPU0 is previous tail\n v |\n Spin indefinitely v\n (until \"nodes[1].next != NULL\") prev = get_tail_qnode(A, CPU0)\n |\n v\n prev == \u0026qnodes[CPU0].nodes[0]\n (as qnodes\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46797",
"url": "https://www.suse.com/security/cve/CVE-2024-46797"
},
{
"category": "external",
"summary": "SUSE Bug 1230831 for CVE-2024-46797",
"url": "https://bugzilla.suse.com/1230831"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46797"
},
{
"cve": "CVE-2024-46800",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46800"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsch/netem: fix use after free in netem_dequeue\n\nIf netem_dequeue() enqueues packet to inner qdisc and that qdisc\nreturns __NET_XMIT_STOLEN. The packet is dropped but\nqdisc_tree_reduce_backlog() is not called to update the parent\u0027s\nq.qlen, leading to the similar use-after-free as Commit\ne04991a48dbaf382 (\"netem: fix return value if duplicate enqueue\nfails\")\n\nCommands to trigger KASAN UaF:\n\nip link add type dummy\nip link set lo up\nip link set dummy0 up\ntc qdisc add dev lo parent root handle 1: drr\ntc filter add dev lo parent 1: basic classid 1:1\ntc class add dev lo classid 1:1 drr\ntc qdisc add dev lo parent 1:1 handle 2: netem\ntc qdisc add dev lo parent 2: handle 3: drr\ntc filter add dev lo parent 3: basic classid 3:1 action mirred egress\nredirect dev dummy0\ntc class add dev lo classid 3:1 drr\nping -c1 -W0.01 localhost # Trigger bug\ntc class del dev lo classid 1:1\ntc class add dev lo classid 1:1 drr\nping -c1 -W0.01 localhost # UaF",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46800",
"url": "https://www.suse.com/security/cve/CVE-2024-46800"
},
{
"category": "external",
"summary": "SUSE Bug 1230827 for CVE-2024-46800",
"url": "https://bugzilla.suse.com/1230827"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46800"
},
{
"cve": "CVE-2024-46802",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46802"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: added NULL check at start of dc_validate_stream\n\n[Why]\nprevent invalid memory access\n\n[How]\ncheck if dc and stream are NULL",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46802",
"url": "https://www.suse.com/security/cve/CVE-2024-46802"
},
{
"category": "external",
"summary": "SUSE Bug 1231111 for CVE-2024-46802",
"url": "https://bugzilla.suse.com/1231111"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46802"
},
{
"cve": "CVE-2024-46803",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46803"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Check debug trap enable before write dbg_ev_file\n\nIn interrupt context, write dbg_ev_file will be run by work queue. It\nwill cause write dbg_ev_file execution after debug_trap_disable, which\nwill cause NULL pointer access.\nv2: cancel work \"debug_event_workarea\" before set dbg_ev_file as NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46803",
"url": "https://www.suse.com/security/cve/CVE-2024-46803"
},
{
"category": "external",
"summary": "SUSE Bug 1231131 for CVE-2024-46803",
"url": "https://bugzilla.suse.com/1231131"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46803"
},
{
"cve": "CVE-2024-46804",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46804"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add array index check for hdcp ddc access\n\n[Why]\nCoverity reports OVERRUN warning. Do not check if array\nindex valid.\n\n[How]\nCheck msg_id valid and valid array index.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46804",
"url": "https://www.suse.com/security/cve/CVE-2024-46804"
},
{
"category": "external",
"summary": "SUSE Bug 1231132 for CVE-2024-46804",
"url": "https://bugzilla.suse.com/1231132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46804"
},
{
"cve": "CVE-2024-46805",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46805"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix the waring dereferencing hive\n\nCheck the amdgpu_hive_info *hive that maybe is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46805",
"url": "https://www.suse.com/security/cve/CVE-2024-46805"
},
{
"category": "external",
"summary": "SUSE Bug 1231135 for CVE-2024-46805",
"url": "https://bugzilla.suse.com/1231135"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46805"
},
{
"cve": "CVE-2024-46806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46806"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix the warning division or modulo by zero\n\nChecks the partition mode and returns an error for an invalid mode.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46806",
"url": "https://www.suse.com/security/cve/CVE-2024-46806"
},
{
"category": "external",
"summary": "SUSE Bug 1231136 for CVE-2024-46806",
"url": "https://bugzilla.suse.com/1231136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46806"
},
{
"cve": "CVE-2024-46807",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46807"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/amdgpu: Check tbo resource pointer\n\nValidate tbo resource pointer, skip if NULL",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46807",
"url": "https://www.suse.com/security/cve/CVE-2024-46807"
},
{
"category": "external",
"summary": "SUSE Bug 1231138 for CVE-2024-46807",
"url": "https://bugzilla.suse.com/1231138"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46807"
},
{
"cve": "CVE-2024-46809",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46809"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check BIOS images before it is used\n\nBIOS images may fail to load and null checks are added before they are\nused.\n\nThis fixes 6 NULL_RETURNS issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46809",
"url": "https://www.suse.com/security/cve/CVE-2024-46809"
},
{
"category": "external",
"summary": "SUSE Bug 1231148 for CVE-2024-46809",
"url": "https://bugzilla.suse.com/1231148"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46809"
},
{
"cve": "CVE-2024-46810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46810"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ\n\nMake sure the connector is fully initialized before signalling any\nHPD events via drm_kms_helper_hotplug_event(), otherwise this may\nlead to NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46810",
"url": "https://www.suse.com/security/cve/CVE-2024-46810"
},
{
"category": "external",
"summary": "SUSE Bug 1231178 for CVE-2024-46810",
"url": "https://bugzilla.suse.com/1231178"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46810"
},
{
"cve": "CVE-2024-46811",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46811"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box\n\n[Why]\nCoverity reports OVERRUN warning. soc.num_states could\nbe 40. But array range of bw_params-\u003eclk_table.entries is 8.\n\n[How]\nAssert if soc.num_states greater than 8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46811",
"url": "https://www.suse.com/security/cve/CVE-2024-46811"
},
{
"category": "external",
"summary": "SUSE Bug 1231179 for CVE-2024-46811",
"url": "https://bugzilla.suse.com/1231179"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46811"
},
{
"cve": "CVE-2024-46812",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46812"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration\n\n[Why]\nCoverity reports Memory - illegal accesses.\n\n[How]\nSkip inactive planes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46812",
"url": "https://www.suse.com/security/cve/CVE-2024-46812"
},
{
"category": "external",
"summary": "SUSE Bug 1231187 for CVE-2024-46812",
"url": "https://bugzilla.suse.com/1231187"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46812"
},
{
"cve": "CVE-2024-46813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46813"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check link_index before accessing dc-\u003elinks[]\n\n[WHY \u0026 HOW]\ndc-\u003elinks[] has max size of MAX_LINKS and NULL is return when trying to\naccess with out-of-bound index.\n\nThis fixes 3 OVERRUN and 1 RESOURCE_LEAK issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46813",
"url": "https://www.suse.com/security/cve/CVE-2024-46813"
},
{
"category": "external",
"summary": "SUSE Bug 1231191 for CVE-2024-46813",
"url": "https://bugzilla.suse.com/1231191"
},
{
"category": "external",
"summary": "SUSE Bug 1231192 for CVE-2024-46813",
"url": "https://bugzilla.suse.com/1231192"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-46813"
},
{
"cve": "CVE-2024-46814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46814"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check msg_id before processing transcation\n\n[WHY \u0026 HOW]\nHDCP_MESSAGE_ID_INVALID (-1) is not a valid msg_id nor is it a valid\narray index, and it needs checking before used.\n\nThis fixes 4 OVERRUN issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46814",
"url": "https://www.suse.com/security/cve/CVE-2024-46814"
},
{
"category": "external",
"summary": "SUSE Bug 1231193 for CVE-2024-46814",
"url": "https://bugzilla.suse.com/1231193"
},
{
"category": "external",
"summary": "SUSE Bug 1231194 for CVE-2024-46814",
"url": "https://bugzilla.suse.com/1231194"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-46814"
},
{
"cve": "CVE-2024-46815",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46815"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]\n\n[WHY \u0026 HOW]\nnum_valid_sets needs to be checked to avoid a negative index when\naccessing reader_wm_sets[num_valid_sets - 1].\n\nThis fixes an OVERRUN issue reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46815",
"url": "https://www.suse.com/security/cve/CVE-2024-46815"
},
{
"category": "external",
"summary": "SUSE Bug 1231195 for CVE-2024-46815",
"url": "https://bugzilla.suse.com/1231195"
},
{
"category": "external",
"summary": "SUSE Bug 1231196 for CVE-2024-46815",
"url": "https://bugzilla.suse.com/1231196"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-46815"
},
{
"cve": "CVE-2024-46816",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46816"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links\n\n[Why]\nCoverity report OVERRUN warning. There are\nonly max_links elements within dc-\u003elinks. link\ncount could up to AMDGPU_DM_MAX_DISPLAY_INDEX 31.\n\n[How]\nMake sure link count less than max_links.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46816",
"url": "https://www.suse.com/security/cve/CVE-2024-46816"
},
{
"category": "external",
"summary": "SUSE Bug 1231197 for CVE-2024-46816",
"url": "https://bugzilla.suse.com/1231197"
},
{
"category": "external",
"summary": "SUSE Bug 1231198 for CVE-2024-46816",
"url": "https://bugzilla.suse.com/1231198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-46816"
},
{
"cve": "CVE-2024-46817",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46817"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6\n\n[Why]\nCoverity reports OVERRUN warning. Should abort amdgpu_dm\ninitialize.\n\n[How]\nReturn failure to amdgpu_dm_init.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46817",
"url": "https://www.suse.com/security/cve/CVE-2024-46817"
},
{
"category": "external",
"summary": "SUSE Bug 1231200 for CVE-2024-46817",
"url": "https://bugzilla.suse.com/1231200"
},
{
"category": "external",
"summary": "SUSE Bug 1231201 for CVE-2024-46817",
"url": "https://bugzilla.suse.com/1231201"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-46817"
},
{
"cve": "CVE-2024-46818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46818"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check gpio_id before used as array index\n\n[WHY \u0026 HOW]\nGPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore\nshould be checked in advance.\n\nThis fixes 5 OVERRUN issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46818",
"url": "https://www.suse.com/security/cve/CVE-2024-46818"
},
{
"category": "external",
"summary": "SUSE Bug 1231203 for CVE-2024-46818",
"url": "https://bugzilla.suse.com/1231203"
},
{
"category": "external",
"summary": "SUSE Bug 1231204 for CVE-2024-46818",
"url": "https://bugzilla.suse.com/1231204"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-46818"
},
{
"cve": "CVE-2024-46819",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46819"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: the warning dereferencing obj for nbio_v7_4\n\nif ras_manager obj null, don\u0027t print NBIO err data",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46819",
"url": "https://www.suse.com/security/cve/CVE-2024-46819"
},
{
"category": "external",
"summary": "SUSE Bug 1231202 for CVE-2024-46819",
"url": "https://bugzilla.suse.com/1231202"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46819"
},
{
"cve": "CVE-2024-46821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46821"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Fix negative array index read\n\nAvoid using the negative values\nfor clk_idex as an index into an array pptable-\u003eDpmDescriptor.\n\nV2: fix clk_index return check (Tim Huang)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46821",
"url": "https://www.suse.com/security/cve/CVE-2024-46821"
},
{
"category": "external",
"summary": "SUSE Bug 1231169 for CVE-2024-46821",
"url": "https://bugzilla.suse.com/1231169"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46821"
},
{
"cve": "CVE-2024-46825",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46825"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check\n\nThe lookup function iwl_mvm_rcu_fw_link_id_to_link_conf() is\nnormally called with input from the firmware, so it should use\nIWL_FW_CHECK() instead of WARN_ON().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46825",
"url": "https://www.suse.com/security/cve/CVE-2024-46825"
},
{
"category": "external",
"summary": "SUSE Bug 1231170 for CVE-2024-46825",
"url": "https://bugzilla.suse.com/1231170"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46825"
},
{
"cve": "CVE-2024-46826",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46826"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nELF: fix kernel.randomize_va_space double read\n\nELF loader uses \"randomize_va_space\" twice. It is sysctl and can change\nat any moment, so 2 loads could see 2 different values in theory with\nunpredictable consequences.\n\nIssue exactly one load for consistent value across one exec.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46826",
"url": "https://www.suse.com/security/cve/CVE-2024-46826"
},
{
"category": "external",
"summary": "SUSE Bug 1231115 for CVE-2024-46826",
"url": "https://bugzilla.suse.com/1231115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46826"
},
{
"cve": "CVE-2024-46827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46827"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix firmware crash due to invalid peer nss\n\nCurrently, if the access point receives an association\nrequest containing an Extended HE Capabilities Information\nElement with an invalid MCS-NSS, it triggers a firmware\ncrash.\n\nThis issue arises when EHT-PHY capabilities shows support\nfor a bandwidth and MCS-NSS set for that particular\nbandwidth is filled by zeros and due to this, driver obtains\npeer_nss as 0 and sending this value to firmware causes\ncrash.\n\nAddress this issue by implementing a validation step for\nthe peer_nss value before passing it to the firmware. If\nthe value is greater than zero, proceed with forwarding\nit to the firmware. However, if the value is invalid,\nreject the association request to prevent potential\nfirmware crashes.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46827",
"url": "https://www.suse.com/security/cve/CVE-2024-46827"
},
{
"category": "external",
"summary": "SUSE Bug 1231171 for CVE-2024-46827",
"url": "https://bugzilla.suse.com/1231171"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46827"
},
{
"cve": "CVE-2024-46828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46828"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: sch_cake: fix bulk flow accounting logic for host fairness\n\nIn sch_cake, we keep track of the count of active bulk flows per host,\nwhen running in dst/src host fairness mode, which is used as the\nround-robin weight when iterating through flows. The count of active\nbulk flows is updated whenever a flow changes state.\n\nThis has a peculiar interaction with the hash collision handling: when a\nhash collision occurs (after the set-associative hashing), the state of\nthe hash bucket is simply updated to match the new packet that collided,\nand if host fairness is enabled, that also means assigning new per-host\nstate to the flow. For this reason, the bulk flow counters of the\nhost(s) assigned to the flow are decremented, before new state is\nassigned (and the counters, which may not belong to the same host\nanymore, are incremented again).\n\nBack when this code was introduced, the host fairness mode was always\nenabled, so the decrement was unconditional. When the configuration\nflags were introduced the *increment* was made conditional, but\nthe *decrement* was not. Which of course can lead to a spurious\ndecrement (and associated wrap-around to U16_MAX).\n\nAFAICT, when host fairness is disabled, the decrement and wrap-around\nhappens as soon as a hash collision occurs (which is not that common in\nitself, due to the set-associative hashing). However, in most cases this\nis harmless, as the value is only used when host fairness mode is\nenabled. So in order to trigger an array overflow, sch_cake has to first\nbe configured with host fairness disabled, and while running in this\nmode, a hash collision has to occur to cause the overflow. Then, the\nqdisc has to be reconfigured to enable host fairness, which leads to the\narray out-of-bounds because the wrapped-around value is retained and\nused as an array index. It seems that syzbot managed to trigger this,\nwhich is quite impressive in its own right.\n\nThis patch fixes the issue by introducing the same conditional check on\ndecrement as is used on increment.\n\nThe original bug predates the upstreaming of cake, but the commit listed\nin the Fixes tag touched that code, meaning that this patch won\u0027t apply\nbefore that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46828",
"url": "https://www.suse.com/security/cve/CVE-2024-46828"
},
{
"category": "external",
"summary": "SUSE Bug 1231114 for CVE-2024-46828",
"url": "https://bugzilla.suse.com/1231114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46828"
},
{
"cve": "CVE-2024-46830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46830"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Acquire kvm-\u003esrcu when handling KVM_SET_VCPU_EVENTS\n\nGrab kvm-\u003esrcu when processing KVM_SET_VCPU_EVENTS, as KVM will forcibly\nleave nested VMX/SVM if SMM mode is being toggled, and leaving nested VMX\nreads guest memory.\n\nNote, kvm_vcpu_ioctl_x86_set_vcpu_events() can also be called from KVM_RUN\nvia sync_regs(), which already holds SRCU. I.e. trying to precisely use\nkvm_vcpu_srcu_read_lock() around the problematic SMM code would cause\nproblems. Acquiring SRCU isn\u0027t all that expensive, so for simplicity,\ngrab it unconditionally for KVM_SET_VCPU_EVENTS.\n\n =============================\n WARNING: suspicious RCU usage\n 6.10.0-rc7-332d2c1d713e-next-vm #552 Not tainted\n -----------------------------\n include/linux/kvm_host.h:1027 suspicious rcu_dereference_check() usage!\n\n other info that might help us debug this:\n\n rcu_scheduler_active = 2, debug_locks = 1\n 1 lock held by repro/1071:\n #0: ffff88811e424430 (\u0026vcpu-\u003emutex){+.+.}-{3:3}, at: kvm_vcpu_ioctl+0x7d/0x970 [kvm]\n\n stack backtrace:\n CPU: 15 PID: 1071 Comm: repro Not tainted 6.10.0-rc7-332d2c1d713e-next-vm #552\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x7f/0x90\n lockdep_rcu_suspicious+0x13f/0x1a0\n kvm_vcpu_gfn_to_memslot+0x168/0x190 [kvm]\n kvm_vcpu_read_guest+0x3e/0x90 [kvm]\n nested_vmx_load_msr+0x6b/0x1d0 [kvm_intel]\n load_vmcs12_host_state+0x432/0xb40 [kvm_intel]\n vmx_leave_nested+0x30/0x40 [kvm_intel]\n kvm_vcpu_ioctl_x86_set_vcpu_events+0x15d/0x2b0 [kvm]\n kvm_arch_vcpu_ioctl+0x1107/0x1750 [kvm]\n ? mark_held_locks+0x49/0x70\n ? kvm_vcpu_ioctl+0x7d/0x970 [kvm]\n ? kvm_vcpu_ioctl+0x497/0x970 [kvm]\n kvm_vcpu_ioctl+0x497/0x970 [kvm]\n ? lock_acquire+0xba/0x2d0\n ? find_held_lock+0x2b/0x80\n ? do_user_addr_fault+0x40c/0x6f0\n ? lock_release+0xb7/0x270\n __x64_sys_ioctl+0x82/0xb0\n do_syscall_64+0x6c/0x170\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n RIP: 0033:0x7ff11eb1b539\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46830",
"url": "https://www.suse.com/security/cve/CVE-2024-46830"
},
{
"category": "external",
"summary": "SUSE Bug 1231116 for CVE-2024-46830",
"url": "https://bugzilla.suse.com/1231116"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46830"
},
{
"cve": "CVE-2024-46831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46831"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: microchip: vcap: Fix use-after-free error in kunit test\n\nThis is a clear use-after-free error. We remove it, and rely on checking\nthe return code of vcap_del_rule.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46831",
"url": "https://www.suse.com/security/cve/CVE-2024-46831"
},
{
"category": "external",
"summary": "SUSE Bug 1231117 for CVE-2024-46831",
"url": "https://bugzilla.suse.com/1231117"
},
{
"category": "external",
"summary": "SUSE Bug 1236242 for CVE-2024-46831",
"url": "https://bugzilla.suse.com/1236242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-46831"
},
{
"cve": "CVE-2024-46834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46834"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: fail closed if we can\u0027t get max channel used in indirection tables\n\nCommit 0d1b7d6c9274 (\"bnxt: fix crashes when reducing ring count with\nactive RSS contexts\") proves that allowing indirection table to contain\nchannels with out of bounds IDs may lead to crashes. Currently the\nmax channel check in the core gets skipped if driver can\u0027t fetch\nthe indirection table or when we can\u0027t allocate memory.\n\nBoth of those conditions should be extremely rare but if they do\nhappen we should try to be safe and fail the channel change.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46834",
"url": "https://www.suse.com/security/cve/CVE-2024-46834"
},
{
"category": "external",
"summary": "SUSE Bug 1231096 for CVE-2024-46834",
"url": "https://bugzilla.suse.com/1231096"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46834"
},
{
"cve": "CVE-2024-46835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46835"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix smatch static checker warning\n\nadev-\u003egfx.imu.funcs could be NULL",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46835",
"url": "https://www.suse.com/security/cve/CVE-2024-46835"
},
{
"category": "external",
"summary": "SUSE Bug 1231098 for CVE-2024-46835",
"url": "https://bugzilla.suse.com/1231098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46835"
},
{
"cve": "CVE-2024-46836",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46836"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: aspeed_udc: validate endpoint index for ast udc\n\nWe should verify the bound of the array to assure that host\nmay not manipulate the index to point past endpoint array.\n\nFound by static analysis.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46836",
"url": "https://www.suse.com/security/cve/CVE-2024-46836"
},
{
"category": "external",
"summary": "SUSE Bug 1231092 for CVE-2024-46836",
"url": "https://bugzilla.suse.com/1231092"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46836"
},
{
"cve": "CVE-2024-46840",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46840"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: clean up our handling of refs == 0 in snapshot delete\n\nIn reada we BUG_ON(refs == 0), which could be unkind since we aren\u0027t\nholding a lock on the extent leaf and thus could get a transient\nincorrect answer. In walk_down_proc we also BUG_ON(refs == 0), which\ncould happen if we have extent tree corruption. Change that to return\n-EUCLEAN. In do_walk_down() we catch this case and handle it correctly,\nhowever we return -EIO, which -EUCLEAN is a more appropriate error code.\nFinally in walk_up_proc we have the same BUG_ON(refs == 0), so convert\nthat to proper error handling. Also adjust the error message so we can\nactually do something with the information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46840",
"url": "https://www.suse.com/security/cve/CVE-2024-46840"
},
{
"category": "external",
"summary": "SUSE Bug 1231105 for CVE-2024-46840",
"url": "https://bugzilla.suse.com/1231105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46840"
},
{
"cve": "CVE-2024-46841",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46841"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don\u0027t BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()\n\nWe handle errors here properly, ENOMEM isn\u0027t fatal, return the error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46841",
"url": "https://www.suse.com/security/cve/CVE-2024-46841"
},
{
"category": "external",
"summary": "SUSE Bug 1231094 for CVE-2024-46841",
"url": "https://bugzilla.suse.com/1231094"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46841"
},
{
"cve": "CVE-2024-46842",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46842"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info\n\nThe MBX_TIMEOUT return code is not handled in lpfc_get_sfp_info and the\nroutine unconditionally frees submitted mailbox commands regardless of\nreturn status. The issue is that for MBX_TIMEOUT cases, when firmware\nreturns SFP information at a later time, that same mailbox memory region\nreferences previously freed memory in its cmpl routine.\n\nFix by adding checks for the MBX_TIMEOUT return code. During mailbox\nresource cleanup, check the mbox flag to make sure that the wait did not\ntimeout. If the MBOX_WAKE flag is not set, then do not free the resources\nbecause it will be freed when firmware completes the mailbox at a later\ntime in its cmpl routine.\n\nAlso, increase the timeout from 30 to 60 seconds to accommodate boot\nscripts requiring longer timeouts.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46842",
"url": "https://www.suse.com/security/cve/CVE-2024-46842"
},
{
"category": "external",
"summary": "SUSE Bug 1231101 for CVE-2024-46842",
"url": "https://bugzilla.suse.com/1231101"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46842"
},
{
"cve": "CVE-2024-46843",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46843"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Remove SCSI host only if added\n\nIf host tries to remove ufshcd driver from a UFS device it would cause a\nkernel panic if ufshcd_async_scan fails during ufshcd_probe_hba before\nadding a SCSI host with scsi_add_host and MCQ is enabled since SCSI host\nhas been defered after MCQ configuration introduced by commit 0cab4023ec7b\n(\"scsi: ufs: core: Defer adding host to SCSI if MCQ is supported\").\n\nTo guarantee that SCSI host is removed only if it has been added, set the\nscsi_host_added flag to true after adding a SCSI host and check whether it\nis set or not before removing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46843",
"url": "https://www.suse.com/security/cve/CVE-2024-46843"
},
{
"category": "external",
"summary": "SUSE Bug 1231100 for CVE-2024-46843",
"url": "https://bugzilla.suse.com/1231100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46843"
},
{
"cve": "CVE-2024-46845",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46845"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/timerlat: Only clear timer if a kthread exists\n\nThe timerlat tracer can use user space threads to check for osnoise and\ntimer latency. If the program using this is killed via a SIGTERM, the\nthreads are shutdown one at a time and another tracing instance can start\nup resetting the threads before they are fully closed. That causes the\nhrtimer assigned to the kthread to be shutdown and freed twice when the\ndying thread finally closes the file descriptors, causing a use-after-free\nbug.\n\nOnly cancel the hrtimer if the associated thread is still around. Also add\nthe interface_lock around the resetting of the tlat_var-\u003ekthread.\n\nNote, this is just a quick fix that can be backported to stable. A real\nfix is to have a better synchronization between the shutdown of old\nthreads and the starting of new ones.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46845",
"url": "https://www.suse.com/security/cve/CVE-2024-46845"
},
{
"category": "external",
"summary": "SUSE Bug 1231076 for CVE-2024-46845",
"url": "https://bugzilla.suse.com/1231076"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46845"
},
{
"cve": "CVE-2024-46846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46846"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: rockchip: Resolve unbalanced runtime PM / system PM handling\n\nCommit e882575efc77 (\"spi: rockchip: Suspend and resume the bus during\nNOIRQ_SYSTEM_SLEEP_PM ops\") stopped respecting runtime PM status and\nsimply disabled clocks unconditionally when suspending the system. This\ncauses problems when the device is already runtime suspended when we go\nto sleep -- in which case we double-disable clocks and produce a\nWARNing.\n\nSwitch back to pm_runtime_force_{suspend,resume}(), because that still\nseems like the right thing to do, and the aforementioned commit makes no\nexplanation why it stopped using it.\n\nAlso, refactor some of the resume() error handling, because it\u0027s not\nactually a good idea to re-disable clocks on failure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46846",
"url": "https://www.suse.com/security/cve/CVE-2024-46846"
},
{
"category": "external",
"summary": "SUSE Bug 1231075 for CVE-2024-46846",
"url": "https://bugzilla.suse.com/1231075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46846"
},
{
"cve": "CVE-2024-46848",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46848"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/intel: Limit the period on Haswell\n\nRunning the ltp test cve-2015-3290 concurrently reports the following\nwarnings.\n\nperfevents: irq loop stuck!\n WARNING: CPU: 31 PID: 32438 at arch/x86/events/intel/core.c:3174\n intel_pmu_handle_irq+0x285/0x370\n Call Trace:\n \u003cNMI\u003e\n ? __warn+0xa4/0x220\n ? intel_pmu_handle_irq+0x285/0x370\n ? __report_bug+0x123/0x130\n ? intel_pmu_handle_irq+0x285/0x370\n ? __report_bug+0x123/0x130\n ? intel_pmu_handle_irq+0x285/0x370\n ? report_bug+0x3e/0xa0\n ? handle_bug+0x3c/0x70\n ? exc_invalid_op+0x18/0x50\n ? asm_exc_invalid_op+0x1a/0x20\n ? irq_work_claim+0x1e/0x40\n ? intel_pmu_handle_irq+0x285/0x370\n perf_event_nmi_handler+0x3d/0x60\n nmi_handle+0x104/0x330\n\nThanks to Thomas Gleixner\u0027s analysis, the issue is caused by the low\ninitial period (1) of the frequency estimation algorithm, which triggers\nthe defects of the HW, specifically erratum HSW11 and HSW143. (For the\ndetails, please refer https://lore.kernel.org/lkml/87plq9l5d2.ffs@tglx/)\n\nThe HSW11 requires a period larger than 100 for the INST_RETIRED.ALL\nevent, but the initial period in the freq mode is 1. The erratum is the\nsame as the BDM11, which has been supported in the kernel. A minimum\nperiod of 128 is enforced as well on HSW.\n\nHSW143 is regarding that the fixed counter 1 may overcount 32 with the\nHyper-Threading is enabled. However, based on the test, the hardware\nhas more issues than it tells. Besides the fixed counter 1, the message\n\u0027interrupt took too long\u0027 can be observed on any counter which was armed\nwith a period \u003c 32 and two events expired in the same NMI. A minimum\nperiod of 32 is enforced for the rest of the events.\nThe recommended workaround code of the HSW143 is not implemented.\nBecause it only addresses the issue for the fixed counter. It brings\nextra overhead through extra MSR writing. No related overcounting issue\nhas been reported so far.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46848",
"url": "https://www.suse.com/security/cve/CVE-2024-46848"
},
{
"category": "external",
"summary": "SUSE Bug 1231072 for CVE-2024-46848",
"url": "https://bugzilla.suse.com/1231072"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46848"
},
{
"cve": "CVE-2024-46849",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46849"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: meson: axg-card: fix \u0027use-after-free\u0027\n\nBuffer \u0027card-\u003edai_link\u0027 is reallocated in \u0027meson_card_reallocate_links()\u0027,\nso move \u0027pad\u0027 pointer initialization after this function when memory is\nalready reallocated.\n\nKasan bug report:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc\nRead of size 8 at addr ffff000000e8b260 by task modprobe/356\n\nCPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1\nCall trace:\n dump_backtrace+0x94/0xec\n show_stack+0x18/0x24\n dump_stack_lvl+0x78/0x90\n print_report+0xfc/0x5c0\n kasan_report+0xb8/0xfc\n __asan_load8+0x9c/0xb8\n axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card]\n meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils]\n platform_probe+0x8c/0xf4\n really_probe+0x110/0x39c\n __driver_probe_device+0xb8/0x18c\n driver_probe_device+0x108/0x1d8\n __driver_attach+0xd0/0x25c\n bus_for_each_dev+0xe0/0x154\n driver_attach+0x34/0x44\n bus_add_driver+0x134/0x294\n driver_register+0xa8/0x1e8\n __platform_driver_register+0x44/0x54\n axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card]\n do_one_initcall+0xdc/0x25c\n do_init_module+0x10c/0x334\n load_module+0x24c4/0x26cc\n init_module_from_file+0xd4/0x128\n __arm64_sys_finit_module+0x1f4/0x41c\n invoke_syscall+0x60/0x188\n el0_svc_common.constprop.0+0x78/0x13c\n do_el0_svc+0x30/0x40\n el0_svc+0x38/0x78\n el0t_64_sync_handler+0x100/0x12c\n el0t_64_sync+0x190/0x194",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46849",
"url": "https://www.suse.com/security/cve/CVE-2024-46849"
},
{
"category": "external",
"summary": "SUSE Bug 1231073 for CVE-2024-46849",
"url": "https://bugzilla.suse.com/1231073"
},
{
"category": "external",
"summary": "SUSE Bug 1231256 for CVE-2024-46849",
"url": "https://bugzilla.suse.com/1231256"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-46849"
},
{
"cve": "CVE-2024-46851",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46851"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct()\n\ndc_state_destruct() nulls the resource context of the DC state. The pipe\ncontext passed to dcn10_set_drr() is a member of this resource context.\n\nIf dc_state_destruct() is called parallel to the IRQ processing (which\ncalls dcn10_set_drr() at some point), we can end up using already nulled\nfunction callback fields of struct stream_resource.\n\nThe logic in dcn10_set_drr() already tries to avoid this, by checking tg\nagainst NULL. But if the nulling happens exactly after the NULL check and\nbefore the next access, then we get a race.\n\nAvoid this by copying tg first to a local variable, and then use this\nvariable for all the operations. This should work, as long as nobody\nfrees the resource pool where the timing generators live.\n\n(cherry picked from commit a3cc326a43bdc48fbdf53443e1027a03e309b643)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46851",
"url": "https://www.suse.com/security/cve/CVE-2024-46851"
},
{
"category": "external",
"summary": "SUSE Bug 1231081 for CVE-2024-46851",
"url": "https://bugzilla.suse.com/1231081"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46851"
},
{
"cve": "CVE-2024-46852",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46852"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf: heaps: Fix off-by-one in CMA heap fault handler\n\nUntil VM_DONTEXPAND was added in commit 1c1914d6e8c6 (\"dma-buf: heaps:\nDon\u0027t track CMA dma-buf pages under RssFile\") it was possible to obtain\na mapping larger than the buffer size via mremap and bypass the overflow\ncheck in dma_buf_mmap_internal. When using such a mapping to attempt to\nfault past the end of the buffer, the CMA heap fault handler also checks\nthe fault offset against the buffer size, but gets the boundary wrong by\n1. Fix the boundary check so that we don\u0027t read off the end of the pages\narray and insert an arbitrary page in the mapping.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46852",
"url": "https://www.suse.com/security/cve/CVE-2024-46852"
},
{
"category": "external",
"summary": "SUSE Bug 1231082 for CVE-2024-46852",
"url": "https://bugzilla.suse.com/1231082"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46852"
},
{
"cve": "CVE-2024-46853",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46853"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: nxp-fspi: fix the KASAN report out-of-bounds bug\n\nChange the memcpy length to fix the out-of-bounds issue when writing the\ndata that is not 4 byte aligned to TX FIFO.\n\nTo reproduce the issue, write 3 bytes data to NOR chip.\n\ndd if=3b of=/dev/mtd0\n[ 36.926103] ==================================================================\n[ 36.933409] BUG: KASAN: slab-out-of-bounds in nxp_fspi_exec_op+0x26ec/0x2838\n[ 36.940514] Read of size 4 at addr ffff00081037c2a0 by task dd/455\n[ 36.946721]\n[ 36.948235] CPU: 3 UID: 0 PID: 455 Comm: dd Not tainted 6.11.0-rc5-gc7b0e37c8434 #1070\n[ 36.956185] Hardware name: Freescale i.MX8QM MEK (DT)\n[ 36.961260] Call trace:\n[ 36.963723] dump_backtrace+0x90/0xe8\n[ 36.967414] show_stack+0x18/0x24\n[ 36.970749] dump_stack_lvl+0x78/0x90\n[ 36.974451] print_report+0x114/0x5cc\n[ 36.978151] kasan_report+0xa4/0xf0\n[ 36.981670] __asan_report_load_n_noabort+0x1c/0x28\n[ 36.986587] nxp_fspi_exec_op+0x26ec/0x2838\n[ 36.990800] spi_mem_exec_op+0x8ec/0xd30\n[ 36.994762] spi_mem_no_dirmap_read+0x190/0x1e0\n[ 36.999323] spi_mem_dirmap_write+0x238/0x32c\n[ 37.003710] spi_nor_write_data+0x220/0x374\n[ 37.007932] spi_nor_write+0x110/0x2e8\n[ 37.011711] mtd_write_oob_std+0x154/0x1f0\n[ 37.015838] mtd_write_oob+0x104/0x1d0\n[ 37.019617] mtd_write+0xb8/0x12c\n[ 37.022953] mtdchar_write+0x224/0x47c\n[ 37.026732] vfs_write+0x1e4/0x8c8\n[ 37.030163] ksys_write+0xec/0x1d0\n[ 37.033586] __arm64_sys_write+0x6c/0x9c\n[ 37.037539] invoke_syscall+0x6c/0x258\n[ 37.041327] el0_svc_common.constprop.0+0x160/0x22c\n[ 37.046244] do_el0_svc+0x44/0x5c\n[ 37.049589] el0_svc+0x38/0x78\n[ 37.052681] el0t_64_sync_handler+0x13c/0x158\n[ 37.057077] el0t_64_sync+0x190/0x194\n[ 37.060775]\n[ 37.062274] Allocated by task 455:\n[ 37.065701] kasan_save_stack+0x2c/0x54\n[ 37.069570] kasan_save_track+0x20/0x3c\n[ 37.073438] kasan_save_alloc_info+0x40/0x54\n[ 37.077736] __kasan_kmalloc+0xa0/0xb8\n[ 37.081515] __kmalloc_noprof+0x158/0x2f8\n[ 37.085563] mtd_kmalloc_up_to+0x120/0x154\n[ 37.089690] mtdchar_write+0x130/0x47c\n[ 37.093469] vfs_write+0x1e4/0x8c8\n[ 37.096901] ksys_write+0xec/0x1d0\n[ 37.100332] __arm64_sys_write+0x6c/0x9c\n[ 37.104287] invoke_syscall+0x6c/0x258\n[ 37.108064] el0_svc_common.constprop.0+0x160/0x22c\n[ 37.112972] do_el0_svc+0x44/0x5c\n[ 37.116319] el0_svc+0x38/0x78\n[ 37.119401] el0t_64_sync_handler+0x13c/0x158\n[ 37.123788] el0t_64_sync+0x190/0x194\n[ 37.127474]\n[ 37.128977] The buggy address belongs to the object at ffff00081037c2a0\n[ 37.128977] which belongs to the cache kmalloc-8 of size 8\n[ 37.141177] The buggy address is located 0 bytes inside of\n[ 37.141177] allocated 3-byte region [ffff00081037c2a0, ffff00081037c2a3)\n[ 37.153465]\n[ 37.154971] The buggy address belongs to the physical page:\n[ 37.160559] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x89037c\n[ 37.168596] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)\n[ 37.175149] page_type: 0xfdffffff(slab)\n[ 37.179021] raw: 0bfffe0000000000 ffff000800002500 dead000000000122 0000000000000000\n[ 37.186788] raw: 0000000000000000 0000000080800080 00000001fdffffff 0000000000000000\n[ 37.194553] page dumped because: kasan: bad access detected\n[ 37.200144]\n[ 37.201647] Memory state around the buggy address:\n[ 37.206460] ffff00081037c180: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc\n[ 37.213701] ffff00081037c200: fa fc fc fc 05 fc fc fc 03 fc fc fc 02 fc fc fc\n[ 37.220946] \u003effff00081037c280: 06 fc fc fc 03 fc fc fc fc fc fc fc fc fc fc fc\n[ 37.228186] ^\n[ 37.232473] ffff00081037c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[ 37.239718] ffff00081037c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[ 37.246962] ==============================================================\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46853",
"url": "https://www.suse.com/security/cve/CVE-2024-46853"
},
{
"category": "external",
"summary": "SUSE Bug 1231083 for CVE-2024-46853",
"url": "https://bugzilla.suse.com/1231083"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46853"
},
{
"cve": "CVE-2024-46854",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46854"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dpaa: Pad packets to ETH_ZLEN\n\nWhen sending packets under 60 bytes, up to three bytes of the buffer\nfollowing the data may be leaked. Avoid this by extending all packets to\nETH_ZLEN, ensuring nothing is leaked in the padding. This bug can be\nreproduced by running\n\n\t$ ping -s 11 destination",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46854",
"url": "https://www.suse.com/security/cve/CVE-2024-46854"
},
{
"category": "external",
"summary": "SUSE Bug 1231084 for CVE-2024-46854",
"url": "https://bugzilla.suse.com/1231084"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46854"
},
{
"cve": "CVE-2024-46855",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46855"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_socket: fix sk refcount leaks\n\nWe must put \u0027sk\u0027 reference before returning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46855",
"url": "https://www.suse.com/security/cve/CVE-2024-46855"
},
{
"category": "external",
"summary": "SUSE Bug 1231085 for CVE-2024-46855",
"url": "https://bugzilla.suse.com/1231085"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46855"
},
{
"cve": "CVE-2024-46857",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46857"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix bridge mode operations when there are no VFs\n\nCurrently, trying to set the bridge mode attribute when numvfs=0 leads to a\ncrash:\n\nbridge link set dev eth2 hwmode vepa\n\n[ 168.967392] BUG: kernel NULL pointer dereference, address: 0000000000000030\n[...]\n[ 168.969989] RIP: 0010:mlx5_add_flow_rules+0x1f/0x300 [mlx5_core]\n[...]\n[ 168.976037] Call Trace:\n[ 168.976188] \u003cTASK\u003e\n[ 168.978620] _mlx5_eswitch_set_vepa_locked+0x113/0x230 [mlx5_core]\n[ 168.979074] mlx5_eswitch_set_vepa+0x7f/0xa0 [mlx5_core]\n[ 168.979471] rtnl_bridge_setlink+0xe9/0x1f0\n[ 168.979714] rtnetlink_rcv_msg+0x159/0x400\n[ 168.980451] netlink_rcv_skb+0x54/0x100\n[ 168.980675] netlink_unicast+0x241/0x360\n[ 168.980918] netlink_sendmsg+0x1f6/0x430\n[ 168.981162] ____sys_sendmsg+0x3bb/0x3f0\n[ 168.982155] ___sys_sendmsg+0x88/0xd0\n[ 168.985036] __sys_sendmsg+0x59/0xa0\n[ 168.985477] do_syscall_64+0x79/0x150\n[ 168.987273] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 168.987773] RIP: 0033:0x7f8f7950f917\n\n(esw-\u003efdb_table.legacy.vepa_fdb is null)\n\nThe bridge mode is only relevant when there are multiple functions per\nport. Therefore, prevent setting and getting this setting when there are no\nVFs.\n\nNote that after this change, there are no settings to change on the PF\ninterface using `bridge link` when there are no VFs, so the interface no\nlonger appears in the `bridge link` output.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46857",
"url": "https://www.suse.com/security/cve/CVE-2024-46857"
},
{
"category": "external",
"summary": "SUSE Bug 1231087 for CVE-2024-46857",
"url": "https://bugzilla.suse.com/1231087"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46857"
},
{
"cve": "CVE-2024-46859",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46859"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: panasonic-laptop: Fix SINF array out of bounds accesses\n\nThe panasonic laptop code in various places uses the SINF array with index\nvalues of 0 - SINF_CUR_BRIGHT(0x0d) without checking that the SINF array\nis big enough.\n\nNot all panasonic laptops have this many SINF array entries, for example\nthe Toughbook CF-18 model only has 10 SINF array entries. So it only\nsupports the AC+DC brightness entries and mute.\n\nCheck that the SINF array has a minimum size which covers all AC+DC\nbrightness entries and refuse to load if the SINF array is smaller.\n\nFor higher SINF indexes hide the sysfs attributes when the SINF array\ndoes not contain an entry for that attribute, avoiding show()/store()\naccessing the array out of bounds and add bounds checking to the probe()\nand resume() code accessing these.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46859",
"url": "https://www.suse.com/security/cve/CVE-2024-46859"
},
{
"category": "external",
"summary": "SUSE Bug 1231089 for CVE-2024-46859",
"url": "https://bugzilla.suse.com/1231089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46859"
},
{
"cve": "CVE-2024-46860",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46860"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change\n\nWhen disabling wifi mt7921_ipv6_addr_change() is called as a notifier.\nAt this point mvif-\u003ephy is already NULL so we cannot use it here.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46860",
"url": "https://www.suse.com/security/cve/CVE-2024-46860"
},
{
"category": "external",
"summary": "SUSE Bug 1231093 for CVE-2024-46860",
"url": "https://bugzilla.suse.com/1231093"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46860"
},
{
"cve": "CVE-2024-46861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46861"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: do not stop RX on failing RX callback\n\nRX callbacks can fail for multiple reasons:\n\n* Payload too short\n* Payload formatted incorrecly (e.g. bad NCM framing)\n* Lack of memory\n\nNone of these should cause the driver to seize up.\n\nMake such failures non-critical and continue processing further\nincoming URBs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46861",
"url": "https://www.suse.com/security/cve/CVE-2024-46861"
},
{
"category": "external",
"summary": "SUSE Bug 1231102 for CVE-2024-46861",
"url": "https://bugzilla.suse.com/1231102"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46861"
},
{
"cve": "CVE-2024-46864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46864"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/hyperv: fix kexec crash due to VP assist page corruption\n\ncommit 9636be85cc5b (\"x86/hyperv: Fix hyperv_pcpu_input_arg handling when\nCPUs go online/offline\") introduces a new cpuhp state for hyperv\ninitialization.\n\ncpuhp_setup_state() returns the state number if state is\nCPUHP_AP_ONLINE_DYN or CPUHP_BP_PREPARE_DYN and 0 for all other states.\nFor the hyperv case, since a new cpuhp state was introduced it would\nreturn 0. However, in hv_machine_shutdown(), the cpuhp_remove_state() call\nis conditioned upon \"hyperv_init_cpuhp \u003e 0\". This will never be true and\nso hv_cpu_die() won\u0027t be called on all CPUs. This means the VP assist page\nwon\u0027t be reset. When the kexec kernel tries to setup the VP assist page\nagain, the hypervisor corrupts the memory region of the old VP assist page\ncausing a panic in case the kexec kernel is using that memory elsewhere.\nThis was originally fixed in commit dfe94d4086e4 (\"x86/hyperv: Fix kexec\npanic/hang issues\").\n\nGet rid of hyperv_init_cpuhp entirely since we are no longer using a\ndynamic cpuhp state and use CPUHP_AP_HYPERV_ONLINE directly with\ncpuhp_remove_state().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46864",
"url": "https://www.suse.com/security/cve/CVE-2024-46864"
},
{
"category": "external",
"summary": "SUSE Bug 1231108 for CVE-2024-46864",
"url": "https://bugzilla.suse.com/1231108"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46864"
},
{
"cve": "CVE-2024-46870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46870"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Disable DMCUB timeout for DCN35\n\n[Why]\nDMCUB can intermittently take longer than expected to process commands.\n\nOld ASIC policy was to continue while logging a diagnostic error - which\nworks fine for ASIC without IPS, but with IPS this could lead to a race\ncondition where we attempt to access DCN state while it\u0027s inaccessible,\nleading to a system hang when the NIU port is not disabled or register\naccesses that timeout and the display configuration in an undefined\nstate.\n\n[How]\nWe need to investigate why these accesses take longer than expected, but\nfor now we should disable the timeout on DCN35 to avoid this race\ncondition. Since the waits happen only at lower interrupt levels the\nrisk of taking too long at higher IRQ and causing a system watchdog\ntimeout are minimal.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46870",
"url": "https://www.suse.com/security/cve/CVE-2024-46870"
},
{
"category": "external",
"summary": "SUSE Bug 1231435 for CVE-2024-46870",
"url": "https://bugzilla.suse.com/1231435"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46870"
},
{
"cve": "CVE-2024-46871",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46871"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX\n\n[Why \u0026 How]\nIt actually exposes \u00276\u0027 types in enum dmub_notification_type. Not 5. Using smaller\nnumber to create array dmub_callback \u0026 dmub_thread_offload has potential to access\nitem out of array bound. Fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46871",
"url": "https://www.suse.com/security/cve/CVE-2024-46871"
},
{
"category": "external",
"summary": "SUSE Bug 1231434 for CVE-2024-46871",
"url": "https://bugzilla.suse.com/1231434"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46871"
},
{
"cve": "CVE-2024-47658",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47658"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: stm32/cryp - call finalize with bh disabled\n\nThe finalize operation in interrupt mode produce a produces a spinlock\nrecursion warning. The reason is the fact that BH must be disabled\nduring this process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47658",
"url": "https://www.suse.com/security/cve/CVE-2024-47658"
},
{
"category": "external",
"summary": "SUSE Bug 1231436 for CVE-2024-47658",
"url": "https://bugzilla.suse.com/1231436"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47658"
},
{
"cve": "CVE-2024-47660",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47660"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfsnotify: clear PARENT_WATCHED flags lazily\n\nIn some setups directories can have many (usually negative) dentries.\nHence __fsnotify_update_child_dentry_flags() function can take a\nsignificant amount of time. Since the bulk of this function happens\nunder inode-\u003ei_lock this causes a significant contention on the lock\nwhen we remove the watch from the directory as the\n__fsnotify_update_child_dentry_flags() call from fsnotify_recalc_mask()\nraces with __fsnotify_update_child_dentry_flags() calls from\n__fsnotify_parent() happening on children. This can lead upto softlockup\nreports reported by users.\n\nFix the problem by calling fsnotify_update_children_dentry_flags() to\nset PARENT_WATCHED flags only when parent starts watching children.\n\nWhen parent stops watching children, clear false positive PARENT_WATCHED\nflags lazily in __fsnotify_parent() for each accessed child.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47660",
"url": "https://www.suse.com/security/cve/CVE-2024-47660"
},
{
"category": "external",
"summary": "SUSE Bug 1231439 for CVE-2024-47660",
"url": "https://bugzilla.suse.com/1231439"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "low"
}
],
"title": "CVE-2024-47660"
},
{
"cve": "CVE-2024-47661",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47661"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid overflow from uint32_t to uint8_t\n\n[WHAT \u0026 HOW]\ndmub_rb_cmd\u0027s ramping_boundary has size of uint8_t and it is assigned\n0xFFFF. Fix it by changing it to uint8_t with value of 0xFF.\n\nThis fixes 2 INTEGER_OVERFLOW issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47661",
"url": "https://www.suse.com/security/cve/CVE-2024-47661"
},
{
"category": "external",
"summary": "SUSE Bug 1231496 for CVE-2024-47661",
"url": "https://bugzilla.suse.com/1231496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47661"
},
{
"cve": "CVE-2024-47662",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47662"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Remove register from DCN35 DMCUB diagnostic collection\n\n[Why]\nThese registers should not be read from driver and triggering the\nsecurity violation when DMCUB work times out and diagnostics are\ncollected blocks Z8 entry.\n\n[How]\nRemove the register read from DCN35.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47662",
"url": "https://www.suse.com/security/cve/CVE-2024-47662"
},
{
"category": "external",
"summary": "SUSE Bug 1231440 for CVE-2024-47662",
"url": "https://bugzilla.suse.com/1231440"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47662"
},
{
"cve": "CVE-2024-47663",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47663"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: iio: frequency: ad9834: Validate frequency parameter value\n\nIn ad9834_write_frequency() clk_get_rate() can return 0. In such case\nad9834_calc_freqreg() call will lead to division by zero. Checking\n\u0027if (fout \u003e (clk_freq / 2))\u0027 doesn\u0027t protect in case of \u0027fout\u0027 is 0.\nad9834_write_frequency() is called from ad9834_write(), where fout is\ntaken from text buffer, which can contain any value.\n\nModify parameters checking.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47663",
"url": "https://www.suse.com/security/cve/CVE-2024-47663"
},
{
"category": "external",
"summary": "SUSE Bug 1231441 for CVE-2024-47663",
"url": "https://bugzilla.suse.com/1231441"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47663"
},
{
"cve": "CVE-2024-47664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47664"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware\n\nIf the value of max_speed_hz is 0, it may cause a division by zero\nerror in hisi_calc_effective_speed().\nThe value of max_speed_hz is provided by firmware.\nFirmware is generally considered as a trusted domain. However, as\ndivision by zero errors can cause system failure, for defense measure,\nthe value of max_speed is validated here. So 0 is regarded as invalid\nand an error code is returned.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47664",
"url": "https://www.suse.com/security/cve/CVE-2024-47664"
},
{
"category": "external",
"summary": "SUSE Bug 1231442 for CVE-2024-47664",
"url": "https://bugzilla.suse.com/1231442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47664"
},
{
"cve": "CVE-2024-47665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47665"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup\n\nDefinitely condition dma_get_cache_alignment * defined value \u003e 256\nduring driver initialization is not reason to BUG_ON(). Turn that to\ngraceful error out with -EINVAL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47665",
"url": "https://www.suse.com/security/cve/CVE-2024-47665"
},
{
"category": "external",
"summary": "SUSE Bug 1231452 for CVE-2024-47665",
"url": "https://bugzilla.suse.com/1231452"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47665"
},
{
"cve": "CVE-2024-47666",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47666"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm80xx: Set phy-\u003eenable_completion only when we wait for it\n\npm8001_phy_control() populates the enable_completion pointer with a stack\naddress, sends a PHY_LINK_RESET / PHY_HARD_RESET, waits 300 ms, and\nreturns. The problem arises when a phy control response comes late. After\n300 ms the pm8001_phy_control() function returns and the passed\nenable_completion stack address is no longer valid. Late phy control\nresponse invokes complete() on a dangling enable_completion pointer which\nleads to a kernel crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47666",
"url": "https://www.suse.com/security/cve/CVE-2024-47666"
},
{
"category": "external",
"summary": "SUSE Bug 1231453 for CVE-2024-47666",
"url": "https://bugzilla.suse.com/1231453"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47666"
},
{
"cve": "CVE-2024-47667",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47667"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)\n\nErrata #i2037 in AM65x/DRA80xM Processors Silicon Revision 1.0\n(SPRZ452D_July 2018_Revised December 2019 [1]) mentions when an\ninbound PCIe TLP spans more than two internal AXI 128-byte bursts,\nthe bus may corrupt the packet payload and the corrupt data may\ncause associated applications or the processor to hang.\n\nThe workaround for Errata #i2037 is to limit the maximum read\nrequest size and maximum payload size to 128 bytes. Add workaround\nfor Errata #i2037 here.\n\nThe errata and workaround is applicable only to AM65x SR 1.0 and\nlater versions of the silicon will have this fixed.\n\n[1] -\u003e https://www.ti.com/lit/er/sprz452i/sprz452i.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47667",
"url": "https://www.suse.com/security/cve/CVE-2024-47667"
},
{
"category": "external",
"summary": "SUSE Bug 1231481 for CVE-2024-47667",
"url": "https://bugzilla.suse.com/1231481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47667"
},
{
"cve": "CVE-2024-47668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()\n\nIf we need to increase the tree depth, allocate a new node, and then\nrace with another thread that increased the tree depth before us, we\u0027ll\nstill have a preallocated node that might be used later.\n\nIf we then use that node for a new non-root node, it\u0027ll still have a\npointer to the old root instead of being zeroed - fix this by zeroing it\nin the cmpxchg failure path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47668",
"url": "https://www.suse.com/security/cve/CVE-2024-47668"
},
{
"category": "external",
"summary": "SUSE Bug 1231502 for CVE-2024-47668",
"url": "https://bugzilla.suse.com/1231502"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47668"
},
{
"cve": "CVE-2024-47669",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47669"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix state management in error path of log writing function\n\nAfter commit a694291a6211 (\"nilfs2: separate wait function from\nnilfs_segctor_write\") was applied, the log writing function\nnilfs_segctor_do_construct() was able to issue I/O requests continuously\neven if user data blocks were split into multiple logs across segments,\nbut two potential flaws were introduced in its error handling.\n\nFirst, if nilfs_segctor_begin_construction() fails while creating the\nsecond or subsequent logs, the log writing function returns without\ncalling nilfs_segctor_abort_construction(), so the writeback flag set on\npages/folios will remain uncleared. This causes page cache operations to\nhang waiting for the writeback flag. For example,\ntruncate_inode_pages_final(), which is called via nilfs_evict_inode() when\nan inode is evicted from memory, will hang.\n\nSecond, the NILFS_I_COLLECTED flag set on normal inodes remain uncleared. \nAs a result, if the next log write involves checkpoint creation, that\u0027s\nfine, but if a partial log write is performed that does not, inodes with\nNILFS_I_COLLECTED set are erroneously removed from the \"sc_dirty_files\"\nlist, and their data and b-tree blocks may not be written to the device,\ncorrupting the block mapping.\n\nFix these issues by uniformly calling nilfs_segctor_abort_construction()\non failure of each step in the loop in nilfs_segctor_do_construct(),\nhaving it clean up logs and segment usages according to progress, and\ncorrecting the conditions for calling nilfs_redirty_inodes() to ensure\nthat the NILFS_I_COLLECTED flag is cleared.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47669",
"url": "https://www.suse.com/security/cve/CVE-2024-47669"
},
{
"category": "external",
"summary": "SUSE Bug 1231474 for CVE-2024-47669",
"url": "https://bugzilla.suse.com/1231474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47669"
},
{
"cve": "CVE-2024-47670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47670"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: add bounds checking to ocfs2_xattr_find_entry()\n\nAdd a paranoia check to make sure it doesn\u0027t stray beyond valid memory\nregion containing ocfs2 xattr entries when scanning for a match. It will\nprevent out-of-bound access in case of crafted images.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47670",
"url": "https://www.suse.com/security/cve/CVE-2024-47670"
},
{
"category": "external",
"summary": "SUSE Bug 1231537 for CVE-2024-47670",
"url": "https://bugzilla.suse.com/1231537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47670"
},
{
"cve": "CVE-2024-47671",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47671"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: usbtmc: prevent kernel-usb-infoleak\n\nThe syzbot reported a kernel-usb-infoleak in usbtmc_write,\nwe need to clear the structure before filling fields.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47671",
"url": "https://www.suse.com/security/cve/CVE-2024-47671"
},
{
"category": "external",
"summary": "SUSE Bug 1231541 for CVE-2024-47671",
"url": "https://bugzilla.suse.com/1231541"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47671"
},
{
"cve": "CVE-2024-47672",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47672"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don\u0027t wait for tx queues if firmware is dead\n\nThere is a WARNING in iwl_trans_wait_tx_queues_empty() (that was\nrecently converted from just a message), that can be hit if we\nwait for TX queues to become empty after firmware died. Clearly,\nwe can\u0027t expect anything from the firmware after it\u0027s declared dead.\n\nDon\u0027t call iwl_trans_wait_tx_queues_empty() in this case. While it could\nbe a good idea to stop the flow earlier, the flush functions do some\nmaintenance work that is not related to the firmware, so keep that part\nof the code running even when the firmware is not running.\n\n[edit commit message]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47672",
"url": "https://www.suse.com/security/cve/CVE-2024-47672"
},
{
"category": "external",
"summary": "SUSE Bug 1231540 for CVE-2024-47672",
"url": "https://bugzilla.suse.com/1231540"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47672"
},
{
"cve": "CVE-2024-47673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47673"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: pause TCM when the firmware is stopped\n\nNot doing so will make us send a host command to the transport while the\nfirmware is not alive, which will trigger a WARNING.\n\nbad state = 0\nWARNING: CPU: 2 PID: 17434 at drivers/net/wireless/intel/iwlwifi/iwl-trans.c:115 iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi]\nRIP: 0010:iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi]\nCall Trace:\n \u003cTASK\u003e\n iwl_mvm_send_cmd+0x40/0xc0 [iwlmvm]\n iwl_mvm_config_scan+0x198/0x260 [iwlmvm]\n iwl_mvm_recalc_tcm+0x730/0x11d0 [iwlmvm]\n iwl_mvm_tcm_work+0x1d/0x30 [iwlmvm]\n process_one_work+0x29e/0x640\n worker_thread+0x2df/0x690\n ? rescuer_thread+0x540/0x540\n kthread+0x192/0x1e0\n ? set_kthread_struct+0x90/0x90\n ret_from_fork+0x22/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47673",
"url": "https://www.suse.com/security/cve/CVE-2024-47673"
},
{
"category": "external",
"summary": "SUSE Bug 1231539 for CVE-2024-47673",
"url": "https://bugzilla.suse.com/1231539"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47673"
},
{
"cve": "CVE-2024-47674",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47674"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: avoid leaving partial pfn mappings around in error case\n\nAs Jann points out, PFN mappings are special, because unlike normal\nmemory mappings, there is no lifetime information associated with the\nmapping - it is just a raw mapping of PFNs with no reference counting of\na \u0027struct page\u0027.\n\nThat\u0027s all very much intentional, but it does mean that it\u0027s easy to\nmess up the cleanup in case of errors. Yes, a failed mmap() will always\neventually clean up any partial mappings, but without any explicit\nlifetime in the page table mapping itself, it\u0027s very easy to do the\nerror handling in the wrong order.\n\nIn particular, it\u0027s easy to mistakenly free the physical backing store\nbefore the page tables are actually cleaned up and (temporarily) have\nstale dangling PTE entries.\n\nTo make this situation less error-prone, just make sure that any partial\npfn mapping is torn down early, before any other error handling.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47674",
"url": "https://www.suse.com/security/cve/CVE-2024-47674"
},
{
"category": "external",
"summary": "SUSE Bug 1231673 for CVE-2024-47674",
"url": "https://bugzilla.suse.com/1231673"
},
{
"category": "external",
"summary": "SUSE Bug 1231676 for CVE-2024-47674",
"url": "https://bugzilla.suse.com/1231676"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-47674"
},
{
"cve": "CVE-2024-47675",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47675"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix use-after-free in bpf_uprobe_multi_link_attach()\n\nIf bpf_link_prime() fails, bpf_uprobe_multi_link_attach() goes to the\nerror_free label and frees the array of bpf_uprobe\u0027s without calling\nbpf_uprobe_unregister().\n\nThis leaks bpf_uprobe-\u003euprobe and worse, this frees bpf_uprobe-\u003econsumer\nwithout removing it from the uprobe-\u003econsumers list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47675",
"url": "https://www.suse.com/security/cve/CVE-2024-47675"
},
{
"category": "external",
"summary": "SUSE Bug 1231926 for CVE-2024-47675",
"url": "https://bugzilla.suse.com/1231926"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47675"
},
{
"cve": "CVE-2024-47679",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47679"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfs: fix race between evice_inodes() and find_inode()\u0026iput()\n\nHi, all\n\nRecently I noticed a bug[1] in btrfs, after digged it into\nand I believe it\u0027a race in vfs.\n\nLet\u0027s assume there\u0027s a inode (ie ino 261) with i_count 1 is\ncalled by iput(), and there\u0027s a concurrent thread calling\ngeneric_shutdown_super().\n\ncpu0: cpu1:\niput() // i_count is 1\n -\u003espin_lock(inode)\n -\u003edec i_count to 0\n -\u003eiput_final() generic_shutdown_super()\n -\u003e__inode_add_lru() -\u003eevict_inodes()\n // cause some reason[2] -\u003eif (atomic_read(inode-\u003ei_count)) continue;\n // return before // inode 261 passed the above check\n // list_lru_add_obj() // and then schedule out\n -\u003espin_unlock()\n// note here: the inode 261\n// was still at sb list and hash list,\n// and I_FREEING|I_WILL_FREE was not been set\n\nbtrfs_iget()\n // after some function calls\n -\u003efind_inode()\n // found the above inode 261\n -\u003espin_lock(inode)\n // check I_FREEING|I_WILL_FREE\n // and passed\n -\u003e__iget()\n -\u003espin_unlock(inode) // schedule back\n -\u003espin_lock(inode)\n // check (I_NEW|I_FREEING|I_WILL_FREE) flags,\n // passed and set I_FREEING\niput() -\u003espin_unlock(inode)\n -\u003espin_lock(inode)\t\t\t -\u003eevict()\n // dec i_count to 0\n -\u003eiput_final()\n -\u003espin_unlock()\n -\u003eevict()\n\nNow, we have two threads simultaneously evicting\nthe same inode, which may trigger the BUG(inode-\u003ei_state \u0026 I_CLEAR)\nstatement both within clear_inode() and iput().\n\nTo fix the bug, recheck the inode-\u003ei_count after holding i_lock.\nBecause in the most scenarios, the first check is valid, and\nthe overhead of spin_lock() can be reduced.\n\nIf there is any misunderstanding, please let me know, thanks.\n\n[1]: https://lore.kernel.org/linux-btrfs/000000000000eabe1d0619c48986@google.com/\n[2]: The reason might be 1. SB_ACTIVE was removed or 2. mapping_shrinkable()\nreturn false when I reproduced the bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47679",
"url": "https://www.suse.com/security/cve/CVE-2024-47679"
},
{
"category": "external",
"summary": "SUSE Bug 1231930 for CVE-2024-47679",
"url": "https://bugzilla.suse.com/1231930"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47679"
},
{
"cve": "CVE-2024-47681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47681"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7996: fix NULL pointer dereference in mt7996_mcu_sta_bfer_he\n\nFix the NULL pointer dereference in mt7996_mcu_sta_bfer_he\nroutine adding an sta interface to the mt7996 driver.\n\nFound by code review.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47681",
"url": "https://www.suse.com/security/cve/CVE-2024-47681"
},
{
"category": "external",
"summary": "SUSE Bug 1231855 for CVE-2024-47681",
"url": "https://bugzilla.suse.com/1231855"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47681"
},
{
"cve": "CVE-2024-47682",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47682"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: sd: Fix off-by-one error in sd_read_block_characteristics()\n\nFf the device returns page 0xb1 with length 8 (happens with qemu v2.x, for\nexample), sd_read_block_characteristics() may attempt an out-of-bounds\nmemory access when accessing the zoned field at offset 8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47682",
"url": "https://www.suse.com/security/cve/CVE-2024-47682"
},
{
"category": "external",
"summary": "SUSE Bug 1231856 for CVE-2024-47682",
"url": "https://bugzilla.suse.com/1231856"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47682"
},
{
"cve": "CVE-2024-47684",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47684"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: check skb is non-NULL in tcp_rto_delta_us()\n\nWe have some machines running stock Ubuntu 20.04.6 which is their 5.4.0-174-generic\nkernel that are running ceph and recently hit a null ptr dereference in\ntcp_rearm_rto(). Initially hitting it from the TLP path, but then later we also\nsaw it getting hit from the RACK case as well. Here are examples of the oops\nmessages we saw in each of those cases:\n\nJul 26 15:05:02 rx [11061395.780353] BUG: kernel NULL pointer dereference, address: 0000000000000020\nJul 26 15:05:02 rx [11061395.787572] #PF: supervisor read access in kernel mode\nJul 26 15:05:02 rx [11061395.792971] #PF: error_code(0x0000) - not-present page\nJul 26 15:05:02 rx [11061395.798362] PGD 0 P4D 0\nJul 26 15:05:02 rx [11061395.801164] Oops: 0000 [#1] SMP NOPTI\nJul 26 15:05:02 rx [11061395.805091] CPU: 0 PID: 9180 Comm: msgr-worker-1 Tainted: G W 5.4.0-174-generic #193-Ubuntu\nJul 26 15:05:02 rx [11061395.814996] Hardware name: Supermicro SMC 2x26 os-gen8 64C NVME-Y 256G/H12SSW-NTR, BIOS 2.5.V1.2U.NVMe.UEFI 05/09/2023\nJul 26 15:05:02 rx [11061395.825952] RIP: 0010:tcp_rearm_rto+0xe4/0x160\nJul 26 15:05:02 rx [11061395.830656] Code: 87 ca 04 00 00 00 5b 41 5c 41 5d 5d c3 c3 49 8b bc 24 40 06 00 00 eb 8d 48 bb cf f7 53 e3 a5 9b c4 20 4c 89 ef e8 0c fe 0e 00 \u003c48\u003e 8b 78 20 48 c1 ef 03 48 89 f8 41 8b bc 24 80 04 00 00 48 f7 e3\nJul 26 15:05:02 rx [11061395.849665] RSP: 0018:ffffb75d40003e08 EFLAGS: 00010246\nJul 26 15:05:02 rx [11061395.855149] RAX: 0000000000000000 RBX: 20c49ba5e353f7cf RCX: 0000000000000000\nJul 26 15:05:02 rx [11061395.862542] RDX: 0000000062177c30 RSI: 000000000000231c RDI: ffff9874ad283a60\nJul 26 15:05:02 rx [11061395.869933] RBP: ffffb75d40003e20 R08: 0000000000000000 R09: ffff987605e20aa8\nJul 26 15:05:02 rx [11061395.877318] R10: ffffb75d40003f00 R11: ffffb75d4460f740 R12: ffff9874ad283900\nJul 26 15:05:02 rx [11061395.884710] R13: ffff9874ad283a60 R14: ffff9874ad283980 R15: ffff9874ad283d30\nJul 26 15:05:02 rx [11061395.892095] FS: 00007f1ef4a2e700(0000) GS:ffff987605e00000(0000) knlGS:0000000000000000\nJul 26 15:05:02 rx [11061395.900438] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nJul 26 15:05:02 rx [11061395.906435] CR2: 0000000000000020 CR3: 0000003e450ba003 CR4: 0000000000760ef0\nJul 26 15:05:02 rx [11061395.913822] PKRU: 55555554\nJul 26 15:05:02 rx [11061395.916786] Call Trace:\nJul 26 15:05:02 rx [11061395.919488]\nJul 26 15:05:02 rx [11061395.921765] ? show_regs.cold+0x1a/0x1f\nJul 26 15:05:02 rx [11061395.925859] ? __die+0x90/0xd9\nJul 26 15:05:02 rx [11061395.929169] ? no_context+0x196/0x380\nJul 26 15:05:02 rx [11061395.933088] ? ip6_protocol_deliver_rcu+0x4e0/0x4e0\nJul 26 15:05:02 rx [11061395.938216] ? ip6_sublist_rcv_finish+0x3d/0x50\nJul 26 15:05:02 rx [11061395.943000] ? __bad_area_nosemaphore+0x50/0x1a0\nJul 26 15:05:02 rx [11061395.947873] ? bad_area_nosemaphore+0x16/0x20\nJul 26 15:05:02 rx [11061395.952486] ? do_user_addr_fault+0x267/0x450\nJul 26 15:05:02 rx [11061395.957104] ? ipv6_list_rcv+0x112/0x140\nJul 26 15:05:02 rx [11061395.961279] ? __do_page_fault+0x58/0x90\nJul 26 15:05:02 rx [11061395.965458] ? do_page_fault+0x2c/0xe0\nJul 26 15:05:02 rx [11061395.969465] ? page_fault+0x34/0x40\nJul 26 15:05:02 rx [11061395.973217] ? tcp_rearm_rto+0xe4/0x160\nJul 26 15:05:02 rx [11061395.977313] ? tcp_rearm_rto+0xe4/0x160\nJul 26 15:05:02 rx [11061395.981408] tcp_send_loss_probe+0x10b/0x220\nJul 26 15:05:02 rx [11061395.985937] tcp_write_timer_handler+0x1b4/0x240\nJul 26 15:05:02 rx [11061395.990809] tcp_write_timer+0x9e/0xe0\nJul 26 15:05:02 rx [11061395.994814] ? tcp_write_timer_handler+0x240/0x240\nJul 26 15:05:02 rx [11061395.999866] call_timer_fn+0x32/0x130\nJul 26 15:05:02 rx [11061396.003782] __run_timers.part.0+0x180/0x280\nJul 26 15:05:02 rx [11061396.008309] ? recalibrate_cpu_khz+0x10/0x10\nJul 26 15:05:02 rx [11061396.012841] ? native_x2apic_icr_write+0x30/0x30\nJul 26 15:05:02 rx [11061396.017718] ? lapic_next_even\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47684",
"url": "https://www.suse.com/security/cve/CVE-2024-47684"
},
{
"category": "external",
"summary": "SUSE Bug 1231987 for CVE-2024-47684",
"url": "https://bugzilla.suse.com/1231987"
},
{
"category": "external",
"summary": "SUSE Bug 1231993 for CVE-2024-47684",
"url": "https://bugzilla.suse.com/1231993"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-47684"
},
{
"cve": "CVE-2024-47685",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47685"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()\n\nsyzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending\ngarbage on the four reserved tcp bits (th-\u003eres1)\n\nUse skb_put_zero() to clear the whole TCP header,\nas done in nf_reject_ip_tcphdr_put()\n\nBUG: KMSAN: uninit-value in nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255\n nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255\n nf_send_reset6+0xd84/0x15b0 net/ipv6/netfilter/nf_reject_ipv6.c:344\n nft_reject_inet_eval+0x3c1/0x880 net/netfilter/nft_reject_inet.c:48\n expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]\n nft_do_chain+0x438/0x22a0 net/netfilter/nf_tables_core.c:288\n nft_do_chain_inet+0x41a/0x4f0 net/netfilter/nft_chain_filter.c:161\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\n nf_hook include/linux/netfilter.h:269 [inline]\n NF_HOOK include/linux/netfilter.h:312 [inline]\n ipv6_rcv+0x29b/0x390 net/ipv6/ip6_input.c:310\n __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\n __netif_receive_skb+0x1da/0xa00 net/core/dev.c:5775\n process_backlog+0x4ad/0xa50 net/core/dev.c:6108\n __napi_poll+0xe7/0x980 net/core/dev.c:6772\n napi_poll net/core/dev.c:6841 [inline]\n net_rx_action+0xa5a/0x19b0 net/core/dev.c:6963\n handle_softirqs+0x1ce/0x800 kernel/softirq.c:554\n __do_softirq+0x14/0x1a kernel/softirq.c:588\n do_softirq+0x9a/0x100 kernel/softirq.c:455\n __local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:382\n local_bh_enable include/linux/bottom_half.h:33 [inline]\n rcu_read_unlock_bh include/linux/rcupdate.h:908 [inline]\n __dev_queue_xmit+0x2692/0x5610 net/core/dev.c:4450\n dev_queue_xmit include/linux/netdevice.h:3105 [inline]\n neigh_resolve_output+0x9ca/0xae0 net/core/neighbour.c:1565\n neigh_output include/net/neighbour.h:542 [inline]\n ip6_finish_output2+0x2347/0x2ba0 net/ipv6/ip6_output.c:141\n __ip6_finish_output net/ipv6/ip6_output.c:215 [inline]\n ip6_finish_output+0xbb8/0x14b0 net/ipv6/ip6_output.c:226\n NF_HOOK_COND include/linux/netfilter.h:303 [inline]\n ip6_output+0x356/0x620 net/ipv6/ip6_output.c:247\n dst_output include/net/dst.h:450 [inline]\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ip6_xmit+0x1ba6/0x25d0 net/ipv6/ip6_output.c:366\n inet6_csk_xmit+0x442/0x530 net/ipv6/inet6_connection_sock.c:135\n __tcp_transmit_skb+0x3b07/0x4880 net/ipv4/tcp_output.c:1466\n tcp_transmit_skb net/ipv4/tcp_output.c:1484 [inline]\n tcp_connect+0x35b6/0x7130 net/ipv4/tcp_output.c:4143\n tcp_v6_connect+0x1bcc/0x1e40 net/ipv6/tcp_ipv6.c:333\n __inet_stream_connect+0x2ef/0x1730 net/ipv4/af_inet.c:679\n inet_stream_connect+0x6a/0xd0 net/ipv4/af_inet.c:750\n __sys_connect_file net/socket.c:2061 [inline]\n __sys_connect+0x606/0x690 net/socket.c:2078\n __do_sys_connect net/socket.c:2088 [inline]\n __se_sys_connect net/socket.c:2085 [inline]\n __x64_sys_connect+0x91/0xe0 net/socket.c:2085\n x64_sys_call+0x27a5/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:43\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was stored to memory at:\n nf_reject_ip6_tcphdr_put+0x60c/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:249\n nf_send_reset6+0xd84/0x15b0 net/ipv6/netfilter/nf_reject_ipv6.c:344\n nft_reject_inet_eval+0x3c1/0x880 net/netfilter/nft_reject_inet.c:48\n expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]\n nft_do_chain+0x438/0x22a0 net/netfilter/nf_tables_core.c:288\n nft_do_chain_inet+0x41a/0x4f0 net/netfilter/nft_chain_filter.c:161\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\n nf_hook include/linux/netfilter.h:269 [inline]\n NF_HOOK include/linux/netfilter.h:312 [inline]\n ipv6_rcv+0x29b/0x390 net/ipv6/ip6_input.c:310\n __netif_receive_skb_one_core\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47685",
"url": "https://www.suse.com/security/cve/CVE-2024-47685"
},
{
"category": "external",
"summary": "SUSE Bug 1231998 for CVE-2024-47685",
"url": "https://bugzilla.suse.com/1231998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47685"
},
{
"cve": "CVE-2024-47686",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47686"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nep93xx: clock: Fix off by one in ep93xx_div_recalc_rate()\n\nThe psc-\u003ediv[] array has psc-\u003enum_div elements. These values come from\nwhen we call clk_hw_register_div(). It\u0027s adc_divisors and\nARRAY_SIZE(adc_divisors)) and so on. So this condition needs to be \u003e=\ninstead of \u003e to prevent an out of bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47686",
"url": "https://www.suse.com/security/cve/CVE-2024-47686"
},
{
"category": "external",
"summary": "SUSE Bug 1232000 for CVE-2024-47686",
"url": "https://bugzilla.suse.com/1232000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "low"
}
],
"title": "CVE-2024-47686"
},
{
"cve": "CVE-2024-47687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47687"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa/mlx5: Fix invalid mr resource destroy\n\nCertain error paths from mlx5_vdpa_dev_add() can end up releasing mr\nresources which never got initialized in the first place.\n\nThis patch adds the missing check in mlx5_vdpa_destroy_mr_resources()\nto block releasing non-initialized mr resources.\n\nReference trace:\n\n mlx5_core 0000:08:00.2: mlx5_vdpa_dev_add:3274:(pid 2700) warning: No mac address provisioned?\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 140216067 P4D 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 8 PID: 2700 Comm: vdpa Kdump: loaded Not tainted 5.14.0-496.el9.x86_64 #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n RIP: 0010:vhost_iotlb_del_range+0xf/0xe0 [vhost_iotlb]\n Code: [...]\n RSP: 0018:ff1c823ac23077f0 EFLAGS: 00010246\n RAX: ffffffffc1a21a60 RBX: ffffffff899567a0 RCX: 0000000000000000\n RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ff1bda1f7c21e800 R08: 0000000000000000 R09: ff1c823ac2307670\n R10: ff1c823ac2307668 R11: ffffffff8a9e7b68 R12: 0000000000000000\n R13: 0000000000000000 R14: ff1bda1f43e341a0 R15: 00000000ffffffea\n FS: 00007f56eba7c740(0000) GS:ff1bda269f800000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 0000000104d90001 CR4: 0000000000771ef0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n\n ? show_trace_log_lvl+0x1c4/0x2df\n ? show_trace_log_lvl+0x1c4/0x2df\n ? mlx5_vdpa_free+0x3d/0x150 [mlx5_vdpa]\n ? __die_body.cold+0x8/0xd\n ? page_fault_oops+0x134/0x170\n ? __irq_work_queue_local+0x2b/0xc0\n ? irq_work_queue+0x2c/0x50\n ? exc_page_fault+0x62/0x150\n ? asm_exc_page_fault+0x22/0x30\n ? __pfx_mlx5_vdpa_free+0x10/0x10 [mlx5_vdpa]\n ? vhost_iotlb_del_range+0xf/0xe0 [vhost_iotlb]\n mlx5_vdpa_free+0x3d/0x150 [mlx5_vdpa]\n vdpa_release_dev+0x1e/0x50 [vdpa]\n device_release+0x31/0x90\n kobject_cleanup+0x37/0x130\n mlx5_vdpa_dev_add+0x2d2/0x7a0 [mlx5_vdpa]\n vdpa_nl_cmd_dev_add_set_doit+0x277/0x4c0 [vdpa]\n genl_family_rcv_msg_doit+0xd9/0x130\n genl_family_rcv_msg+0x14d/0x220\n ? __pfx_vdpa_nl_cmd_dev_add_set_doit+0x10/0x10 [vdpa]\n ? _copy_to_user+0x1a/0x30\n ? move_addr_to_user+0x4b/0xe0\n genl_rcv_msg+0x47/0xa0\n ? __import_iovec+0x46/0x150\n ? __pfx_genl_rcv_msg+0x10/0x10\n netlink_rcv_skb+0x54/0x100\n genl_rcv+0x24/0x40\n netlink_unicast+0x245/0x370\n netlink_sendmsg+0x206/0x440\n __sys_sendto+0x1dc/0x1f0\n ? do_read_fault+0x10c/0x1d0\n ? do_pte_missing+0x10d/0x190\n __x64_sys_sendto+0x20/0x30\n do_syscall_64+0x5c/0xf0\n ? __count_memcg_events+0x4f/0xb0\n ? mm_account_fault+0x6c/0x100\n ? handle_mm_fault+0x116/0x270\n ? do_user_addr_fault+0x1d6/0x6a0\n ? do_syscall_64+0x6b/0xf0\n ? clear_bhb_loop+0x25/0x80\n ? clear_bhb_loop+0x25/0x80\n ? clear_bhb_loop+0x25/0x80\n ? clear_bhb_loop+0x25/0x80\n ? clear_bhb_loop+0x25/0x80\n entry_SYSCALL_64_after_hwframe+0x78/0x80",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47687",
"url": "https://www.suse.com/security/cve/CVE-2024-47687"
},
{
"category": "external",
"summary": "SUSE Bug 1232003 for CVE-2024-47687",
"url": "https://bugzilla.suse.com/1232003"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47687"
},
{
"cve": "CVE-2024-47688",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47688"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: Fix a potential null-ptr-deref in module_add_driver()\n\nInject fault while probing of-fpga-region, if kasprintf() fails in\nmodule_add_driver(), the second sysfs_remove_link() in exit path will cause\nnull-ptr-deref as below because kernfs_name_hash() will call strlen() with\nNULL driver_name.\n\nFix it by releasing resources based on the exit path sequence.\n\n\t KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\n\t Mem abort info:\n\t ESR = 0x0000000096000005\n\t EC = 0x25: DABT (current EL), IL = 32 bits\n\t SET = 0, FnV = 0\n\t EA = 0, S1PTW = 0\n\t FSC = 0x05: level 1 translation fault\n\t Data abort info:\n\t ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n\t CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n\t GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n\t [dfffffc000000000] address between user and kernel address ranges\n\t Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n\t Dumping ftrace buffer:\n\t (ftrace buffer empty)\n\t Modules linked in: of_fpga_region(+) fpga_region fpga_bridge cfg80211 rfkill 8021q garp mrp stp llc ipv6 [last unloaded: of_fpga_region]\n\t CPU: 2 UID: 0 PID: 2036 Comm: modprobe Not tainted 6.11.0-rc2-g6a0e38264012 #295\n\t Hardware name: linux,dummy-virt (DT)\n\t pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n\t pc : strlen+0x24/0xb0\n\t lr : kernfs_name_hash+0x1c/0xc4\n\t sp : ffffffc081f97380\n\t x29: ffffffc081f97380 x28: ffffffc081f97b90 x27: ffffff80c821c2a0\n\t x26: ffffffedac0be418 x25: 0000000000000000 x24: ffffff80c09d2000\n\t x23: 0000000000000000 x22: 0000000000000000 x21: 0000000000000000\n\t x20: 0000000000000000 x19: 0000000000000000 x18: 0000000000001840\n\t x17: 0000000000000000 x16: 0000000000000000 x15: 1ffffff8103f2e42\n\t x14: 00000000f1f1f1f1 x13: 0000000000000004 x12: ffffffb01812d61d\n\t x11: 1ffffff01812d61c x10: ffffffb01812d61c x9 : dfffffc000000000\n\t x8 : 0000004fe7ed29e4 x7 : ffffff80c096b0e7 x6 : 0000000000000001\n\t x5 : ffffff80c096b0e0 x4 : 1ffffffdb990efa2 x3 : 0000000000000000\n\t x2 : 0000000000000000 x1 : dfffffc000000000 x0 : 0000000000000000\n\t Call trace:\n\t strlen+0x24/0xb0\n\t kernfs_name_hash+0x1c/0xc4\n\t kernfs_find_ns+0x118/0x2e8\n\t kernfs_remove_by_name_ns+0x80/0x100\n\t sysfs_remove_link+0x74/0xa8\n\t module_add_driver+0x278/0x394\n\t bus_add_driver+0x1f0/0x43c\n\t driver_register+0xf4/0x3c0\n\t __platform_driver_register+0x60/0x88\n\t of_fpga_region_init+0x20/0x1000 [of_fpga_region]\n\t do_one_initcall+0x110/0x788\n\t do_init_module+0x1dc/0x5c8\n\t load_module+0x3c38/0x4cac\n\t init_module_from_file+0xd4/0x128\n\t idempotent_init_module+0x2cc/0x528\n\t __arm64_sys_finit_module+0xac/0x100\n\t invoke_syscall+0x6c/0x258\n\t el0_svc_common.constprop.0+0x160/0x22c\n\t do_el0_svc+0x44/0x5c\n\t el0_svc+0x48/0xb8\n\t el0t_64_sync_handler+0x13c/0x158\n\t el0t_64_sync+0x190/0x194\n\t Code: f2fbffe1 a90157f4 12000802 aa0003f5 (38e16861)\n\t ---[ end trace 0000000000000000 ]---\n\t Kernel panic - not syncing: Oops: Fatal exception",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47688",
"url": "https://www.suse.com/security/cve/CVE-2024-47688"
},
{
"category": "external",
"summary": "SUSE Bug 1232009 for CVE-2024-47688",
"url": "https://bugzilla.suse.com/1232009"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47688"
},
{
"cve": "CVE-2024-47692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47692"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: return -EINVAL when namelen is 0\n\nWhen we have a corrupted main.sqlite in /var/lib/nfs/nfsdcld/, it may\nresult in namelen being 0, which will cause memdup_user() to return\nZERO_SIZE_PTR.\nWhen we access the name.data that has been assigned the value of\nZERO_SIZE_PTR in nfs4_client_to_reclaim(), null pointer dereference is\ntriggered.\n\n[ T1205] ==================================================================\n[ T1205] BUG: KASAN: null-ptr-deref in nfs4_client_to_reclaim+0xe9/0x260\n[ T1205] Read of size 1 at addr 0000000000000010 by task nfsdcld/1205\n[ T1205]\n[ T1205] CPU: 11 PID: 1205 Comm: nfsdcld Not tainted 5.10.0-00003-g2c1423731b8d #406\n[ T1205] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20190727_073836-buildvm-ppc64le-16.ppc.fedoraproject.org-3.fc31 04/01/2014\n[ T1205] Call Trace:\n[ T1205] dump_stack+0x9a/0xd0\n[ T1205] ? nfs4_client_to_reclaim+0xe9/0x260\n[ T1205] __kasan_report.cold+0x34/0x84\n[ T1205] ? nfs4_client_to_reclaim+0xe9/0x260\n[ T1205] kasan_report+0x3a/0x50\n[ T1205] nfs4_client_to_reclaim+0xe9/0x260\n[ T1205] ? nfsd4_release_lockowner+0x410/0x410\n[ T1205] cld_pipe_downcall+0x5ca/0x760\n[ T1205] ? nfsd4_cld_tracking_exit+0x1d0/0x1d0\n[ T1205] ? down_write_killable_nested+0x170/0x170\n[ T1205] ? avc_policy_seqno+0x28/0x40\n[ T1205] ? selinux_file_permission+0x1b4/0x1e0\n[ T1205] rpc_pipe_write+0x84/0xb0\n[ T1205] vfs_write+0x143/0x520\n[ T1205] ksys_write+0xc9/0x170\n[ T1205] ? __ia32_sys_read+0x50/0x50\n[ T1205] ? ktime_get_coarse_real_ts64+0xfe/0x110\n[ T1205] ? ktime_get_coarse_real_ts64+0xa2/0x110\n[ T1205] do_syscall_64+0x33/0x40\n[ T1205] entry_SYSCALL_64_after_hwframe+0x67/0xd1\n[ T1205] RIP: 0033:0x7fdbdb761bc7\n[ T1205] Code: 0f 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 514\n[ T1205] RSP: 002b:00007fff8c4b7248 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ T1205] RAX: ffffffffffffffda RBX: 000000000000042b RCX: 00007fdbdb761bc7\n[ T1205] RDX: 000000000000042b RSI: 00007fff8c4b75f0 RDI: 0000000000000008\n[ T1205] RBP: 00007fdbdb761bb0 R08: 0000000000000000 R09: 0000000000000001\n[ T1205] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000042b\n[ T1205] R13: 0000000000000008 R14: 00007fff8c4b75f0 R15: 0000000000000000\n[ T1205] ==================================================================\n\nFix it by checking namelen.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47692",
"url": "https://www.suse.com/security/cve/CVE-2024-47692"
},
{
"category": "external",
"summary": "SUSE Bug 1231857 for CVE-2024-47692",
"url": "https://bugzilla.suse.com/1231857"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47692"
},
{
"cve": "CVE-2024-47693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47693"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/core: Fix ib_cache_setup_one error flow cleanup\n\nWhen ib_cache_update return an error, we exit ib_cache_setup_one\ninstantly with no proper cleanup, even though before this we had\nalready successfully done gid_table_setup_one, that results in\nthe kernel WARN below.\n\nDo proper cleanup using gid_table_cleanup_one before returning\nthe err in order to fix the issue.\n\nWARNING: CPU: 4 PID: 922 at drivers/infiniband/core/cache.c:806 gid_table_release_one+0x181/0x1a0\nModules linked in:\nCPU: 4 UID: 0 PID: 922 Comm: c_repro Not tainted 6.11.0-rc1+ #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:gid_table_release_one+0x181/0x1a0\nCode: 44 8b 38 75 0c e8 2f cb 34 ff 4d 8b b5 28 05 00 00 e8 23 cb 34 ff 44 89 f9 89 da 4c 89 f6 48 c7 c7 d0 58 14 83 e8 4f de 21 ff \u003c0f\u003e 0b 4c 8b 75 30 e9 54 ff ff ff 48 8 3 c4 10 5b 5d 41 5c 41 5d 41\nRSP: 0018:ffffc90002b835b0 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff811c8527\nRDX: 0000000000000000 RSI: ffffffff811c8534 RDI: 0000000000000001\nRBP: ffff8881011b3d00 R08: ffff88810b3abe00 R09: 205d303839303631\nR10: 666572207972746e R11: 72746e6520444947 R12: 0000000000000001\nR13: ffff888106390000 R14: ffff8881011f2110 R15: 0000000000000001\nFS: 00007fecc3b70800(0000) GS:ffff88813bd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020000340 CR3: 000000010435a001 CR4: 00000000003706b0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? show_regs+0x94/0xa0\n ? __warn+0x9e/0x1c0\n ? gid_table_release_one+0x181/0x1a0\n ? report_bug+0x1f9/0x340\n ? gid_table_release_one+0x181/0x1a0\n ? handle_bug+0xa2/0x110\n ? exc_invalid_op+0x31/0xa0\n ? asm_exc_invalid_op+0x16/0x20\n ? __warn_printk+0xc7/0x180\n ? __warn_printk+0xd4/0x180\n ? gid_table_release_one+0x181/0x1a0\n ib_device_release+0x71/0xe0\n ? __pfx_ib_device_release+0x10/0x10\n device_release+0x44/0xd0\n kobject_put+0x135/0x3d0\n put_device+0x20/0x30\n rxe_net_add+0x7d/0xa0\n rxe_newlink+0xd7/0x190\n nldev_newlink+0x1b0/0x2a0\n ? __pfx_nldev_newlink+0x10/0x10\n rdma_nl_rcv_msg+0x1ad/0x2e0\n rdma_nl_rcv_skb.constprop.0+0x176/0x210\n netlink_unicast+0x2de/0x400\n netlink_sendmsg+0x306/0x660\n __sock_sendmsg+0x110/0x120\n ____sys_sendmsg+0x30e/0x390\n ___sys_sendmsg+0x9b/0xf0\n ? kstrtouint+0x6e/0xa0\n ? kstrtouint_from_user+0x7c/0xb0\n ? get_pid_task+0xb0/0xd0\n ? proc_fail_nth_write+0x5b/0x140\n ? __fget_light+0x9a/0x200\n ? preempt_count_add+0x47/0xa0\n __sys_sendmsg+0x61/0xd0\n do_syscall_64+0x50/0x110\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47693",
"url": "https://www.suse.com/security/cve/CVE-2024-47693"
},
{
"category": "external",
"summary": "SUSE Bug 1232013 for CVE-2024-47693",
"url": "https://bugzilla.suse.com/1232013"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47693"
},
{
"cve": "CVE-2024-47695",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47695"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds\n\nIn the function init_conns(), after the create_con() and create_cm() for\nloop if something fails. In the cleanup for loop after the destroy tag, we\naccess out of bound memory because cid is set to clt_path-\u003es.con_num.\n\nThis commits resets the cid to clt_path-\u003es.con_num - 1, to stay in bounds\nin the cleanup loop later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47695",
"url": "https://www.suse.com/security/cve/CVE-2024-47695"
},
{
"category": "external",
"summary": "SUSE Bug 1231931 for CVE-2024-47695",
"url": "https://bugzilla.suse.com/1231931"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47695"
},
{
"cve": "CVE-2024-47696",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47696"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency\n\nIn the commit aee2424246f9 (\"RDMA/iwcm: Fix a use-after-free related to\ndestroying CM IDs\"), the function flush_workqueue is invoked to flush the\nwork queue iwcm_wq.\n\nBut at that time, the work queue iwcm_wq was created via the function\nalloc_ordered_workqueue without the flag WQ_MEM_RECLAIM.\n\nBecause the current process is trying to flush the whole iwcm_wq, if\niwcm_wq doesn\u0027t have the flag WQ_MEM_RECLAIM, verify that the current\nprocess is not reclaiming memory or running on a workqueue which doesn\u0027t\nhave the flag WQ_MEM_RECLAIM as that can break forward-progress guarantee\nleading to a deadlock.\n\nThe call trace is as below:\n\n[ 125.350876][ T1430] Call Trace:\n[ 125.356281][ T1430] \u003cTASK\u003e\n[ 125.361285][ T1430] ? __warn (kernel/panic.c:693)\n[ 125.367640][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))\n[ 125.375689][ T1430] ? report_bug (lib/bug.c:180 lib/bug.c:219)\n[ 125.382505][ T1430] ? handle_bug (arch/x86/kernel/traps.c:239)\n[ 125.388987][ T1430] ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminator 1))\n[ 125.395831][ T1430] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621)\n[ 125.403125][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))\n[ 125.410984][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))\n[ 125.418764][ T1430] __flush_workqueue (kernel/workqueue.c:3970)\n[ 125.426021][ T1430] ? __pfx___might_resched (kernel/sched/core.c:10151)\n[ 125.433431][ T1430] ? destroy_cm_id (drivers/infiniband/core/iwcm.c:375) iw_cm\n[ 125.441209][ T1430] ? __pfx___flush_workqueue (kernel/workqueue.c:3910)\n[ 125.473900][ T1430] ? _raw_spin_lock_irqsave (arch/x86/include/asm/atomic.h:107 include/linux/atomic/atomic-arch-fallback.h:2170 include/linux/atomic/atomic-instrumented.h:1302 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:187 include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)\n[ 125.473909][ T1430] ? __pfx__raw_spin_lock_irqsave (kernel/locking/spinlock.c:161)\n[ 125.482537][ T1430] _destroy_id (drivers/infiniband/core/cma.c:2044) rdma_cm\n[ 125.495072][ T1430] nvme_rdma_free_queue (drivers/nvme/host/rdma.c:656 drivers/nvme/host/rdma.c:650) nvme_rdma\n[ 125.505827][ T1430] nvme_rdma_reset_ctrl_work (drivers/nvme/host/rdma.c:2180) nvme_rdma\n[ 125.505831][ T1430] process_one_work (kernel/workqueue.c:3231)\n[ 125.515122][ T1430] worker_thread (kernel/workqueue.c:3306 kernel/workqueue.c:3393)\n[ 125.515127][ T1430] ? __pfx_worker_thread (kernel/workqueue.c:3339)\n[ 125.531837][ T1430] kthread (kernel/kthread.c:389)\n[ 125.539864][ T1430] ? __pfx_kthread (kernel/kthread.c:342)\n[ 125.550628][ T1430] ret_from_fork (arch/x86/kernel/process.c:147)\n[ 125.558840][ T1430] ? __pfx_kthread (kernel/kthread.c:342)\n[ 125.558844][ T1430] ret_from_fork_asm (arch/x86/entry/entry_64.S:257)\n[ 125.566487][ T1430] \u003c/TASK\u003e\n[ 125.566488][ T1430] ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47696",
"url": "https://www.suse.com/security/cve/CVE-2024-47696"
},
{
"category": "external",
"summary": "SUSE Bug 1231864 for CVE-2024-47696",
"url": "https://bugzilla.suse.com/1231864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47696"
},
{
"cve": "CVE-2024-47697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error\n\nEnsure index in rtl2830_pid_filter does not exceed 31 to prevent\nout-of-bounds access.\n\ndev-\u003efilters is a 32-bit value, so set_bit and clear_bit functions should\nonly operate on indices from 0 to 31. If index is 32, it will attempt to\naccess a non-existent 33rd bit, leading to out-of-bounds access.\nChange the boundary check from index \u003e 32 to index \u003e= 32 to resolve this\nissue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47697",
"url": "https://www.suse.com/security/cve/CVE-2024-47697"
},
{
"category": "external",
"summary": "SUSE Bug 1231858 for CVE-2024-47697",
"url": "https://bugzilla.suse.com/1231858"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47697"
},
{
"cve": "CVE-2024-47698",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47698"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error\n\nEnsure index in rtl2832_pid_filter does not exceed 31 to prevent\nout-of-bounds access.\n\ndev-\u003efilters is a 32-bit value, so set_bit and clear_bit functions should\nonly operate on indices from 0 to 31. If index is 32, it will attempt to\naccess a non-existent 33rd bit, leading to out-of-bounds access.\nChange the boundary check from index \u003e 32 to index \u003e= 32 to resolve this\nissue.\n\n[hverkuil: added fixes tag, rtl2830_pid_filter -\u003e rtl2832_pid_filter in logmsg]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47698",
"url": "https://www.suse.com/security/cve/CVE-2024-47698"
},
{
"category": "external",
"summary": "SUSE Bug 1231859 for CVE-2024-47698",
"url": "https://bugzilla.suse.com/1231859"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47698"
},
{
"cve": "CVE-2024-47699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47699"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential null-ptr-deref in nilfs_btree_insert()\n\nPatch series \"nilfs2: fix potential issues with empty b-tree nodes\".\n\nThis series addresses three potential issues with empty b-tree nodes that\ncan occur with corrupted filesystem images, including one recently\ndiscovered by syzbot.\n\n\nThis patch (of 3):\n\nIf a b-tree is broken on the device, and the b-tree height is greater than\n2 (the level of the root node is greater than 1) even if the number of\nchild nodes of the b-tree root is 0, a NULL pointer dereference occurs in\nnilfs_btree_prepare_insert(), which is called from nilfs_btree_insert().\n\nThis is because, when the number of child nodes of the b-tree root is 0,\nnilfs_btree_do_lookup() does not set the block buffer head in any of\npath[x].bp_bh, leaving it as the initial value of NULL, but if the level\nof the b-tree root node is greater than 1, nilfs_btree_get_nonroot_node(),\nwhich accesses the buffer memory of path[x].bp_bh, is called.\n\nFix this issue by adding a check to nilfs_btree_root_broken(), which\nperforms sanity checks when reading the root node from the device, to\ndetect this inconsistency.\n\nThanks to Lizhi Xu for trying to solve the bug and clarifying the cause\nearly on.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47699",
"url": "https://www.suse.com/security/cve/CVE-2024-47699"
},
{
"category": "external",
"summary": "SUSE Bug 1231916 for CVE-2024-47699",
"url": "https://bugzilla.suse.com/1231916"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47699"
},
{
"cve": "CVE-2024-47701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47701"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid OOB when system.data xattr changes underneath the filesystem\n\nWhen looking up for an entry in an inlined directory, if e_value_offs is\nchanged underneath the filesystem by some change in the block device, it\nwill lead to an out-of-bounds access that KASAN detects as an UAF.\n\nEXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.\nloop0: detected capacity change from 2048 to 2047\n==================================================================\nBUG: KASAN: use-after-free in ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\nRead of size 1 at addr ffff88803e91130f by task syz-executor269/5103\n\nCPU: 0 UID: 0 PID: 5103 Comm: syz-executor269 Not tainted 6.11.0-rc4-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\n ext4_find_inline_entry+0x4be/0x5e0 fs/ext4/inline.c:1697\n __ext4_find_entry+0x2b4/0x1b30 fs/ext4/namei.c:1573\n ext4_lookup_entry fs/ext4/namei.c:1727 [inline]\n ext4_lookup+0x15f/0x750 fs/ext4/namei.c:1795\n lookup_one_qstr_excl+0x11f/0x260 fs/namei.c:1633\n filename_create+0x297/0x540 fs/namei.c:3980\n do_symlinkat+0xf9/0x3a0 fs/namei.c:4587\n __do_sys_symlinkat fs/namei.c:4610 [inline]\n __se_sys_symlinkat fs/namei.c:4607 [inline]\n __x64_sys_symlinkat+0x95/0xb0 fs/namei.c:4607\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f3e73ced469\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fff4d40c258 EFLAGS: 00000246 ORIG_RAX: 000000000000010a\nRAX: ffffffffffffffda RBX: 0032656c69662f2e RCX: 00007f3e73ced469\nRDX: 0000000020000200 RSI: 00000000ffffff9c RDI: 00000000200001c0\nRBP: 0000000000000000 R08: 00007fff4d40c290 R09: 00007fff4d40c290\nR10: 0023706f6f6c2f76 R11: 0000000000000246 R12: 00007fff4d40c27c\nR13: 0000000000000003 R14: 431bde82d7b634db R15: 00007fff4d40c2b0\n \u003c/TASK\u003e\n\nCalling ext4_xattr_ibody_find right after reading the inode with\next4_get_inode_loc will lead to a check of the validity of the xattrs,\navoiding this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47701",
"url": "https://www.suse.com/security/cve/CVE-2024-47701"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-47701",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1231920 for CVE-2024-47701",
"url": "https://bugzilla.suse.com/1231920"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47701"
},
{
"cve": "CVE-2024-47702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fail verification for sign-extension of packet data/data_end/data_meta\n\nsyzbot reported a kernel crash due to\n commit 1f1e864b6555 (\"bpf: Handle sign-extenstin ctx member accesses\").\nThe reason is due to sign-extension of 32-bit load for\npacket data/data_end/data_meta uapi field.\n\nThe original code looks like:\n r2 = *(s32 *)(r1 + 76) /* load __sk_buff-\u003edata */\n r3 = *(u32 *)(r1 + 80) /* load __sk_buff-\u003edata_end */\n r0 = r2\n r0 += 8\n if r3 \u003e r0 goto +1\n ...\nNote that __sk_buff-\u003edata load has 32-bit sign extension.\n\nAfter verification and convert_ctx_accesses(), the final asm code looks like:\n r2 = *(u64 *)(r1 +208)\n r2 = (s32)r2\n r3 = *(u64 *)(r1 +80)\n r0 = r2\n r0 += 8\n if r3 \u003e r0 goto pc+1\n ...\nNote that \u0027r2 = (s32)r2\u0027 may make the kernel __sk_buff-\u003edata address invalid\nwhich may cause runtime failure.\n\nCurrently, in C code, typically we have\n void *data = (void *)(long)skb-\u003edata;\n void *data_end = (void *)(long)skb-\u003edata_end;\n ...\nand it will generate\n r2 = *(u64 *)(r1 +208)\n r3 = *(u64 *)(r1 +80)\n r0 = r2\n r0 += 8\n if r3 \u003e r0 goto pc+1\n\nIf we allow sign-extension,\n void *data = (void *)(long)(int)skb-\u003edata;\n void *data_end = (void *)(long)skb-\u003edata_end;\n ...\nthe generated code looks like\n r2 = *(u64 *)(r1 +208)\n r2 \u003c\u003c= 32\n r2 s\u003e\u003e= 32\n r3 = *(u64 *)(r1 +80)\n r0 = r2\n r0 += 8\n if r3 \u003e r0 goto pc+1\nand this will cause verification failure since \"r2 \u003c\u003c= 32\" is not allowed\nas \"r2\" is a packet pointer.\n\nTo fix this issue for case\n r2 = *(s32 *)(r1 + 76) /* load __sk_buff-\u003edata */\nthis patch added additional checking in is_valid_access() callback\nfunction for packet data/data_end/data_meta access. If those accesses\nare with sign-extenstion, the verification will fail.\n\n [1] https://lore.kernel.org/bpf/000000000000c90eee061d236d37@google.com/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47702",
"url": "https://www.suse.com/security/cve/CVE-2024-47702"
},
{
"category": "external",
"summary": "SUSE Bug 1231924 for CVE-2024-47702",
"url": "https://bugzilla.suse.com/1231924"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47702"
},
{
"cve": "CVE-2024-47703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, lsm: Add check for BPF LSM return value\n\nA bpf prog returning a positive number attached to file_alloc_security\nhook makes kernel panic.\n\nThis happens because file system can not filter out the positive number\nreturned by the LSM prog using IS_ERR, and misinterprets this positive\nnumber as a file pointer.\n\nGiven that hook file_alloc_security never returned positive number\nbefore the introduction of BPF LSM, and other BPF LSM hooks may\nencounter similar issues, this patch adds LSM return value check\nin verifier, to ensure no unexpected value is returned.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47703",
"url": "https://www.suse.com/security/cve/CVE-2024-47703"
},
{
"category": "external",
"summary": "SUSE Bug 1231946 for CVE-2024-47703",
"url": "https://bugzilla.suse.com/1231946"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47703"
},
{
"cve": "CVE-2024-47704",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47704"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check link_res-\u003ehpo_dp_link_enc before using it\n\n[WHAT \u0026 HOW]\nFunctions dp_enable_link_phy and dp_disable_link_phy can pass link_res\nwithout initializing hpo_dp_link_enc and it is necessary to check for\nnull before dereferencing.\n\nThis fixes 2 FORWARD_NULL issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47704",
"url": "https://www.suse.com/security/cve/CVE-2024-47704"
},
{
"category": "external",
"summary": "SUSE Bug 1231944 for CVE-2024-47704",
"url": "https://bugzilla.suse.com/1231944"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47704"
},
{
"cve": "CVE-2024-47705",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47705"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix potential invalid pointer dereference in blk_add_partition\n\nThe blk_add_partition() function initially used a single if-condition\n(IS_ERR(part)) to check for errors when adding a partition. This was\nmodified to handle the specific case of -ENXIO separately, allowing the\nfunction to proceed without logging the error in this case. However,\nthis change unintentionally left a path where md_autodetect_dev()\ncould be called without confirming that part is a valid pointer.\n\nThis commit separates the error handling logic by splitting the\ninitial if-condition, improving code readability and handling specific\nerror scenarios explicitly. The function now distinguishes the general\nerror case from -ENXIO without altering the existing behavior of\nmd_autodetect_dev() calls.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47705",
"url": "https://www.suse.com/security/cve/CVE-2024-47705"
},
{
"category": "external",
"summary": "SUSE Bug 1231872 for CVE-2024-47705",
"url": "https://bugzilla.suse.com/1231872"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47705"
},
{
"cve": "CVE-2024-47706",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47706"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock, bfq: fix possible UAF for bfqq-\u003ebic with merge chain\n\n1) initial state, three tasks:\n\n\t\tProcess 1 Process 2\tProcess 3\n\t\t (BIC1) (BIC2)\t\t (BIC3)\n\t\t | ^ | ^\t\t | ^\n\t\t | | | |\t\t | |\n\t\t V | V |\t\t V |\n\t\t bfqq1 bfqq2\t\t bfqq3\nprocess ref:\t 1\t\t 1\t\t 1\n\n2) bfqq1 merged to bfqq2:\n\n\t\tProcess 1 Process 2\tProcess 3\n\t\t (BIC1) (BIC2)\t\t (BIC3)\n\t\t | |\t\t | ^\n\t\t \\--------------\\|\t\t | |\n\t\t V\t\t V |\n\t\t bfqq1---------\u003ebfqq2\t\t bfqq3\nprocess ref:\t 0\t\t 2\t\t 1\n\n3) bfqq2 merged to bfqq3:\n\n\t\tProcess 1 Process 2\tProcess 3\n\t\t (BIC1) (BIC2)\t\t (BIC3)\n\t here -\u003e ^ |\t\t |\n\t\t \\--------------\\ \\-------------\\|\n\t\t V\t\t V\n\t\t bfqq1---------\u003ebfqq2----------\u003ebfqq3\nprocess ref:\t 0\t\t 1\t\t 3\n\nIn this case, IO from Process 1 will get bfqq2 from BIC1 first, and then\nget bfqq3 through merge chain, and finially handle IO by bfqq3.\nHowerver, current code will think bfqq2 is owned by BIC1, like initial\nstate, and set bfqq2-\u003ebic to BIC1.\n\nbfq_insert_request\n-\u003e by Process 1\n bfqq = bfq_init_rq(rq)\n bfqq = bfq_get_bfqq_handle_split\n bfqq = bic_to_bfqq\n -\u003e get bfqq2 from BIC1\n bfqq-\u003eref++\n rq-\u003eelv.priv[0] = bic\n rq-\u003eelv.priv[1] = bfqq\n if (bfqq_process_refs(bfqq) == 1)\n bfqq-\u003ebic = bic\n -\u003e record BIC1 to bfqq2\n\n __bfq_insert_request\n new_bfqq = bfq_setup_cooperator\n -\u003e get bfqq3 from bfqq2-\u003enew_bfqq\n bfqq_request_freed(bfqq)\n new_bfqq-\u003eref++\n rq-\u003eelv.priv[1] = new_bfqq\n -\u003e handle IO by bfqq3\n\nFix the problem by checking bfqq is from merge chain fist. And this\nmight fix a following problem reported by our syzkaller(unreproducible):\n\n==================================================================\nBUG: KASAN: slab-use-after-free in bfq_do_early_stable_merge block/bfq-iosched.c:5692 [inline]\nBUG: KASAN: slab-use-after-free in bfq_do_or_sched_stable_merge block/bfq-iosched.c:5805 [inline]\nBUG: KASAN: slab-use-after-free in bfq_get_queue+0x25b0/0x2610 block/bfq-iosched.c:5889\nWrite of size 1 at addr ffff888123839eb8 by task kworker/0:1H/18595\n\nCPU: 0 PID: 18595 Comm: kworker/0:1H Tainted: G L 6.6.0-07439-gba2303cacfda #6\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\nWorkqueue: kblockd blk_mq_requeue_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x91/0xf0 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:364 [inline]\n print_report+0x10d/0x610 mm/kasan/report.c:475\n kasan_report+0x8e/0xc0 mm/kasan/report.c:588\n bfq_do_early_stable_merge block/bfq-iosched.c:5692 [inline]\n bfq_do_or_sched_stable_merge block/bfq-iosched.c:5805 [inline]\n bfq_get_queue+0x25b0/0x2610 block/bfq-iosched.c:5889\n bfq_get_bfqq_handle_split+0x169/0x5d0 block/bfq-iosched.c:6757\n bfq_init_rq block/bfq-iosched.c:6876 [inline]\n bfq_insert_request block/bfq-iosched.c:6254 [inline]\n bfq_insert_requests+0x1112/0x5cf0 block/bfq-iosched.c:6304\n blk_mq_insert_request+0x290/0x8d0 block/blk-mq.c:2593\n blk_mq_requeue_work+0x6bc/0xa70 block/blk-mq.c:1502\n process_one_work kernel/workqueue.c:2627 [inline]\n process_scheduled_works+0x432/0x13f0 kernel/workqueue.c:2700\n worker_thread+0x6f2/0x1160 kernel/workqueue.c:2781\n kthread+0x33c/0x440 kernel/kthread.c:388\n ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:305\n \u003c/TASK\u003e\n\nAllocated by task 20776:\n kasan_save_stack+0x20/0x40 mm/kasan/common.c:45\n kasan_set_track+0x25/0x30 mm/kasan/common.c:52\n __kasan_slab_alloc+0x87/0x90 mm/kasan/common.c:328\n kasan_slab_alloc include/linux/kasan.h:188 [inline]\n slab_post_alloc_hook mm/slab.h:763 [inline]\n slab_alloc_node mm/slub.c:3458 [inline]\n kmem_cache_alloc_node+0x1a4/0x6f0 mm/slub.c:3503\n ioc_create_icq block/blk-ioc.c:370 [inline]\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47706",
"url": "https://www.suse.com/security/cve/CVE-2024-47706"
},
{
"category": "external",
"summary": "SUSE Bug 1231942 for CVE-2024-47706",
"url": "https://bugzilla.suse.com/1231942"
},
{
"category": "external",
"summary": "SUSE Bug 1231943 for CVE-2024-47706",
"url": "https://bugzilla.suse.com/1231943"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-47706"
},
{
"cve": "CVE-2024-47707",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47707"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev()\n\nBlamed commit accidentally removed a check for rt-\u003ert6i_idev being NULL,\nas spotted by syzbot:\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 1 UID: 0 PID: 10998 Comm: syz-executor Not tainted 6.11.0-rc6-syzkaller-00208-g625403177711 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\n RIP: 0010:rt6_uncached_list_flush_dev net/ipv6/route.c:177 [inline]\n RIP: 0010:rt6_disable_ip+0x33e/0x7e0 net/ipv6/route.c:4914\nCode: 41 80 3c 04 00 74 0a e8 90 d0 9b f7 48 8b 7c 24 08 48 8b 07 48 89 44 24 10 4c 89 f0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df \u003c80\u003e 3c 08 00 74 08 4c 89 f7 e8 64 d0 9b f7 48 8b 44 24 18 49 39 06\nRSP: 0018:ffffc900047374e0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 1ffff1100fdf8f33 RCX: dffffc0000000000\nRDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88807efc78c0\nRBP: ffffc900047375d0 R08: 0000000000000003 R09: fffff520008e6e8c\nR10: dffffc0000000000 R11: fffff520008e6e8c R12: 1ffff1100fdf8f18\nR13: ffff88807efc7998 R14: 0000000000000000 R15: ffff88807efc7930\nFS: 0000000000000000(0000) GS:ffff8880b8900000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020002a80 CR3: 0000000022f62000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n addrconf_ifdown+0x15d/0x1bd0 net/ipv6/addrconf.c:3856\n addrconf_notify+0x3cb/0x1020\n notifier_call_chain+0x19f/0x3e0 kernel/notifier.c:93\n call_netdevice_notifiers_extack net/core/dev.c:2032 [inline]\n call_netdevice_notifiers net/core/dev.c:2046 [inline]\n unregister_netdevice_many_notify+0xd81/0x1c40 net/core/dev.c:11352\n unregister_netdevice_many net/core/dev.c:11414 [inline]\n unregister_netdevice_queue+0x303/0x370 net/core/dev.c:11289\n unregister_netdevice include/linux/netdevice.h:3129 [inline]\n __tun_detach+0x6b9/0x1600 drivers/net/tun.c:685\n tun_detach drivers/net/tun.c:701 [inline]\n tun_chr_close+0x108/0x1b0 drivers/net/tun.c:3510\n __fput+0x24a/0x8a0 fs/file_table.c:422\n task_work_run+0x24f/0x310 kernel/task_work.c:228\n exit_task_work include/linux/task_work.h:40 [inline]\n do_exit+0xa2f/0x27f0 kernel/exit.c:882\n do_group_exit+0x207/0x2c0 kernel/exit.c:1031\n __do_sys_exit_group kernel/exit.c:1042 [inline]\n __se_sys_exit_group kernel/exit.c:1040 [inline]\n __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1040\n x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f1acc77def9\nCode: Unable to access opcode bytes at 0x7f1acc77decf.\nRSP: 002b:00007ffeb26fa738 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1acc77def9\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043\nRBP: 00007f1acc7dd508 R08: 00007ffeb26f84d7 R09: 0000000000000003\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001\nR13: 0000000000000003 R14: 00000000ffffffff R15: 00007ffeb26fa8e0\n \u003c/TASK\u003e\nModules linked in:\n---[ end trace 0000000000000000 ]---\n RIP: 0010:rt6_uncached_list_flush_dev net/ipv6/route.c:177 [inline]\n RIP: 0010:rt6_disable_ip+0x33e/0x7e0 net/ipv6/route.c:4914\nCode: 41 80 3c 04 00 74 0a e8 90 d0 9b f7 48 8b 7c 24 08 48 8b 07 48 89 44 24 10 4c 89 f0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df \u003c80\u003e 3c 08 00 74 08 4c 89 f7 e8 64 d0 9b f7 48 8b 44 24 18 49 39 06\nRSP: 0018:ffffc900047374e0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 1ffff1100fdf8f33 RCX: dffffc0000000000\nRDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88807efc78c0\nR\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47707",
"url": "https://www.suse.com/security/cve/CVE-2024-47707"
},
{
"category": "external",
"summary": "SUSE Bug 1231935 for CVE-2024-47707",
"url": "https://bugzilla.suse.com/1231935"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47707"
},
{
"cve": "CVE-2024-47709",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47709"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: bcm: Clear bo-\u003ebcm_proc_read after remove_proc_entry().\n\nsyzbot reported a warning in bcm_release(). [0]\n\nThe blamed change fixed another warning that is triggered when\nconnect() is issued again for a socket whose connect()ed device has\nbeen unregistered.\n\nHowever, if the socket is just close()d without the 2nd connect(), the\nremaining bo-\u003ebcm_proc_read triggers unnecessary remove_proc_entry()\nin bcm_release().\n\nLet\u0027s clear bo-\u003ebcm_proc_read after remove_proc_entry() in bcm_notify().\n\n[0]\nname \u00274986\u0027\nWARNING: CPU: 0 PID: 5234 at fs/proc/generic.c:711 remove_proc_entry+0x2e7/0x5d0 fs/proc/generic.c:711\nModules linked in:\nCPU: 0 UID: 0 PID: 5234 Comm: syz-executor606 Not tainted 6.11.0-rc5-syzkaller-00178-g5517ae241919 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nRIP: 0010:remove_proc_entry+0x2e7/0x5d0 fs/proc/generic.c:711\nCode: ff eb 05 e8 cb 1e 5e ff 48 8b 5c 24 10 48 c7 c7 e0 f7 aa 8e e8 2a 38 8e 09 90 48 c7 c7 60 3a 1b 8c 48 89 de e8 da 42 20 ff 90 \u003c0f\u003e 0b 90 90 48 8b 44 24 18 48 c7 44 24 40 0e 36 e0 45 49 c7 04 07\nRSP: 0018:ffffc9000345fa20 EFLAGS: 00010246\nRAX: 2a2d0aee2eb64600 RBX: ffff888032f1f548 RCX: ffff888029431e00\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffc9000345fb08 R08: ffffffff8155b2f2 R09: 1ffff1101710519a\nR10: dffffc0000000000 R11: ffffed101710519b R12: ffff888011d38640\nR13: 0000000000000004 R14: 0000000000000000 R15: dffffc0000000000\nFS: 0000000000000000(0000) GS:ffff8880b8800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fcfb52722f0 CR3: 000000000e734000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n bcm_release+0x250/0x880 net/can/bcm.c:1578\n __sock_release net/socket.c:659 [inline]\n sock_close+0xbc/0x240 net/socket.c:1421\n __fput+0x24a/0x8a0 fs/file_table.c:422\n task_work_run+0x24f/0x310 kernel/task_work.c:228\n exit_task_work include/linux/task_work.h:40 [inline]\n do_exit+0xa2f/0x27f0 kernel/exit.c:882\n do_group_exit+0x207/0x2c0 kernel/exit.c:1031\n __do_sys_exit_group kernel/exit.c:1042 [inline]\n __se_sys_exit_group kernel/exit.c:1040 [inline]\n __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1040\n x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fcfb51ee969\nCode: Unable to access opcode bytes at 0x7fcfb51ee93f.\nRSP: 002b:00007ffce0109ca8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fcfb51ee969\nRDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001\nRBP: 00007fcfb526f3b0 R08: ffffffffffffffb8 R09: 0000555500000000\nR10: 0000555500000000 R11: 0000000000000246 R12: 00007fcfb526f3b0\nR13: 0000000000000000 R14: 00007fcfb5271ee0 R15: 00007fcfb51bf160\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47709",
"url": "https://www.suse.com/security/cve/CVE-2024-47709"
},
{
"category": "external",
"summary": "SUSE Bug 1232048 for CVE-2024-47709",
"url": "https://bugzilla.suse.com/1232048"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47709"
},
{
"cve": "CVE-2024-47710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47710"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsock_map: Add a cond_resched() in sock_hash_free()\n\nSeveral syzbot soft lockup reports all have in common sock_hash_free()\n\nIf a map with a large number of buckets is destroyed, we need to yield\nthe cpu when needed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47710",
"url": "https://www.suse.com/security/cve/CVE-2024-47710"
},
{
"category": "external",
"summary": "SUSE Bug 1232049 for CVE-2024-47710",
"url": "https://bugzilla.suse.com/1232049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47710"
},
{
"cve": "CVE-2024-47712",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47712"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param\n\nIn the `wilc_parse_join_bss_param` function, the TSF field of the `ies`\nstructure is accessed after the RCU read-side critical section is\nunlocked. According to RCU usage rules, this is illegal. Reusing this\npointer can lead to unpredictable behavior, including accessing memory\nthat has been updated or causing use-after-free issues.\n\nThis possible bug was identified using a static analysis tool developed\nby myself, specifically designed to detect RCU-related issues.\n\nTo address this, the TSF value is now stored in a local variable\n`ies_tsf` before the RCU lock is released. The `param-\u003etsf_lo` field is\nthen assigned using this local variable, ensuring that the TSF value is\nsafely accessed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47712",
"url": "https://www.suse.com/security/cve/CVE-2024-47712"
},
{
"category": "external",
"summary": "SUSE Bug 1232017 for CVE-2024-47712",
"url": "https://bugzilla.suse.com/1232017"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47712"
},
{
"cve": "CVE-2024-47713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47713"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop()\n\nSince \u0027__dev_queue_xmit()\u0027 should be called with interrupts enabled,\nthe following backtrace:\n\nieee80211_do_stop()\n ...\n spin_lock_irqsave(\u0026local-\u003equeue_stop_reason_lock, flags)\n ...\n ieee80211_free_txskb()\n ieee80211_report_used_skb()\n ieee80211_report_ack_skb()\n cfg80211_mgmt_tx_status_ext()\n nl80211_frame_tx_status()\n genlmsg_multicast_netns()\n genlmsg_multicast_netns_filtered()\n nlmsg_multicast_filtered()\n\t netlink_broadcast_filtered()\n\t do_one_broadcast()\n\t netlink_broadcast_deliver()\n\t __netlink_sendskb()\n\t netlink_deliver_tap()\n\t __netlink_deliver_tap_skb()\n\t dev_queue_xmit()\n\t __dev_queue_xmit() ; with IRQS disabled\n ...\n spin_unlock_irqrestore(\u0026local-\u003equeue_stop_reason_lock, flags)\n\nissues the warning (as reported by syzbot reproducer):\n\nWARNING: CPU: 2 PID: 5128 at kernel/softirq.c:362 __local_bh_enable_ip+0xc3/0x120\n\nFix this by implementing a two-phase skb reclamation in\n\u0027ieee80211_do_stop()\u0027, where actual work is performed\noutside of a section with interrupts disabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47713",
"url": "https://www.suse.com/security/cve/CVE-2024-47713"
},
{
"category": "external",
"summary": "SUSE Bug 1232016 for CVE-2024-47713",
"url": "https://bugzilla.suse.com/1232016"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47713"
},
{
"cve": "CVE-2024-47714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47714"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7996: use hweight16 to get correct tx antenna\n\nThe chainmask is u16 so using hweight8 cannot get correct tx_ant.\nWithout this patch, the tx_ant of band 2 would be -1 and lead to the\nfollowing issue:\nBUG: KASAN: stack-out-of-bounds in mt7996_mcu_add_sta+0x12e0/0x16e0 [mt7996e]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47714",
"url": "https://www.suse.com/security/cve/CVE-2024-47714"
},
{
"category": "external",
"summary": "SUSE Bug 1232018 for CVE-2024-47714",
"url": "https://bugzilla.suse.com/1232018"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47714"
},
{
"cve": "CVE-2024-47715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47715"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7915: fix oops on non-dbdc mt7986\n\nmt7915_band_config() sets band_idx = 1 on the main phy for mt7986\nwith MT7975_ONE_ADIE or MT7976_ONE_ADIE.\n\nCommit 0335c034e726 (\"wifi: mt76: fix race condition related to\nchecking tx queue fill status\") introduced a dereference of the\nphys array indirectly indexed by band_idx via wcid-\u003ephy_idx in\nmt76_wcid_cleanup(). This caused the following Oops on affected\nmt7986 devices:\n\n Unable to handle kernel read from unreadable memory at virtual address 0000000000000024\n Mem abort info:\n ESR = 0x0000000096000005\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x05: level 1 translation fault\n Data abort info:\n ISV = 0, ISS = 0x00000005\n CM = 0, WnR = 0\n user pgtable: 4k pages, 39-bit VAs, pgdp=0000000042545000\n [0000000000000024] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n Internal error: Oops: 0000000096000005 [#1] SMP\n Modules linked in: ... mt7915e mt76_connac_lib mt76 mac80211 cfg80211 ...\n CPU: 2 PID: 1631 Comm: hostapd Not tainted 5.15.150 #0\n Hardware name: ZyXEL EX5700 (Telenor) (DT)\n pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : mt76_wcid_cleanup+0x84/0x22c [mt76]\n lr : mt76_wcid_cleanup+0x64/0x22c [mt76]\n sp : ffffffc00a803700\n x29: ffffffc00a803700 x28: ffffff80008f7300 x27: ffffff80003f3c00\n x26: ffffff80000a7880 x25: ffffffc008c26e00 x24: 0000000000000001\n x23: ffffffc000a68114 x22: 0000000000000000 x21: ffffff8004172cc8\n x20: ffffffc00a803748 x19: ffffff8004152020 x18: 0000000000000000\n x17: 00000000000017c0 x16: ffffffc008ef5000 x15: 0000000000000be0\n x14: ffffff8004172e28 x13: ffffff8004172e28 x12: 0000000000000000\n x11: 0000000000000000 x10: ffffff8004172e30 x9 : ffffff8004172e28\n x8 : 0000000000000000 x7 : ffffff8004156020 x6 : 0000000000000000\n x5 : 0000000000000031 x4 : 0000000000000000 x3 : 0000000000000001\n x2 : 0000000000000000 x1 : ffffff80008f7300 x0 : 0000000000000024\n Call trace:\n mt76_wcid_cleanup+0x84/0x22c [mt76]\n __mt76_sta_remove+0x70/0xbc [mt76]\n mt76_sta_state+0x8c/0x1a4 [mt76]\n mt7915_eeprom_get_power_delta+0x11e4/0x23a0 [mt7915e]\n drv_sta_state+0x144/0x274 [mac80211]\n sta_info_move_state+0x1cc/0x2a4 [mac80211]\n sta_set_sinfo+0xaf8/0xc24 [mac80211]\n sta_info_destroy_addr_bss+0x4c/0x6c [mac80211]\n\n ieee80211_color_change_finish+0x1c08/0x1e70 [mac80211]\n cfg80211_check_station_change+0x1360/0x4710 [cfg80211]\n genl_family_rcv_msg_doit+0xb4/0x110\n genl_rcv_msg+0xd0/0x1bc\n netlink_rcv_skb+0x58/0x120\n genl_rcv+0x34/0x50\n netlink_unicast+0x1f0/0x2ec\n netlink_sendmsg+0x198/0x3d0\n ____sys_sendmsg+0x1b0/0x210\n ___sys_sendmsg+0x80/0xf0\n __sys_sendmsg+0x44/0xa0\n __arm64_sys_sendmsg+0x20/0x30\n invoke_syscall.constprop.0+0x4c/0xe0\n do_el0_svc+0x40/0xd0\n el0_svc+0x14/0x4c\n el0t_64_sync_handler+0x100/0x110\n el0t_64_sync+0x15c/0x160\n Code: d2800002 910092c0 52800023 f9800011 (885f7c01)\n ---[ end trace 7e42dd9a39ed2281 ]---\n\nFix by using mt76_dev_phy() which will map band_idx to the correct phy\nfor all hardware combinations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47715",
"url": "https://www.suse.com/security/cve/CVE-2024-47715"
},
{
"category": "external",
"summary": "SUSE Bug 1231860 for CVE-2024-47715",
"url": "https://bugzilla.suse.com/1231860"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47715"
},
{
"cve": "CVE-2024-47718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: always wait for both firmware loading attempts\n\nIn \u0027rtw_wait_firmware_completion()\u0027, always wait for both (regular and\nwowlan) firmware loading attempts. Otherwise if \u0027rtw_usb_intf_init()\u0027\nhas failed in \u0027rtw_usb_probe()\u0027, \u0027rtw_usb_disconnect()\u0027 may issue\n\u0027ieee80211_free_hw()\u0027 when one of \u0027rtw_load_firmware_cb()\u0027 (usually\nthe wowlan one) is still in progress, causing UAF detected by KASAN.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47718",
"url": "https://www.suse.com/security/cve/CVE-2024-47718"
},
{
"category": "external",
"summary": "SUSE Bug 1232015 for CVE-2024-47718",
"url": "https://bugzilla.suse.com/1232015"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47718"
},
{
"cve": "CVE-2024-47719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47719"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommufd: Protect against overflow of ALIGN() during iova allocation\n\nUserspace can supply an iova and uptr such that the target iova alignment\nbecomes really big and ALIGN() overflows which corrupts the selected area\nrange during allocation. CONFIG_IOMMUFD_TEST can detect this:\n\n WARNING: CPU: 1 PID: 5092 at drivers/iommu/iommufd/io_pagetable.c:268 iopt_alloc_area_pages drivers/iommu/iommufd/io_pagetable.c:268 [inline]\n WARNING: CPU: 1 PID: 5092 at drivers/iommu/iommufd/io_pagetable.c:268 iopt_map_pages+0xf95/0x1050 drivers/iommu/iommufd/io_pagetable.c:352\n Modules linked in:\n CPU: 1 PID: 5092 Comm: syz-executor294 Not tainted 6.10.0-rc5-syzkaller-00294-g3ffea9a7a6f7 #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024\n RIP: 0010:iopt_alloc_area_pages drivers/iommu/iommufd/io_pagetable.c:268 [inline]\n RIP: 0010:iopt_map_pages+0xf95/0x1050 drivers/iommu/iommufd/io_pagetable.c:352\n Code: fc e9 a4 f3 ff ff e8 1a 8b 4c fc 41 be e4 ff ff ff e9 8a f3 ff ff e8 0a 8b 4c fc 90 0f 0b 90 e9 37 f5 ff ff e8 fc 8a 4c fc 90 \u003c0f\u003e 0b 90 e9 68 f3 ff ff 48 c7 c1 ec 82 ad 8f 80 e1 07 80 c1 03 38\n RSP: 0018:ffffc90003ebf9e0 EFLAGS: 00010293\n RAX: ffffffff85499fa4 RBX: 00000000ffffffef RCX: ffff888079b49e00\n RDX: 0000000000000000 RSI: 00000000ffffffef RDI: 0000000000000000\n RBP: ffffc90003ebfc50 R08: ffffffff85499b30 R09: ffffffff85499942\n R10: 0000000000000002 R11: ffff888079b49e00 R12: ffff8880228e0010\n R13: 0000000000000000 R14: 1ffff920007d7f68 R15: ffffc90003ebfd00\n FS: 000055557d760380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00000000005fdeb8 CR3: 000000007404a000 CR4: 00000000003506f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n iommufd_ioas_copy+0x610/0x7b0 drivers/iommu/iommufd/ioas.c:274\n iommufd_fops_ioctl+0x4d9/0x5a0 drivers/iommu/iommufd/main.c:421\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCap the automatic alignment to the huge page size, which is probably a\nbetter idea overall. Huge automatic alignments can fragment and chew up\nthe available IOVA space without any reason.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47719",
"url": "https://www.suse.com/security/cve/CVE-2024-47719"
},
{
"category": "external",
"summary": "SUSE Bug 1231865 for CVE-2024-47719",
"url": "https://bugzilla.suse.com/1231865"
},
{
"category": "external",
"summary": "SUSE Bug 1231866 for CVE-2024-47719",
"url": "https://bugzilla.suse.com/1231866"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-47719"
},
{
"cve": "CVE-2024-47720",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47720"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func\n\nThis commit adds a null check for the set_output_gamma function pointer\nin the dcn30_set_output_transfer_func function. Previously,\nset_output_gamma was being checked for nullity at line 386, but then it\nwas being dereferenced without any nullity check at line 401. This\ncould potentially lead to a null pointer dereference error if\nset_output_gamma is indeed null.\n\nTo fix this, we now ensure that set_output_gamma is not null before\ndereferencing it. We do this by adding a nullity check for\nset_output_gamma before the call to set_output_gamma at line 401. If\nset_output_gamma is null, we log an error message and do not call the\nfunction.\n\nThis fix prevents a potential null pointer dereference error.\n\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:401 dcn30_set_output_transfer_func()\nerror: we previously assumed \u0027mpc-\u003efuncs-\u003eset_output_gamma\u0027 could be null (see line 386)\n\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c\n 373 bool dcn30_set_output_transfer_func(struct dc *dc,\n 374 struct pipe_ctx *pipe_ctx,\n 375 const struct dc_stream_state *stream)\n 376 {\n 377 int mpcc_id = pipe_ctx-\u003eplane_res.hubp-\u003einst;\n 378 struct mpc *mpc = pipe_ctx-\u003estream_res.opp-\u003ectx-\u003edc-\u003eres_pool-\u003empc;\n 379 const struct pwl_params *params = NULL;\n 380 bool ret = false;\n 381\n 382 /* program OGAM or 3DLUT only for the top pipe*/\n 383 if (pipe_ctx-\u003etop_pipe == NULL) {\n 384 /*program rmu shaper and 3dlut in MPC*/\n 385 ret = dcn30_set_mpc_shaper_3dlut(pipe_ctx, stream);\n 386 if (ret == false \u0026\u0026 mpc-\u003efuncs-\u003eset_output_gamma) {\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ If this is NULL\n\n 387 if (stream-\u003eout_transfer_func.type == TF_TYPE_HWPWL)\n 388 params = \u0026stream-\u003eout_transfer_func.pwl;\n 389 else if (pipe_ctx-\u003estream-\u003eout_transfer_func.type ==\n 390 TF_TYPE_DISTRIBUTED_POINTS \u0026\u0026\n 391 cm3_helper_translate_curve_to_hw_format(\n 392 \u0026stream-\u003eout_transfer_func,\n 393 \u0026mpc-\u003eblender_params, false))\n 394 params = \u0026mpc-\u003eblender_params;\n 395 /* there are no ROM LUTs in OUTGAM */\n 396 if (stream-\u003eout_transfer_func.type == TF_TYPE_PREDEFINED)\n 397 BREAK_TO_DEBUGGER();\n 398 }\n 399 }\n 400\n--\u003e 401 mpc-\u003efuncs-\u003eset_output_gamma(mpc, mpcc_id, params);\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Then it will crash\n\n 402 return ret;\n 403 }",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47720",
"url": "https://www.suse.com/security/cve/CVE-2024-47720"
},
{
"category": "external",
"summary": "SUSE Bug 1232043 for CVE-2024-47720",
"url": "https://bugzilla.suse.com/1232043"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47720"
},
{
"cve": "CVE-2024-47723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47723"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix out-of-bounds in dbNextAG() and diAlloc()\n\nIn dbNextAG() , there is no check for the case where bmp-\u003edb_numag is\ngreater or same than MAXAG due to a polluted image, which causes an\nout-of-bounds. Therefore, a bounds check should be added in dbMount().\n\nAnd in dbNextAG(), a check for the case where agpref is greater than\nbmp-\u003edb_numag should be added, so an out-of-bounds exception should be\nprevented.\n\nAdditionally, a check for the case where agno is greater or same than\nMAXAG should be added in diAlloc() to prevent out-of-bounds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47723",
"url": "https://www.suse.com/security/cve/CVE-2024-47723"
},
{
"category": "external",
"summary": "SUSE Bug 1232050 for CVE-2024-47723",
"url": "https://bugzilla.suse.com/1232050"
},
{
"category": "external",
"summary": "SUSE Bug 1232051 for CVE-2024-47723",
"url": "https://bugzilla.suse.com/1232051"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-47723"
},
{
"cve": "CVE-2024-47727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47727"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/tdx: Fix \"in-kernel MMIO\" check\n\nTDX only supports kernel-initiated MMIO operations. The handle_mmio()\nfunction checks if the #VE exception occurred in the kernel and rejects\nthe operation if it did not.\n\nHowever, userspace can deceive the kernel into performing MMIO on its\nbehalf. For example, if userspace can point a syscall to an MMIO address,\nsyscall does get_user() or put_user() on it, triggering MMIO #VE. The\nkernel will treat the #VE as in-kernel MMIO.\n\nEnsure that the target MMIO address is within the kernel before decoding\ninstruction.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47727",
"url": "https://www.suse.com/security/cve/CVE-2024-47727"
},
{
"category": "external",
"summary": "SUSE Bug 1232116 for CVE-2024-47727",
"url": "https://bugzilla.suse.com/1232116"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47727"
},
{
"cve": "CVE-2024-47728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47728"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error\n\nFor all non-tracing helpers which formerly had ARG_PTR_TO_{LONG,INT} as input\narguments, zero the value for the case of an error as otherwise it could leak\nmemory. For tracing, it is not needed given CAP_PERFMON can already read all\nkernel memory anyway hence bpf_get_func_arg() and bpf_get_func_ret() is skipped\nin here.\n\nAlso, the MTU helpers mtu_len pointer value is being written but also read.\nTechnically, the MEM_UNINIT should not be there in order to always force init.\nRemoving MEM_UNINIT needs more verifier rework though: MEM_UNINIT right now\nimplies two things actually: i) write into memory, ii) memory does not have\nto be initialized. If we lift MEM_UNINIT, it then becomes: i) read into memory,\nii) memory must be initialized. This means that for bpf_*_check_mtu() we\u0027re\nreadding the issue we\u0027re trying to fix, that is, it would then be able to\nwrite back into things like .rodata BPF maps. Follow-up work will rework the\nMEM_UNINIT semantics such that the intent can be better expressed. For now\njust clear the *mtu_len on error path which can be lifted later again.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47728",
"url": "https://www.suse.com/security/cve/CVE-2024-47728"
},
{
"category": "external",
"summary": "SUSE Bug 1232076 for CVE-2024-47728",
"url": "https://bugzilla.suse.com/1232076"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47728"
},
{
"cve": "CVE-2024-47730",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47730"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: hisilicon/qm - inject error before stopping queue\n\nThe master ooo cannot be completely closed when the\naccelerator core reports memory error. Therefore, the driver\nneeds to inject the qm error to close the master ooo. Currently,\nthe qm error is injected after stopping queue, memory may be\nreleased immediately after stopping queue, causing the device to\naccess the released memory. Therefore, error is injected to close master\nooo before stopping queue to ensure that the device does not access\nthe released memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47730",
"url": "https://www.suse.com/security/cve/CVE-2024-47730"
},
{
"category": "external",
"summary": "SUSE Bug 1232075 for CVE-2024-47730",
"url": "https://bugzilla.suse.com/1232075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47730"
},
{
"cve": "CVE-2024-47731",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47731"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/perf: Fix ali_drw_pmu driver interrupt status clearing\n\nThe alibaba_uncore_pmu driver forgot to clear all interrupt status\nin the interrupt processing function. After the PMU counter overflow\ninterrupt occurred, an interrupt storm occurred, causing the system\nto hang.\n\nTherefore, clear the correct interrupt status in the interrupt handling\nfunction to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47731",
"url": "https://www.suse.com/security/cve/CVE-2024-47731"
},
{
"category": "external",
"summary": "SUSE Bug 1232117 for CVE-2024-47731",
"url": "https://bugzilla.suse.com/1232117"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47731"
},
{
"cve": "CVE-2024-47732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47732"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: iaa - Fix potential use after free bug\n\nThe free_device_compression_mode(iaa_device, device_mode) function frees\n\"device_mode\" but it iss passed to iaa_compression_modes[i]-\u003efree() a few\nlines later resulting in a use after free.\n\nThe good news is that, so far as I can tell, nothing implements the\n-\u003efree() function and the use after free happens in dead code. But, with\nthis fix, when something does implement it, we\u0027ll be ready. :)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47732",
"url": "https://www.suse.com/security/cve/CVE-2024-47732"
},
{
"category": "external",
"summary": "SUSE Bug 1232109 for CVE-2024-47732",
"url": "https://bugzilla.suse.com/1232109"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47732"
},
{
"cve": "CVE-2024-47735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47735"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled\n\nFix missuse of spin_lock_irq()/spin_unlock_irq() when\nspin_lock_irqsave()/spin_lock_irqrestore() was hold.\n\nThis was discovered through the lock debugging, and the corresponding\nlog is as follows:\n\nraw_local_irq_restore() called with IRQs enabled\nWARNING: CPU: 96 PID: 2074 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x30/0x40\n...\nCall trace:\n warn_bogus_irq_restore+0x30/0x40\n _raw_spin_unlock_irqrestore+0x84/0xc8\n add_qp_to_list+0x11c/0x148 [hns_roce_hw_v2]\n hns_roce_create_qp_common.constprop.0+0x240/0x780 [hns_roce_hw_v2]\n hns_roce_create_qp+0x98/0x160 [hns_roce_hw_v2]\n create_qp+0x138/0x258\n ib_create_qp_kernel+0x50/0xe8\n create_mad_qp+0xa8/0x128\n ib_mad_port_open+0x218/0x448\n ib_mad_init_device+0x70/0x1f8\n add_client_context+0xfc/0x220\n enable_device_and_get+0xd0/0x140\n ib_register_device.part.0+0xf4/0x1c8\n ib_register_device+0x34/0x50\n hns_roce_register_device+0x174/0x3d0 [hns_roce_hw_v2]\n hns_roce_init+0xfc/0x2c0 [hns_roce_hw_v2]\n __hns_roce_hw_v2_init_instance+0x7c/0x1d0 [hns_roce_hw_v2]\n hns_roce_hw_v2_init_instance+0x9c/0x180 [hns_roce_hw_v2]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47735",
"url": "https://www.suse.com/security/cve/CVE-2024-47735"
},
{
"category": "external",
"summary": "SUSE Bug 1232111 for CVE-2024-47735",
"url": "https://bugzilla.suse.com/1232111"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47735"
},
{
"cve": "CVE-2024-47737",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47737"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: call cache_put if xdr_reserve_space returns NULL\n\nIf not enough buffer space available, but idmap_lookup has triggered\nlookup_fn which calls cache_get and returns successfully. Then we\nmissed to call cache_put here which pairs with cache_get.\n\nReviwed-by: Jeff Layton \u003cjlayton@kernel.org\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47737",
"url": "https://www.suse.com/security/cve/CVE-2024-47737"
},
{
"category": "external",
"summary": "SUSE Bug 1232056 for CVE-2024-47737",
"url": "https://bugzilla.suse.com/1232056"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47737"
},
{
"cve": "CVE-2024-47738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47738"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: don\u0027t use rate mask for offchannel TX either\n\nLike the commit ab9177d83c04 (\"wifi: mac80211: don\u0027t use rate mask for\nscanning\"), ignore incorrect settings to avoid no supported rate warning\nreported by syzbot.\n\nThe syzbot did bisect and found cause is commit 9df66d5b9f45 (\"cfg80211:\nfix default HE tx bitrate mask in 2G band\"), which however corrects\nbitmask of HE MCS and recognizes correctly settings of empty legacy rate\nplus HE MCS rate instead of returning -EINVAL.\n\nAs suggestions [1], follow the change of SCAN TX to consider this case of\noffchannel TX as well.\n\n[1] https://lore.kernel.org/linux-wireless/6ab2dc9c3afe753ca6fdcdd1421e7a1f47e87b84.camel@sipsolutions.net/T/#m2ac2a6d2be06a37c9c47a3d8a44b4f647ed4f024",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47738",
"url": "https://www.suse.com/security/cve/CVE-2024-47738"
},
{
"category": "external",
"summary": "SUSE Bug 1232114 for CVE-2024-47738",
"url": "https://bugzilla.suse.com/1232114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47738"
},
{
"cve": "CVE-2024-47739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47739"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npadata: use integer wrap around to prevent deadlock on seq_nr overflow\n\nWhen submitting more than 2^32 padata objects to padata_do_serial, the\ncurrent sorting implementation incorrectly sorts padata objects with\noverflowed seq_nr, causing them to be placed before existing objects in\nthe reorder list. This leads to a deadlock in the serialization process\nas padata_find_next cannot match padata-\u003eseq_nr and pd-\u003eprocessed\nbecause the padata instance with overflowed seq_nr will be selected\nnext.\n\nTo fix this, we use an unsigned integer wrap around to correctly sort\npadata objects in scenarios with integer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47739",
"url": "https://www.suse.com/security/cve/CVE-2024-47739"
},
{
"category": "external",
"summary": "SUSE Bug 1232124 for CVE-2024-47739",
"url": "https://bugzilla.suse.com/1232124"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47739"
},
{
"cve": "CVE-2024-47741",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47741"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix race setting file private on concurrent lseek using same fd\n\nWhen doing concurrent lseek(2) system calls against the same file\ndescriptor, using multiple threads belonging to the same process, we have\na short time window where a race happens and can result in a memory leak.\n\nThe race happens like this:\n\n1) A program opens a file descriptor for a file and then spawns two\n threads (with the pthreads library for example), lets call them\n task A and task B;\n\n2) Task A calls lseek with SEEK_DATA or SEEK_HOLE and ends up at\n file.c:find_desired_extent() while holding a read lock on the inode;\n\n3) At the start of find_desired_extent(), it extracts the file\u0027s\n private_data pointer into a local variable named \u0027private\u0027, which has\n a value of NULL;\n\n4) Task B also calls lseek with SEEK_DATA or SEEK_HOLE, locks the inode\n in shared mode and enters file.c:find_desired_extent(), where it also\n extracts file-\u003eprivate_data into its local variable \u0027private\u0027, which\n has a NULL value;\n\n5) Because it saw a NULL file private, task A allocates a private\n structure and assigns to the file structure;\n\n6) Task B also saw a NULL file private so it also allocates its own file\n private and then assigns it to the same file structure, since both\n tasks are using the same file descriptor.\n\n At this point we leak the private structure allocated by task A.\n\nBesides the memory leak, there\u0027s also the detail that both tasks end up\nusing the same cached state record in the private structure (struct\nbtrfs_file_private::llseek_cached_state), which can result in a\nuse-after-free problem since one task can free it while the other is\nstill using it (only one task took a reference count on it). Also, sharing\nthe cached state is not a good idea since it could result in incorrect\nresults in the future - right now it should not be a problem because it\nend ups being used only in extent-io-tree.c:count_range_bits() where we do\nrange validation before using the cached state.\n\nFix this by protecting the private assignment and check of a file while\nholding the inode\u0027s spinlock and keep track of the task that allocated\nthe private, so that it\u0027s used only by that task in order to prevent\nuser-after-free issues with the cached state record as well as potentially\nusing it incorrectly in the future.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47741",
"url": "https://www.suse.com/security/cve/CVE-2024-47741"
},
{
"category": "external",
"summary": "SUSE Bug 1231869 for CVE-2024-47741",
"url": "https://bugzilla.suse.com/1231869"
},
{
"category": "external",
"summary": "SUSE Bug 1231870 for CVE-2024-47741",
"url": "https://bugzilla.suse.com/1231870"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-47741"
},
{
"cve": "CVE-2024-47742",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47742"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware_loader: Block path traversal\n\nMost firmware names are hardcoded strings, or are constructed from fairly\nconstrained format strings where the dynamic parts are just some hex\nnumbers or such.\n\nHowever, there are a couple codepaths in the kernel where firmware file\nnames contain string components that are passed through from a device or\nsemi-privileged userspace; the ones I could find (not counting interfaces\nthat require root privileges) are:\n\n - lpfc_sli4_request_firmware_update() seems to construct the firmware\n filename from \"ModelName\", a string that was previously parsed out of\n some descriptor (\"Vital Product Data\") in lpfc_fill_vpd()\n - nfp_net_fw_find() seems to construct a firmware filename from a model\n name coming from nfp_hwinfo_lookup(pf-\u003ehwinfo, \"nffw.partno\"), which I\n think parses some descriptor that was read from the device.\n (But this case likely isn\u0027t exploitable because the format string looks\n like \"netronome/nic_%s\", and there shouldn\u0027t be any *folders* starting\n with \"netronome/nic_\". The previous case was different because there,\n the \"%s\" is *at the start* of the format string.)\n - module_flash_fw_schedule() is reachable from the\n ETHTOOL_MSG_MODULE_FW_FLASH_ACT netlink command, which is marked as\n GENL_UNS_ADMIN_PERM (meaning CAP_NET_ADMIN inside a user namespace is\n enough to pass the privilege check), and takes a userspace-provided\n firmware name.\n (But I think to reach this case, you need to have CAP_NET_ADMIN over a\n network namespace that a special kind of ethernet device is mapped into,\n so I think this is not a viable attack path in practice.)\n\nFix it by rejecting any firmware names containing \"..\" path components.\n\nFor what it\u0027s worth, I went looking and haven\u0027t found any USB device\ndrivers that use the firmware loader dangerously.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47742",
"url": "https://www.suse.com/security/cve/CVE-2024-47742"
},
{
"category": "external",
"summary": "SUSE Bug 1232126 for CVE-2024-47742",
"url": "https://bugzilla.suse.com/1232126"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47742"
},
{
"cve": "CVE-2024-47743",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47743"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKEYS: prevent NULL pointer dereference in find_asymmetric_key()\n\nIn find_asymmetric_key(), if all NULLs are passed in the id_{0,1,2}\narguments, the kernel will first emit WARN but then have an oops\nbecause id_2 gets dereferenced anyway.\n\nAdd the missing id_2 check and move WARN_ON() to the final else branch\nto avoid duplicate NULL checks.\n\nFound by Linux Verification Center (linuxtesting.org) with Svace static\nanalysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47743",
"url": "https://www.suse.com/security/cve/CVE-2024-47743"
},
{
"category": "external",
"summary": "SUSE Bug 1232129 for CVE-2024-47743",
"url": "https://bugzilla.suse.com/1232129"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47743"
},
{
"cve": "CVE-2024-47744",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47744"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock\n\nUse a dedicated mutex to guard kvm_usage_count to fix a potential deadlock\non x86 due to a chain of locks and SRCU synchronizations. Translating the\nbelow lockdep splat, CPU1 #6 will wait on CPU0 #1, CPU0 #8 will wait on\nCPU2 #3, and CPU2 #7 will wait on CPU1 #4 (if there\u0027s a writer, due to the\nfairness of r/w semaphores).\n\n CPU0 CPU1 CPU2\n1 lock(\u0026kvm-\u003eslots_lock);\n2 lock(\u0026vcpu-\u003emutex);\n3 lock(\u0026kvm-\u003esrcu);\n4 lock(cpu_hotplug_lock);\n5 lock(kvm_lock);\n6 lock(\u0026kvm-\u003eslots_lock);\n7 lock(cpu_hotplug_lock);\n8 sync(\u0026kvm-\u003esrcu);\n\nNote, there are likely more potential deadlocks in KVM x86, e.g. the same\npattern of taking cpu_hotplug_lock outside of kvm_lock likely exists with\n__kvmclock_cpufreq_notifier():\n\n cpuhp_cpufreq_online()\n |\n -\u003e cpufreq_online()\n |\n -\u003e cpufreq_gov_performance_limits()\n |\n -\u003e __cpufreq_driver_target()\n |\n -\u003e __target_index()\n |\n -\u003e cpufreq_freq_transition_begin()\n |\n -\u003e cpufreq_notify_transition()\n |\n -\u003e ... __kvmclock_cpufreq_notifier()\n\nBut, actually triggering such deadlocks is beyond rare due to the\ncombination of dependencies and timings involved. E.g. the cpufreq\nnotifier is only used on older CPUs without a constant TSC, mucking with\nthe NX hugepage mitigation while VMs are running is very uncommon, and\ndoing so while also onlining/offlining a CPU (necessary to generate\ncontention on cpu_hotplug_lock) would be even more unusual.\n\nThe most robust solution to the general cpu_hotplug_lock issue is likely\nto switch vm_list to be an RCU-protected list, e.g. so that x86\u0027s cpufreq\nnotifier doesn\u0027t to take kvm_lock. For now, settle for fixing the most\nblatant deadlock, as switching to an RCU-protected list is a much more\ninvolved change, but add a comment in locking.rst to call out that care\nneeds to be taken when walking holding kvm_lock and walking vm_list.\n\n ======================================================\n WARNING: possible circular locking dependency detected\n 6.10.0-smp--c257535a0c9d-pip #330 Tainted: G S O\n ------------------------------------------------------\n tee/35048 is trying to acquire lock:\n ff6a80eced71e0a8 (\u0026kvm-\u003eslots_lock){+.+.}-{3:3}, at: set_nx_huge_pages+0x179/0x1e0 [kvm]\n\n but task is already holding lock:\n ffffffffc07abb08 (kvm_lock){+.+.}-{3:3}, at: set_nx_huge_pages+0x14a/0x1e0 [kvm]\n\n which lock already depends on the new lock.\n\n the existing dependency chain (in reverse order) is:\n\n -\u003e #3 (kvm_lock){+.+.}-{3:3}:\n __mutex_lock+0x6a/0xb40\n mutex_lock_nested+0x1f/0x30\n kvm_dev_ioctl+0x4fb/0xe50 [kvm]\n __se_sys_ioctl+0x7b/0xd0\n __x64_sys_ioctl+0x21/0x30\n x64_sys_call+0x15d0/0x2e60\n do_syscall_64+0x83/0x160\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n -\u003e #2 (cpu_hotplug_lock){++++}-{0:0}:\n cpus_read_lock+0x2e/0xb0\n static_key_slow_inc+0x16/0x30\n kvm_lapic_set_base+0x6a/0x1c0 [kvm]\n kvm_set_apic_base+0x8f/0xe0 [kvm]\n kvm_set_msr_common+0x9ae/0xf80 [kvm]\n vmx_set_msr+0xa54/0xbe0 [kvm_intel]\n __kvm_set_msr+0xb6/0x1a0 [kvm]\n kvm_arch_vcpu_ioctl+0xeca/0x10c0 [kvm]\n kvm_vcpu_ioctl+0x485/0x5b0 [kvm]\n __se_sys_ioctl+0x7b/0xd0\n __x64_sys_ioctl+0x21/0x30\n x64_sys_call+0x15d0/0x2e60\n do_syscall_64+0x83/0x160\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n -\u003e #1 (\u0026kvm-\u003esrcu){.+.+}-{0:0}:\n __synchronize_srcu+0x44/0x1a0\n \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47744",
"url": "https://www.suse.com/security/cve/CVE-2024-47744"
},
{
"category": "external",
"summary": "SUSE Bug 1232132 for CVE-2024-47744",
"url": "https://bugzilla.suse.com/1232132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47744"
},
{
"cve": "CVE-2024-47745",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47745"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: call the security_mmap_file() LSM hook in remap_file_pages()\n\nThe remap_file_pages syscall handler calls do_mmap() directly, which\ndoesn\u0027t contain the LSM security check. And if the process has called\npersonality(READ_IMPLIES_EXEC) before and remap_file_pages() is called for\nRW pages, this will actually result in remapping the pages to RWX,\nbypassing a W^X policy enforced by SELinux.\n\nSo we should check prot by security_mmap_file LSM hook in the\nremap_file_pages syscall handler before do_mmap() is called. Otherwise, it\npotentially permits an attacker to bypass a W^X policy enforced by\nSELinux.\n\nThe bypass is similar to CVE-2016-10044, which bypass the same thing via\nAIO and can be found in [1].\n\nThe PoC:\n\n$ cat \u003e test.c\n\nint main(void) {\n\tsize_t pagesz = sysconf(_SC_PAGE_SIZE);\n\tint mfd = syscall(SYS_memfd_create, \"test\", 0);\n\tconst char *buf = mmap(NULL, 4 * pagesz, PROT_READ | PROT_WRITE,\n\t\tMAP_SHARED, mfd, 0);\n\tunsigned int old = syscall(SYS_personality, 0xffffffff);\n\tsyscall(SYS_personality, READ_IMPLIES_EXEC | old);\n\tsyscall(SYS_remap_file_pages, buf, pagesz, 0, 2, 0);\n\tsyscall(SYS_personality, old);\n\t// show the RWX page exists even if W^X policy is enforced\n\tint fd = open(\"/proc/self/maps\", O_RDONLY);\n\tunsigned char buf2[1024];\n\twhile (1) {\n\t\tint ret = read(fd, buf2, 1024);\n\t\tif (ret \u003c= 0) break;\n\t\twrite(1, buf2, ret);\n\t}\n\tclose(fd);\n}\n\n$ gcc test.c -o test\n$ ./test | grep rwx\n7f1836c34000-7f1836c35000 rwxs 00002000 00:01 2050 /memfd:test (deleted)\n\n[PM: subject line tweaks]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47745",
"url": "https://www.suse.com/security/cve/CVE-2024-47745"
},
{
"category": "external",
"summary": "SUSE Bug 1232135 for CVE-2024-47745",
"url": "https://bugzilla.suse.com/1232135"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47745"
},
{
"cve": "CVE-2024-47747",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47747"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition\n\nIn the ether3_probe function, a timer is initialized with a callback\nfunction ether3_ledoff, bound to \u0026prev(dev)-\u003etimer. Once the timer is\nstarted, there is a risk of a race condition if the module or device\nis removed, triggering the ether3_remove function to perform cleanup.\nThe sequence of operations that may lead to a UAF bug is as follows:\n\nCPU0 CPU1\n\n | ether3_ledoff\nether3_remove |\n free_netdev(dev); |\n put_devic |\n kfree(dev); |\n | ether3_outw(priv(dev)-\u003eregs.config2 |= CFG2_CTRLO, REG_CONFIG2);\n | // use dev\n\nFix it by ensuring that the timer is canceled before proceeding with\nthe cleanup in ether3_remove.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47747",
"url": "https://www.suse.com/security/cve/CVE-2024-47747"
},
{
"category": "external",
"summary": "SUSE Bug 1232145 for CVE-2024-47747",
"url": "https://bugzilla.suse.com/1232145"
},
{
"category": "external",
"summary": "SUSE Bug 1232146 for CVE-2024-47747",
"url": "https://bugzilla.suse.com/1232146"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-47747"
},
{
"cve": "CVE-2024-47748",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47748"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost_vdpa: assign irq bypass producer token correctly\n\nWe used to call irq_bypass_unregister_producer() in\nvhost_vdpa_setup_vq_irq() which is problematic as we don\u0027t know if the\ntoken pointer is still valid or not.\n\nActually, we use the eventfd_ctx as the token so the life cycle of the\ntoken should be bound to the VHOST_SET_VRING_CALL instead of\nvhost_vdpa_setup_vq_irq() which could be called by set_status().\n\nFixing this by setting up irq bypass producer\u0027s token when handling\nVHOST_SET_VRING_CALL and un-registering the producer before calling\nvhost_vring_ioctl() to prevent a possible use after free as eventfd\ncould have been released in vhost_vring_ioctl(). And such registering\nand unregistering will only be done if DRIVER_OK is set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47748",
"url": "https://www.suse.com/security/cve/CVE-2024-47748"
},
{
"category": "external",
"summary": "SUSE Bug 1232174 for CVE-2024-47748",
"url": "https://bugzilla.suse.com/1232174"
},
{
"category": "external",
"summary": "SUSE Bug 1232177 for CVE-2024-47748",
"url": "https://bugzilla.suse.com/1232177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-47748"
},
{
"cve": "CVE-2024-47749",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47749"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/cxgb4: Added NULL check for lookup_atid\n\nThe lookup_atid() function can return NULL if the ATID is\ninvalid or does not exist in the identifier table, which\ncould lead to dereferencing a null pointer without a\ncheck in the `act_establish()` and `act_open_rpl()` functions.\nAdd a NULL check to prevent null pointer dereferencing.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47749",
"url": "https://www.suse.com/security/cve/CVE-2024-47749"
},
{
"category": "external",
"summary": "SUSE Bug 1232180 for CVE-2024-47749",
"url": "https://bugzilla.suse.com/1232180"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47749"
},
{
"cve": "CVE-2024-47750",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47750"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix Use-After-Free of rsv_qp on HIP08\n\nCurrently rsv_qp is freed before ib_unregister_device() is called\non HIP08. During the time interval, users can still dereg MR and\nrsv_qp will be used in this process, leading to a UAF. Move the\nrelease of rsv_qp after calling ib_unregister_device() to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47750",
"url": "https://www.suse.com/security/cve/CVE-2024-47750"
},
{
"category": "external",
"summary": "SUSE Bug 1232182 for CVE-2024-47750",
"url": "https://bugzilla.suse.com/1232182"
},
{
"category": "external",
"summary": "SUSE Bug 1232829 for CVE-2024-47750",
"url": "https://bugzilla.suse.com/1232829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-47750"
},
{
"cve": "CVE-2024-47751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47751"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: kirin: Fix buffer overflow in kirin_pcie_parse_port()\n\nWithin kirin_pcie_parse_port(), the pcie-\u003enum_slots is compared to\npcie-\u003egpio_id_reset size (MAX_PCI_SLOTS) which is correct and would lead\nto an overflow.\n\nThus, fix condition to pcie-\u003enum_slots + 1 \u003e= MAX_PCI_SLOTS and move\npcie-\u003enum_slots increment below the if-statement to avoid out-of-bounds\narray access.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[kwilczynski: commit log]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47751",
"url": "https://www.suse.com/security/cve/CVE-2024-47751"
},
{
"category": "external",
"summary": "SUSE Bug 1232127 for CVE-2024-47751",
"url": "https://bugzilla.suse.com/1232127"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47751"
},
{
"cve": "CVE-2024-47752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47752"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Fix H264 stateless decoder smatch warning\n\nFix a smatch static checker warning on vdec_h264_req_if.c.\nWhich leads to a kernel crash when fb is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47752",
"url": "https://www.suse.com/security/cve/CVE-2024-47752"
},
{
"category": "external",
"summary": "SUSE Bug 1232130 for CVE-2024-47752",
"url": "https://bugzilla.suse.com/1232130"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47752"
},
{
"cve": "CVE-2024-47753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47753"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Fix VP8 stateless decoder smatch warning\n\nFix a smatch static checker warning on vdec_vp8_req_if.c.\nWhich leads to a kernel crash when fb is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47753",
"url": "https://www.suse.com/security/cve/CVE-2024-47753"
},
{
"category": "external",
"summary": "SUSE Bug 1231868 for CVE-2024-47753",
"url": "https://bugzilla.suse.com/1231868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47753"
},
{
"cve": "CVE-2024-47754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47754"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning\n\nFix a smatch static checker warning on vdec_h264_req_multi_if.c.\nWhich leads to a kernel crash when fb is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47754",
"url": "https://www.suse.com/security/cve/CVE-2024-47754"
},
{
"category": "external",
"summary": "SUSE Bug 1232131 for CVE-2024-47754",
"url": "https://bugzilla.suse.com/1232131"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47754"
},
{
"cve": "CVE-2024-47756",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47756"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: keystone: Fix if-statement expression in ks_pcie_quirk()\n\nThis code accidentally uses \u0026\u0026 where || was intended. It potentially\nresults in a NULL dereference.\n\nThus, fix the if-statement expression to use the correct condition.\n\n[kwilczynski: commit log]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47756",
"url": "https://www.suse.com/security/cve/CVE-2024-47756"
},
{
"category": "external",
"summary": "SUSE Bug 1232185 for CVE-2024-47756",
"url": "https://bugzilla.suse.com/1232185"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47756"
},
{
"cve": "CVE-2024-47757",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47757"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential oob read in nilfs_btree_check_delete()\n\nThe function nilfs_btree_check_delete(), which checks whether degeneration\nto direct mapping occurs before deleting a b-tree entry, causes memory\naccess outside the block buffer when retrieving the maximum key if the\nroot node has no entries.\n\nThis does not usually happen because b-tree mappings with 0 child nodes\nare never created by mkfs.nilfs2 or nilfs2 itself. However, it can happen\nif the b-tree root node read from a device is configured that way, so fix\nthis potential issue by adding a check for that case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47757",
"url": "https://www.suse.com/security/cve/CVE-2024-47757"
},
{
"category": "external",
"summary": "SUSE Bug 1232187 for CVE-2024-47757",
"url": "https://bugzilla.suse.com/1232187"
},
{
"category": "external",
"summary": "SUSE Bug 1232188 for CVE-2024-47757",
"url": "https://bugzilla.suse.com/1232188"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-47757"
},
{
"cve": "CVE-2024-49850",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49850"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos\n\nIn case of malformed relocation record of kind BPF_CORE_TYPE_ID_LOCAL\nreferencing a non-existing BTF type, function bpf_core_calc_relo_insn\nwould cause a null pointer deference.\n\nFix this by adding a proper check upper in call stack, as malformed\nrelocation records could be passed from user space.\n\nSimplest reproducer is a program:\n\n r0 = 0\n exit\n\nWith a single relocation record:\n\n .insn_off = 0, /* patch first instruction */\n .type_id = 100500, /* this type id does not exist */\n .access_str_off = 6, /* offset of string \"0\" */\n .kind = BPF_CORE_TYPE_ID_LOCAL,\n\nSee the link for original reproducer or next commit for a test case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49850",
"url": "https://www.suse.com/security/cve/CVE-2024-49850"
},
{
"category": "external",
"summary": "SUSE Bug 1232189 for CVE-2024-49850",
"url": "https://bugzilla.suse.com/1232189"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49850"
},
{
"cve": "CVE-2024-49851",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49851"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: Clean up TPM space after command failure\n\ntpm_dev_transmit prepares the TPM space before attempting command\ntransmission. However if the command fails no rollback of this\npreparation is done. This can result in transient handles being leaked\nif the device is subsequently closed with no further commands performed.\n\nFix this by flushing the space in the event of command transmission\nfailure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49851",
"url": "https://www.suse.com/security/cve/CVE-2024-49851"
},
{
"category": "external",
"summary": "SUSE Bug 1232134 for CVE-2024-49851",
"url": "https://bugzilla.suse.com/1232134"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49851"
},
{
"cve": "CVE-2024-49852",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49852"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: elx: libefc: Fix potential use after free in efc_nport_vport_del()\n\nThe kref_put() function will call nport-\u003erelease if the refcount drops to\nzero. The nport-\u003erelease release function is _efc_nport_free() which frees\n\"nport\". But then we dereference \"nport\" on the next line which is a use\nafter free. Re-order these lines to avoid the use after free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49852",
"url": "https://www.suse.com/security/cve/CVE-2024-49852"
},
{
"category": "external",
"summary": "SUSE Bug 1232819 for CVE-2024-49852",
"url": "https://bugzilla.suse.com/1232819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49852"
},
{
"cve": "CVE-2024-49853",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49853"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_scmi: Fix double free in OPTEE transport\n\nChannels can be shared between protocols, avoid freeing the same channel\ndescriptors twice when unloading the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49853",
"url": "https://www.suse.com/security/cve/CVE-2024-49853"
},
{
"category": "external",
"summary": "SUSE Bug 1232192 for CVE-2024-49853",
"url": "https://bugzilla.suse.com/1232192"
},
{
"category": "external",
"summary": "SUSE Bug 1232828 for CVE-2024-49853",
"url": "https://bugzilla.suse.com/1232828"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-49853"
},
{
"cve": "CVE-2024-49855",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49855"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: fix race between timeout and normal completion\n\nIf request timetout is handled by nbd_requeue_cmd(), normal completion\nhas to be stopped for avoiding to complete this requeued request, other\nuse-after-free can be triggered.\n\nFix the race by clearing NBD_CMD_INFLIGHT in nbd_requeue_cmd(), meantime\nmake sure that cmd-\u003elock is grabbed for clearing the flag and the\nrequeue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49855",
"url": "https://www.suse.com/security/cve/CVE-2024-49855"
},
{
"category": "external",
"summary": "SUSE Bug 1232195 for CVE-2024-49855",
"url": "https://bugzilla.suse.com/1232195"
},
{
"category": "external",
"summary": "SUSE Bug 1232900 for CVE-2024-49855",
"url": "https://bugzilla.suse.com/1232900"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-49855"
},
{
"cve": "CVE-2024-49858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49858"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nefistub/tpm: Use ACPI reclaim memory for event log to avoid corruption\n\nThe TPM event log table is a Linux specific construct, where the data\nproduced by the GetEventLog() boot service is cached in memory, and\npassed on to the OS using an EFI configuration table.\n\nThe use of EFI_LOADER_DATA here results in the region being left\nunreserved in the E820 memory map constructed by the EFI stub, and this\nis the memory description that is passed on to the incoming kernel by\nkexec, which is therefore unaware that the region should be reserved.\n\nEven though the utility of the TPM2 event log after a kexec is\nquestionable, any corruption might send the parsing code off into the\nweeds and crash the kernel. So let\u0027s use EFI_ACPI_RECLAIM_MEMORY\ninstead, which is always treated as reserved by the E820 conversion\nlogic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49858",
"url": "https://www.suse.com/security/cve/CVE-2024-49858"
},
{
"category": "external",
"summary": "SUSE Bug 1232251 for CVE-2024-49858",
"url": "https://bugzilla.suse.com/1232251"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49858"
},
{
"cve": "CVE-2024-49860",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49860"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: sysfs: validate return type of _STR method\n\nOnly buffer objects are valid return values of _STR.\n\nIf something else is returned description_show() will access invalid\nmemory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49860",
"url": "https://www.suse.com/security/cve/CVE-2024-49860"
},
{
"category": "external",
"summary": "SUSE Bug 1231861 for CVE-2024-49860",
"url": "https://bugzilla.suse.com/1231861"
},
{
"category": "external",
"summary": "SUSE Bug 1231862 for CVE-2024-49860",
"url": "https://bugzilla.suse.com/1231862"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-49860"
},
{
"cve": "CVE-2024-49861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49861"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix helper writes to read-only maps\n\nLonial found an issue that despite user- and BPF-side frozen BPF map\n(like in case of .rodata), it was still possible to write into it from\na BPF program side through specific helpers having ARG_PTR_TO_{LONG,INT}\nas arguments.\n\nIn check_func_arg() when the argument is as mentioned, the meta-\u003eraw_mode\nis never set. Later, check_helper_mem_access(), under the case of\nPTR_TO_MAP_VALUE as register base type, it assumes BPF_READ for the\nsubsequent call to check_map_access_type() and given the BPF map is\nread-only it succeeds.\n\nThe helpers really need to be annotated as ARG_PTR_TO_{LONG,INT} | MEM_UNINIT\nwhen results are written into them as opposed to read out of them. The\nlatter indicates that it\u0027s okay to pass a pointer to uninitialized memory\nas the memory is written to anyway.\n\nHowever, ARG_PTR_TO_{LONG,INT} is a special case of ARG_PTR_TO_FIXED_SIZE_MEM\njust with additional alignment requirement. So it is better to just get\nrid of the ARG_PTR_TO_{LONG,INT} special cases altogether and reuse the\nfixed size memory types. For this, add MEM_ALIGNED to additionally ensure\nalignment given these helpers write directly into the args via *\u003cptr\u003e = val.\nThe .arg*_size has been initialized reflecting the actual sizeof(*\u003cptr\u003e).\n\nMEM_ALIGNED can only be used in combination with MEM_FIXED_SIZE annotated\nargument types, since in !MEM_FIXED_SIZE cases the verifier does not know\nthe buffer size a priori and therefore cannot blindly write *\u003cptr\u003e = val.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49861",
"url": "https://www.suse.com/security/cve/CVE-2024-49861"
},
{
"category": "external",
"summary": "SUSE Bug 1232254 for CVE-2024-49861",
"url": "https://bugzilla.suse.com/1232254"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49861"
},
{
"cve": "CVE-2024-49862",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49862"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowercap: intel_rapl: Fix off by one in get_rpi()\n\nThe rp-\u003epriv-\u003erpi array is either rpi_msr or rpi_tpmi which have\nNR_RAPL_PRIMITIVES number of elements. Thus the \u003e needs to be \u003e=\nto prevent an off by one access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49862",
"url": "https://www.suse.com/security/cve/CVE-2024-49862"
},
{
"category": "external",
"summary": "SUSE Bug 1231871 for CVE-2024-49862",
"url": "https://bugzilla.suse.com/1231871"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49862"
},
{
"cve": "CVE-2024-49863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49863"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost/scsi: null-ptr-dereference in vhost_scsi_get_req()\n\nSince commit 3f8ca2e115e5 (\"vhost/scsi: Extract common handling code\nfrom control queue handler\") a null pointer dereference bug can be\ntriggered when guest sends an SCSI AN request.\n\nIn vhost_scsi_ctl_handle_vq(), `vc.target` is assigned with\n`\u0026v_req.tmf.lun[1]` within a switch-case block and is then passed to\nvhost_scsi_get_req() which extracts `vc-\u003ereq` and `tpg`. However, for\na `VIRTIO_SCSI_T_AN_*` request, tpg is not required, so `vc.target` is\nset to NULL in this branch. Later, in vhost_scsi_get_req(),\n`vc-\u003etarget` is dereferenced without being checked, leading to a null\npointer dereference bug. This bug can be triggered from guest.\n\nWhen this bug occurs, the vhost_worker process is killed while holding\n`vq-\u003emutex` and the corresponding tpg will remain occupied\nindefinitely.\n\nBelow is the KASAN report:\nOops: general protection fault, probably for non-canonical address\n0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 1 PID: 840 Comm: poc Not tainted 6.10.0+ #1\nHardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS\n1.16.3-debian-1.16.3-2 04/01/2014\nRIP: 0010:vhost_scsi_get_req+0x165/0x3a0\nCode: 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 2b 02 00 00\n48 b8 00 00 00 00 00 fc ff df 4d 8b 65 30 4c 89 e2 48 c1 ea 03 \u003c0f\u003e b6\n04 02 4c 89 e2 83 e2 07 38 d0 7f 08 84 c0 0f 85 be 01 00 00\nRSP: 0018:ffff888017affb50 EFLAGS: 00010246\nRAX: dffffc0000000000 RBX: ffff88801b000000 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888017affcb8\nRBP: ffff888017affb80 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000\nR13: ffff888017affc88 R14: ffff888017affd1c R15: ffff888017993000\nFS: 000055556e076500(0000) GS:ffff88806b100000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000200027c0 CR3: 0000000010ed0004 CR4: 0000000000370ef0\nCall Trace:\n \u003cTASK\u003e\n ? show_regs+0x86/0xa0\n ? die_addr+0x4b/0xd0\n ? exc_general_protection+0x163/0x260\n ? asm_exc_general_protection+0x27/0x30\n ? vhost_scsi_get_req+0x165/0x3a0\n vhost_scsi_ctl_handle_vq+0x2a4/0xca0\n ? __pfx_vhost_scsi_ctl_handle_vq+0x10/0x10\n ? __switch_to+0x721/0xeb0\n ? __schedule+0xda5/0x5710\n ? __kasan_check_write+0x14/0x30\n ? _raw_spin_lock+0x82/0xf0\n vhost_scsi_ctl_handle_kick+0x52/0x90\n vhost_run_work_list+0x134/0x1b0\n vhost_task_fn+0x121/0x350\n...\n \u003c/TASK\u003e\n---[ end trace 0000000000000000 ]---\n\nLet\u0027s add a check in vhost_scsi_get_req.\n\n[whitespace fixes]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49863",
"url": "https://www.suse.com/security/cve/CVE-2024-49863"
},
{
"category": "external",
"summary": "SUSE Bug 1232255 for CVE-2024-49863",
"url": "https://bugzilla.suse.com/1232255"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49863"
},
{
"cve": "CVE-2024-49864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49864"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix a race between socket set up and I/O thread creation\n\nIn rxrpc_open_socket(), it sets up the socket and then sets up the I/O\nthread that will handle it. This is a problem, however, as there\u0027s a gap\nbetween the two phases in which a packet may come into rxrpc_encap_rcv()\nfrom the UDP packet but we oops when trying to wake the not-yet created I/O\nthread.\n\nAs a quick fix, just make rxrpc_encap_rcv() discard the packet if there\u0027s\nno I/O thread yet.\n\nA better, but more intrusive fix would perhaps be to rearrange things such\nthat the socket creation is done by the I/O thread.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49864",
"url": "https://www.suse.com/security/cve/CVE-2024-49864"
},
{
"category": "external",
"summary": "SUSE Bug 1232256 for CVE-2024-49864",
"url": "https://bugzilla.suse.com/1232256"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49864"
},
{
"cve": "CVE-2024-49866",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49866"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/timerlat: Fix a race during cpuhp processing\n\nThere is another found exception that the \"timerlat/1\" thread was\nscheduled on CPU0, and lead to timer corruption finally:\n\n```\nODEBUG: init active (active state 0) object: ffff888237c2e108 object type: hrtimer hint: timerlat_irq+0x0/0x220\nWARNING: CPU: 0 PID: 426 at lib/debugobjects.c:518 debug_print_object+0x7d/0xb0\nModules linked in:\nCPU: 0 UID: 0 PID: 426 Comm: timerlat/1 Not tainted 6.11.0-rc7+ #45\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\nRIP: 0010:debug_print_object+0x7d/0xb0\n...\nCall Trace:\n \u003cTASK\u003e\n ? __warn+0x7c/0x110\n ? debug_print_object+0x7d/0xb0\n ? report_bug+0xf1/0x1d0\n ? prb_read_valid+0x17/0x20\n ? handle_bug+0x3f/0x70\n ? exc_invalid_op+0x13/0x60\n ? asm_exc_invalid_op+0x16/0x20\n ? debug_print_object+0x7d/0xb0\n ? debug_print_object+0x7d/0xb0\n ? __pfx_timerlat_irq+0x10/0x10\n __debug_object_init+0x110/0x150\n hrtimer_init+0x1d/0x60\n timerlat_main+0xab/0x2d0\n ? __pfx_timerlat_main+0x10/0x10\n kthread+0xb7/0xe0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2d/0x40\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n```\n\nAfter tracing the scheduling event, it was discovered that the migration\nof the \"timerlat/1\" thread was performed during thread creation. Further\nanalysis confirmed that it is because the CPU online processing for\nosnoise is implemented through workers, which is asynchronous with the\noffline processing. When the worker was scheduled to create a thread, the\nCPU may has already been removed from the cpu_online_mask during the offline\nprocess, resulting in the inability to select the right CPU:\n\nT1 | T2\n[CPUHP_ONLINE] | cpu_device_down()\nosnoise_hotplug_workfn() |\n | cpus_write_lock()\n | takedown_cpu(1)\n | cpus_write_unlock()\n[CPUHP_OFFLINE] |\n cpus_read_lock() |\n start_kthread(1) |\n cpus_read_unlock() |\n\nTo fix this, skip online processing if the CPU is already offline.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49866",
"url": "https://www.suse.com/security/cve/CVE-2024-49866"
},
{
"category": "external",
"summary": "SUSE Bug 1232259 for CVE-2024-49866",
"url": "https://bugzilla.suse.com/1232259"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49866"
},
{
"cve": "CVE-2024-49867",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49867"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: wait for fixup workers before stopping cleaner kthread during umount\n\nDuring unmount, at close_ctree(), we have the following steps in this order:\n\n1) Park the cleaner kthread - this doesn\u0027t destroy the kthread, it basically\n halts its execution (wake ups against it work but do nothing);\n\n2) We stop the cleaner kthread - this results in freeing the respective\n struct task_struct;\n\n3) We call btrfs_stop_all_workers() which waits for any jobs running in all\n the work queues and then free the work queues.\n\nSyzbot reported a case where a fixup worker resulted in a crash when doing\na delayed iput on its inode while attempting to wake up the cleaner at\nbtrfs_add_delayed_iput(), because the task_struct of the cleaner kthread\nwas already freed. This can happen during unmount because we don\u0027t wait\nfor any fixup workers still running before we call kthread_stop() against\nthe cleaner kthread, which stops and free all its resources.\n\nFix this by waiting for any fixup workers at close_ctree() before we call\nkthread_stop() against the cleaner and run pending delayed iputs.\n\nThe stack traces reported by syzbot were the following:\n\n BUG: KASAN: slab-use-after-free in __lock_acquire+0x77/0x2050 kernel/locking/lockdep.c:5065\n Read of size 8 at addr ffff8880272a8a18 by task kworker/u8:3/52\n\n CPU: 1 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted 6.12.0-rc1-syzkaller #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\n Workqueue: btrfs-fixup btrfs_work_helper\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n __lock_acquire+0x77/0x2050 kernel/locking/lockdep.c:5065\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825\n __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]\n _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162\n class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:551 [inline]\n try_to_wake_up+0xb0/0x1480 kernel/sched/core.c:4154\n btrfs_writepage_fixup_worker+0xc16/0xdf0 fs/btrfs/inode.c:2842\n btrfs_work_helper+0x390/0xc50 fs/btrfs/async-thread.c:314\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\n Allocated by task 2:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n unpoison_slab_object mm/kasan/common.c:319 [inline]\n __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:345\n kasan_slab_alloc include/linux/kasan.h:247 [inline]\n slab_post_alloc_hook mm/slub.c:4086 [inline]\n slab_alloc_node mm/slub.c:4135 [inline]\n kmem_cache_alloc_node_noprof+0x16b/0x320 mm/slub.c:4187\n alloc_task_struct_node kernel/fork.c:180 [inline]\n dup_task_struct+0x57/0x8c0 kernel/fork.c:1107\n copy_process+0x5d1/0x3d50 kernel/fork.c:2206\n kernel_clone+0x223/0x880 kernel/fork.c:2787\n kernel_thread+0x1bc/0x240 kernel/fork.c:2849\n create_kthread kernel/kthread.c:412 [inline]\n kthreadd+0x60d/0x810 kernel/kthread.c:765\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\n Freed by task 61:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:230 [inline]\n slab_free_h\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49867",
"url": "https://www.suse.com/security/cve/CVE-2024-49867"
},
{
"category": "external",
"summary": "SUSE Bug 1232262 for CVE-2024-49867",
"url": "https://bugzilla.suse.com/1232262"
},
{
"category": "external",
"summary": "SUSE Bug 1232271 for CVE-2024-49867",
"url": "https://bugzilla.suse.com/1232271"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-49867"
},
{
"cve": "CVE-2024-49868",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49868"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix a NULL pointer dereference when failed to start a new trasacntion\n\n[BUG]\nSyzbot reported a NULL pointer dereference with the following crash:\n\n FAULT_INJECTION: forcing a failure.\n start_transaction+0x830/0x1670 fs/btrfs/transaction.c:676\n prepare_to_relocate+0x31f/0x4c0 fs/btrfs/relocation.c:3642\n relocate_block_group+0x169/0xd20 fs/btrfs/relocation.c:3678\n ...\n BTRFS info (device loop0): balance: ended with status: -12\n Oops: general protection fault, probably for non-canonical address 0xdffffc00000000cc: 0000 [#1] PREEMPT SMP KASAN NOPTI\n KASAN: null-ptr-deref in range [0x0000000000000660-0x0000000000000667]\n RIP: 0010:btrfs_update_reloc_root+0x362/0xa80 fs/btrfs/relocation.c:926\n Call Trace:\n \u003cTASK\u003e\n commit_fs_roots+0x2ee/0x720 fs/btrfs/transaction.c:1496\n btrfs_commit_transaction+0xfaf/0x3740 fs/btrfs/transaction.c:2430\n del_balance_item fs/btrfs/volumes.c:3678 [inline]\n reset_balance_state+0x25e/0x3c0 fs/btrfs/volumes.c:3742\n btrfs_balance+0xead/0x10c0 fs/btrfs/volumes.c:4574\n btrfs_ioctl_balance+0x493/0x7c0 fs/btrfs/ioctl.c:3673\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n[CAUSE]\nThe allocation failure happens at the start_transaction() inside\nprepare_to_relocate(), and during the error handling we call\nunset_reloc_control(), which makes fs_info-\u003ebalance_ctl to be NULL.\n\nThen we continue the error path cleanup in btrfs_balance() by calling\nreset_balance_state() which will call del_balance_item() to fully delete\nthe balance item in the root tree.\n\nHowever during the small window between set_reloc_contrl() and\nunset_reloc_control(), we can have a subvolume tree update and created a\nreloc_root for that subvolume.\n\nThen we go into the final btrfs_commit_transaction() of\ndel_balance_item(), and into btrfs_update_reloc_root() inside\ncommit_fs_roots().\n\nThat function checks if fs_info-\u003ereloc_ctl is in the merge_reloc_tree\nstage, but since fs_info-\u003ereloc_ctl is NULL, it results a NULL pointer\ndereference.\n\n[FIX]\nJust add extra check on fs_info-\u003ereloc_ctl inside\nbtrfs_update_reloc_root(), before checking\nfs_info-\u003ereloc_ctl-\u003emerge_reloc_tree.\n\nThat DEAD_RELOC_TREE handling is to prevent further modification to the\nreloc tree during merge stage, but since there is no reloc_ctl at all,\nwe do not need to bother that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49868",
"url": "https://www.suse.com/security/cve/CVE-2024-49868"
},
{
"category": "external",
"summary": "SUSE Bug 1232272 for CVE-2024-49868",
"url": "https://bugzilla.suse.com/1232272"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49868"
},
{
"cve": "CVE-2024-49870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49870"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: fix dentry leak in cachefiles_open_file()\n\nA dentry leak may be caused when a lookup cookie and a cull are concurrent:\n\n P1 | P2\n-----------------------------------------------------------\ncachefiles_lookup_cookie\n cachefiles_look_up_object\n lookup_one_positive_unlocked\n // get dentry\n cachefiles_cull\n inode-\u003ei_flags |= S_KERNEL_FILE;\n cachefiles_open_file\n cachefiles_mark_inode_in_use\n __cachefiles_mark_inode_in_use\n can_use = false\n if (!(inode-\u003ei_flags \u0026 S_KERNEL_FILE))\n can_use = true\n\t return false\n return false\n // Returns an error but doesn\u0027t put dentry\n\nAfter that the following WARNING will be triggered when the backend folder\nis umounted:\n\n==================================================================\nBUG: Dentry 000000008ad87947{i=7a,n=Dx_1_1.img} still in use (1) [unmount of ext4 sda]\nWARNING: CPU: 4 PID: 359261 at fs/dcache.c:1767 umount_check+0x5d/0x70\nCPU: 4 PID: 359261 Comm: umount Not tainted 6.6.0-dirty #25\nRIP: 0010:umount_check+0x5d/0x70\nCall Trace:\n \u003cTASK\u003e\n d_walk+0xda/0x2b0\n do_one_tree+0x20/0x40\n shrink_dcache_for_umount+0x2c/0x90\n generic_shutdown_super+0x20/0x160\n kill_block_super+0x1a/0x40\n ext4_kill_sb+0x22/0x40\n deactivate_locked_super+0x35/0x80\n cleanup_mnt+0x104/0x160\n==================================================================\n\nWhether cachefiles_open_file() returns true or false, the reference count\nobtained by lookup_positive_unlocked() in cachefiles_look_up_object()\nshould be released.\n\nTherefore release that reference count in cachefiles_look_up_object() to\nfix the above issue and simplify the code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49870",
"url": "https://www.suse.com/security/cve/CVE-2024-49870"
},
{
"category": "external",
"summary": "SUSE Bug 1232279 for CVE-2024-49870",
"url": "https://bugzilla.suse.com/1232279"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49870"
},
{
"cve": "CVE-2024-49871",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49871"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: adp5589-keys - fix NULL pointer dereference\n\nWe register a devm action to call adp5589_clear_config() and then pass\nthe i2c client as argument so that we can call i2c_get_clientdata() in\norder to get our device object. However, i2c_set_clientdata() is only\nbeing set at the end of the probe function which means that we\u0027ll get a\nNULL pointer dereference in case the probe function fails early.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49871",
"url": "https://www.suse.com/security/cve/CVE-2024-49871"
},
{
"category": "external",
"summary": "SUSE Bug 1232287 for CVE-2024-49871",
"url": "https://bugzilla.suse.com/1232287"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49871"
},
{
"cve": "CVE-2024-49874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49874"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: master: svc: Fix use after free vulnerability in svc_i3c_master Driver Due to Race Condition\n\nIn the svc_i3c_master_probe function, \u0026master-\u003ehj_work is bound with\nsvc_i3c_master_hj_work, \u0026master-\u003eibi_work is bound with\nsvc_i3c_master_ibi_work. And svc_i3c_master_ibi_work can start the\nhj_work, svc_i3c_master_irq_handler can start the ibi_work.\n\nIf we remove the module which will call svc_i3c_master_remove to\nmake cleanup, it will free master-\u003ebase through i3c_master_unregister\nwhile the work mentioned above will be used. The sequence of operations\nthat may lead to a UAF bug is as follows:\n\nCPU0 CPU1\n\n | svc_i3c_master_hj_work\nsvc_i3c_master_remove |\ni3c_master_unregister(\u0026master-\u003ebase)|\ndevice_unregister(\u0026master-\u003edev) |\ndevice_release |\n//free master-\u003ebase |\n | i3c_master_do_daa(\u0026master-\u003ebase)\n | //use master-\u003ebase\n\nFix it by ensuring that the work is canceled before proceeding with the\ncleanup in svc_i3c_master_remove.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49874",
"url": "https://www.suse.com/security/cve/CVE-2024-49874"
},
{
"category": "external",
"summary": "SUSE Bug 1232295 for CVE-2024-49874",
"url": "https://bugzilla.suse.com/1232295"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49874"
},
{
"cve": "CVE-2024-49875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49875"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: map the EBADMSG to nfserr_io to avoid warning\n\nExt4 will throw -EBADMSG through ext4_readdir when a checksum error\noccurs, resulting in the following WARNING.\n\nFix it by mapping EBADMSG to nfserr_io.\n\nnfsd_buffered_readdir\n iterate_dir // -EBADMSG -74\n ext4_readdir // .iterate_shared\n ext4_dx_readdir\n ext4_htree_fill_tree\n htree_dirblock_to_tree\n ext4_read_dirblock\n __ext4_read_dirblock\n ext4_dirblock_csum_verify\n warn_no_space_for_csum\n __warn_no_space_for_csum\n return ERR_PTR(-EFSBADCRC) // -EBADMSG -74\n nfserrno // WARNING\n\n[ 161.115610] ------------[ cut here ]------------\n[ 161.116465] nfsd: non-standard errno: -74\n[ 161.117315] WARNING: CPU: 1 PID: 780 at fs/nfsd/nfsproc.c:878 nfserrno+0x9d/0xd0\n[ 161.118596] Modules linked in:\n[ 161.119243] CPU: 1 PID: 780 Comm: nfsd Not tainted 5.10.0-00014-g79679361fd5d #138\n[ 161.120684] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qe\nmu.org 04/01/2014\n[ 161.123601] RIP: 0010:nfserrno+0x9d/0xd0\n[ 161.124676] Code: 0f 87 da 30 dd 00 83 e3 01 b8 00 00 00 05 75 d7 44 89 ee 48 c7 c7 c0 57 24 98 89 44 24 04 c6\n 05 ce 2b 61 03 01 e8 99 20 d8 00 \u003c0f\u003e 0b 8b 44 24 04 eb b5 4c 89 e6 48 c7 c7 a0 6d a4 99 e8 cc 15 33\n[ 161.127797] RSP: 0018:ffffc90000e2f9c0 EFLAGS: 00010286\n[ 161.128794] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000\n[ 161.130089] RDX: 1ffff1103ee16f6d RSI: 0000000000000008 RDI: fffff520001c5f2a\n[ 161.131379] RBP: 0000000000000022 R08: 0000000000000001 R09: ffff8881f70c1827\n[ 161.132664] R10: ffffed103ee18304 R11: 0000000000000001 R12: 0000000000000021\n[ 161.133949] R13: 00000000ffffffb6 R14: ffff8881317c0000 R15: ffffc90000e2fbd8\n[ 161.135244] FS: 0000000000000000(0000) GS:ffff8881f7080000(0000) knlGS:0000000000000000\n[ 161.136695] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 161.137761] CR2: 00007fcaad70b348 CR3: 0000000144256006 CR4: 0000000000770ee0\n[ 161.139041] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 161.140291] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 161.141519] PKRU: 55555554\n[ 161.142076] Call Trace:\n[ 161.142575] ? __warn+0x9b/0x140\n[ 161.143229] ? nfserrno+0x9d/0xd0\n[ 161.143872] ? report_bug+0x125/0x150\n[ 161.144595] ? handle_bug+0x41/0x90\n[ 161.145284] ? exc_invalid_op+0x14/0x70\n[ 161.146009] ? asm_exc_invalid_op+0x12/0x20\n[ 161.146816] ? nfserrno+0x9d/0xd0\n[ 161.147487] nfsd_buffered_readdir+0x28b/0x2b0\n[ 161.148333] ? nfsd4_encode_dirent_fattr+0x380/0x380\n[ 161.149258] ? nfsd_buffered_filldir+0xf0/0xf0\n[ 161.150093] ? wait_for_concurrent_writes+0x170/0x170\n[ 161.151004] ? generic_file_llseek_size+0x48/0x160\n[ 161.151895] nfsd_readdir+0x132/0x190\n[ 161.152606] ? nfsd4_encode_dirent_fattr+0x380/0x380\n[ 161.153516] ? nfsd_unlink+0x380/0x380\n[ 161.154256] ? override_creds+0x45/0x60\n[ 161.155006] nfsd4_encode_readdir+0x21a/0x3d0\n[ 161.155850] ? nfsd4_encode_readlink+0x210/0x210\n[ 161.156731] ? write_bytes_to_xdr_buf+0x97/0xe0\n[ 161.157598] ? __write_bytes_to_xdr_buf+0xd0/0xd0\n[ 161.158494] ? lock_downgrade+0x90/0x90\n[ 161.159232] ? nfs4svc_decode_voidarg+0x10/0x10\n[ 161.160092] nfsd4_encode_operation+0x15a/0x440\n[ 161.160959] nfsd4_proc_compound+0x718/0xe90\n[ 161.161818] nfsd_dispatch+0x18e/0x2c0\n[ 161.162586] svc_process_common+0x786/0xc50\n[ 161.163403] ? nfsd_svc+0x380/0x380\n[ 161.164137] ? svc_printk+0x160/0x160\n[ 161.164846] ? svc_xprt_do_enqueue.part.0+0x365/0x380\n[ 161.165808] ? nfsd_svc+0x380/0x380\n[ 161.166523] ? rcu_is_watching+0x23/0x40\n[ 161.167309] svc_process+0x1a5/0x200\n[ 161.168019] nfsd+0x1f5/0x380\n[ 161.168663] ? nfsd_shutdown_threads+0x260/0x260\n[ 161.169554] kthread+0x1c4/0x210\n[ 161.170224] ? kthread_insert_work_sanity_check+0x80/0x80\n[ 161.171246] ret_from_fork+0x1f/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49875",
"url": "https://www.suse.com/security/cve/CVE-2024-49875"
},
{
"category": "external",
"summary": "SUSE Bug 1232333 for CVE-2024-49875",
"url": "https://bugzilla.suse.com/1232333"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49875"
},
{
"cve": "CVE-2024-49877",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49877"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate\n\nWhen doing cleanup, if flags without OCFS2_BH_READAHEAD, it may trigger\nNULL pointer dereference in the following ocfs2_set_buffer_uptodate() if\nbh is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49877",
"url": "https://www.suse.com/security/cve/CVE-2024-49877"
},
{
"category": "external",
"summary": "SUSE Bug 1232339 for CVE-2024-49877",
"url": "https://bugzilla.suse.com/1232339"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49877"
},
{
"cve": "CVE-2024-49878",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49878"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nresource: fix region_intersects() vs add_memory_driver_managed()\n\nOn a system with CXL memory, the resource tree (/proc/iomem) related to\nCXL memory may look like something as follows.\n\n490000000-50fffffff : CXL Window 0\n 490000000-50fffffff : region0\n 490000000-50fffffff : dax0.0\n 490000000-50fffffff : System RAM (kmem)\n\nBecause drivers/dax/kmem.c calls add_memory_driver_managed() during\nonlining CXL memory, which makes \"System RAM (kmem)\" a descendant of \"CXL\nWindow X\". This confuses region_intersects(), which expects all \"System\nRAM\" resources to be at the top level of iomem_resource. This can lead to\nbugs.\n\nFor example, when the following command line is executed to write some\nmemory in CXL memory range via /dev/mem,\n\n $ dd if=data of=/dev/mem bs=$((1 \u003c\u003c 10)) seek=$((0x490000000 \u003e\u003e 10)) count=1\n dd: error writing \u0027/dev/mem\u0027: Bad address\n 1+0 records in\n 0+0 records out\n 0 bytes copied, 0.0283507 s, 0.0 kB/s\n\nthe command fails as expected. However, the error code is wrong. It\nshould be \"Operation not permitted\" instead of \"Bad address\". More\nseriously, the /dev/mem permission checking in devmem_is_allowed() passes\nincorrectly. Although the accessing is prevented later because ioremap()\nisn\u0027t allowed to map system RAM, it is a potential security issue. During\ncommand executing, the following warning is reported in the kernel log for\ncalling ioremap() on system RAM.\n\n ioremap on RAM at 0x0000000490000000 - 0x0000000490000fff\n WARNING: CPU: 2 PID: 416 at arch/x86/mm/ioremap.c:216 __ioremap_caller.constprop.0+0x131/0x35d\n Call Trace:\n memremap+0xcb/0x184\n xlate_dev_mem_ptr+0x25/0x2f\n write_mem+0x94/0xfb\n vfs_write+0x128/0x26d\n ksys_write+0xac/0xfe\n do_syscall_64+0x9a/0xfd\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nThe details of command execution process are as follows. In the above\nresource tree, \"System RAM\" is a descendant of \"CXL Window 0\" instead of a\ntop level resource. So, region_intersects() will report no System RAM\nresources in the CXL memory region incorrectly, because it only checks the\ntop level resources. Consequently, devmem_is_allowed() will return 1\n(allow access via /dev/mem) for CXL memory region incorrectly. \nFortunately, ioremap() doesn\u0027t allow to map System RAM and reject the\naccess.\n\nSo, region_intersects() needs to be fixed to work correctly with the\nresource tree with \"System RAM\" not at top level as above. To fix it, if\nwe found a unmatched resource in the top level, we will continue to search\nmatched resources in its descendant resources. So, we will not miss any\nmatched resources in resource tree anymore.\n\nIn the new implementation, an example resource tree\n\n|------------- \"CXL Window 0\" ------------|\n|-- \"System RAM\" --|\n\nwill behave similar as the following fake resource tree for\nregion_intersects(, IORESOURCE_SYSTEM_RAM, ),\n\n|-- \"System RAM\" --||-- \"CXL Window 0a\" --|\n\nWhere \"CXL Window 0a\" is part of the original \"CXL Window 0\" that\nisn\u0027t covered by \"System RAM\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49878",
"url": "https://www.suse.com/security/cve/CVE-2024-49878"
},
{
"category": "external",
"summary": "SUSE Bug 1232340 for CVE-2024-49878",
"url": "https://bugzilla.suse.com/1232340"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49878"
},
{
"cve": "CVE-2024-49879",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49879"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: omapdrm: Add missing check for alloc_ordered_workqueue\n\nAs it may return NULL pointer and cause NULL pointer dereference. Add check\nfor the return value of alloc_ordered_workqueue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49879",
"url": "https://www.suse.com/security/cve/CVE-2024-49879"
},
{
"category": "external",
"summary": "SUSE Bug 1232349 for CVE-2024-49879",
"url": "https://bugzilla.suse.com/1232349"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49879"
},
{
"cve": "CVE-2024-49881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49881"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: update orig_path in ext4_find_extent()\n\nIn ext4_find_extent(), if the path is not big enough, we free it and set\n*orig_path to NULL. But after reallocating and successfully initializing\nthe path, we don\u0027t update *orig_path, in which case the caller gets a\nvalid path but a NULL ppath, and this may cause a NULL pointer dereference\nor a path memory leak. For example:\n\next4_split_extent\n path = *ppath = 2000\n ext4_find_extent\n if (depth \u003e path[0].p_maxdepth)\n kfree(path = 2000);\n *orig_path = path = NULL;\n path = kcalloc() = 3000\n ext4_split_extent_at(*ppath = NULL)\n path = *ppath;\n ex = path[depth].p_ext;\n // NULL pointer dereference!\n\n==================================================================\nBUG: kernel NULL pointer dereference, address: 0000000000000010\nCPU: 6 UID: 0 PID: 576 Comm: fsstress Not tainted 6.11.0-rc2-dirty #847\nRIP: 0010:ext4_split_extent_at+0x6d/0x560\nCall Trace:\n \u003cTASK\u003e\n ext4_split_extent.isra.0+0xcb/0x1b0\n ext4_ext_convert_to_initialized+0x168/0x6c0\n ext4_ext_handle_unwritten_extents+0x325/0x4d0\n ext4_ext_map_blocks+0x520/0xdb0\n ext4_map_blocks+0x2b0/0x690\n ext4_iomap_begin+0x20e/0x2c0\n[...]\n==================================================================\n\nTherefore, *orig_path is updated when the extent lookup succeeds, so that\nthe caller can safely use path or *ppath.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49881",
"url": "https://www.suse.com/security/cve/CVE-2024-49881"
},
{
"category": "external",
"summary": "SUSE Bug 1232201 for CVE-2024-49881",
"url": "https://bugzilla.suse.com/1232201"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49881"
},
{
"cve": "CVE-2024-49882",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49882"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix double brelse() the buffer of the extents path\n\nIn ext4_ext_try_to_merge_up(), set path[1].p_bh to NULL after it has been\nreleased, otherwise it may be released twice. An example of what triggers\nthis is as follows:\n\n split2 map split1\n|--------|-------|--------|\n\next4_ext_map_blocks\n ext4_ext_handle_unwritten_extents\n ext4_split_convert_extents\n // path-\u003ep_depth == 0\n ext4_split_extent\n // 1. do split1\n ext4_split_extent_at\n |ext4_ext_insert_extent\n | ext4_ext_create_new_leaf\n | ext4_ext_grow_indepth\n | le16_add_cpu(\u0026neh-\u003eeh_depth, 1)\n | ext4_find_extent\n | // return -ENOMEM\n |// get error and try zeroout\n |path = ext4_find_extent\n | path-\u003ep_depth = 1\n |ext4_ext_try_to_merge\n | ext4_ext_try_to_merge_up\n | path-\u003ep_depth = 0\n | brelse(path[1].p_bh) ---\u003e not set to NULL here\n |// zeroout success\n // 2. update path\n ext4_find_extent\n // 3. do split2\n ext4_split_extent_at\n ext4_ext_insert_extent\n ext4_ext_create_new_leaf\n ext4_ext_grow_indepth\n le16_add_cpu(\u0026neh-\u003eeh_depth, 1)\n ext4_find_extent\n path[0].p_bh = NULL;\n path-\u003ep_depth = 1\n read_extent_tree_block ---\u003e return err\n // path[1].p_bh is still the old value\n ext4_free_ext_path\n ext4_ext_drop_refs\n // path-\u003ep_depth == 1\n brelse(path[1].p_bh) ---\u003e brelse a buffer twice\n\nFinally got the following WARRNING when removing the buffer from lru:\n\n============================================\nVFS: brelse: Trying to free free buffer\nWARNING: CPU: 2 PID: 72 at fs/buffer.c:1241 __brelse+0x58/0x90\nCPU: 2 PID: 72 Comm: kworker/u19:1 Not tainted 6.9.0-dirty #716\nRIP: 0010:__brelse+0x58/0x90\nCall Trace:\n \u003cTASK\u003e\n __find_get_block+0x6e7/0x810\n bdev_getblk+0x2b/0x480\n __ext4_get_inode_loc+0x48a/0x1240\n ext4_get_inode_loc+0xb2/0x150\n ext4_reserve_inode_write+0xb7/0x230\n __ext4_mark_inode_dirty+0x144/0x6a0\n ext4_ext_insert_extent+0x9c8/0x3230\n ext4_ext_map_blocks+0xf45/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n============================================",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49882",
"url": "https://www.suse.com/security/cve/CVE-2024-49882"
},
{
"category": "external",
"summary": "SUSE Bug 1232200 for CVE-2024-49882",
"url": "https://bugzilla.suse.com/1232200"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49882"
},
{
"cve": "CVE-2024-49883",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49883"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: aovid use-after-free in ext4_ext_insert_extent()\n\nAs Ojaswin mentioned in Link, in ext4_ext_insert_extent(), if the path is\nreallocated in ext4_ext_create_new_leaf(), we\u0027ll use the stale path and\ncause UAF. Below is a sample trace with dummy values:\n\next4_ext_insert_extent\n path = *ppath = 2000\n ext4_ext_create_new_leaf(ppath)\n ext4_find_extent(ppath)\n path = *ppath = 2000\n if (depth \u003e path[0].p_maxdepth)\n kfree(path = 2000);\n *ppath = path = NULL;\n path = kcalloc() = 3000\n *ppath = 3000;\n return path;\n /* here path is still 2000, UAF! */\n eh = path[depth].p_hdr\n\n==================================================================\nBUG: KASAN: slab-use-after-free in ext4_ext_insert_extent+0x26d4/0x3330\nRead of size 8 at addr ffff8881027bf7d0 by task kworker/u36:1/179\nCPU: 3 UID: 0 PID: 179 Comm: kworker/u6:1 Not tainted 6.11.0-rc2-dirty #866\nCall Trace:\n \u003cTASK\u003e\n ext4_ext_insert_extent+0x26d4/0x3330\n ext4_ext_map_blocks+0xe22/0x2d40\n ext4_map_blocks+0x71e/0x1700\n ext4_do_writepages+0x1290/0x2800\n[...]\n\nAllocated by task 179:\n ext4_find_extent+0x81c/0x1f70\n ext4_ext_map_blocks+0x146/0x2d40\n ext4_map_blocks+0x71e/0x1700\n ext4_do_writepages+0x1290/0x2800\n ext4_writepages+0x26d/0x4e0\n do_writepages+0x175/0x700\n[...]\n\nFreed by task 179:\n kfree+0xcb/0x240\n ext4_find_extent+0x7c0/0x1f70\n ext4_ext_insert_extent+0xa26/0x3330\n ext4_ext_map_blocks+0xe22/0x2d40\n ext4_map_blocks+0x71e/0x1700\n ext4_do_writepages+0x1290/0x2800\n ext4_writepages+0x26d/0x4e0\n do_writepages+0x175/0x700\n[...]\n==================================================================\n\nSo use *ppath to update the path to avoid the above problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49883",
"url": "https://www.suse.com/security/cve/CVE-2024-49883"
},
{
"category": "external",
"summary": "SUSE Bug 1232199 for CVE-2024-49883",
"url": "https://bugzilla.suse.com/1232199"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49883"
},
{
"cve": "CVE-2024-49884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49884"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix slab-use-after-free in ext4_split_extent_at()\n\nWe hit the following use-after-free:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in ext4_split_extent_at+0xba8/0xcc0\nRead of size 2 at addr ffff88810548ed08 by task kworker/u20:0/40\nCPU: 0 PID: 40 Comm: kworker/u20:0 Not tainted 6.9.0-dirty #724\nCall Trace:\n \u003cTASK\u003e\n kasan_report+0x93/0xc0\n ext4_split_extent_at+0xba8/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nAllocated by task 40:\n __kmalloc_noprof+0x1ac/0x480\n ext4_find_extent+0xf3b/0x1e70\n ext4_ext_map_blocks+0x188/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nFreed by task 40:\n kfree+0xf1/0x2b0\n ext4_find_extent+0xa71/0x1e70\n ext4_ext_insert_extent+0xa22/0x3260\n ext4_split_extent_at+0x3ef/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n==================================================================\n\nThe flow of issue triggering is as follows:\n\next4_split_extent_at\n path = *ppath\n ext4_ext_insert_extent(ppath)\n ext4_ext_create_new_leaf(ppath)\n ext4_find_extent(orig_path)\n path = *orig_path\n read_extent_tree_block\n // return -ENOMEM or -EIO\n ext4_free_ext_path(path)\n kfree(path)\n *orig_path = NULL\n a. If err is -ENOMEM:\n ext4_ext_dirty(path + path-\u003ep_depth)\n // path use-after-free !!!\n b. If err is -EIO and we have EXT_DEBUG defined:\n ext4_ext_show_leaf(path)\n eh = path[depth].p_hdr\n // path also use-after-free !!!\n\nSo when trying to zeroout or fix the extent length, call ext4_find_extent()\nto update the path.\n\nIn addition we use *ppath directly as an ext4_ext_show_leaf() input to\navoid possible use-after-free when EXT_DEBUG is defined, and to avoid\nunnecessary path updates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49884",
"url": "https://www.suse.com/security/cve/CVE-2024-49884"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-49884",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232198 for CVE-2024-49884",
"url": "https://bugzilla.suse.com/1232198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49884"
},
{
"cve": "CVE-2024-49886",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49886"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug\n\nAttaching SST PCI device to VM causes \"BUG: KASAN: slab-out-of-bounds\".\nkasan report:\n[ 19.411889] ==================================================================\n[ 19.413702] BUG: KASAN: slab-out-of-bounds in _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common]\n[ 19.415634] Read of size 8 at addr ffff888829e65200 by task cpuhp/16/113\n[ 19.417368]\n[ 19.418627] CPU: 16 PID: 113 Comm: cpuhp/16 Tainted: G E 6.9.0 #10\n[ 19.420435] Hardware name: VMware, Inc. VMware20,1/440BX Desktop Reference Platform, BIOS VMW201.00V.20192059.B64.2207280713 07/28/2022\n[ 19.422687] Call Trace:\n[ 19.424091] \u003cTASK\u003e\n[ 19.425448] dump_stack_lvl+0x5d/0x80\n[ 19.426963] ? _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common]\n[ 19.428694] print_report+0x19d/0x52e\n[ 19.430206] ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n[ 19.431837] ? _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common]\n[ 19.433539] kasan_report+0xf0/0x170\n[ 19.435019] ? _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common]\n[ 19.436709] _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common]\n[ 19.438379] ? __pfx_sched_clock_cpu+0x10/0x10\n[ 19.439910] isst_if_cpu_online+0x406/0x58f [isst_if_common]\n[ 19.441573] ? __pfx_isst_if_cpu_online+0x10/0x10 [isst_if_common]\n[ 19.443263] ? ttwu_queue_wakelist+0x2c1/0x360\n[ 19.444797] cpuhp_invoke_callback+0x221/0xec0\n[ 19.446337] cpuhp_thread_fun+0x21b/0x610\n[ 19.447814] ? __pfx_cpuhp_thread_fun+0x10/0x10\n[ 19.449354] smpboot_thread_fn+0x2e7/0x6e0\n[ 19.450859] ? __pfx_smpboot_thread_fn+0x10/0x10\n[ 19.452405] kthread+0x29c/0x350\n[ 19.453817] ? __pfx_kthread+0x10/0x10\n[ 19.455253] ret_from_fork+0x31/0x70\n[ 19.456685] ? __pfx_kthread+0x10/0x10\n[ 19.458114] ret_from_fork_asm+0x1a/0x30\n[ 19.459573] \u003c/TASK\u003e\n[ 19.460853]\n[ 19.462055] Allocated by task 1198:\n[ 19.463410] kasan_save_stack+0x30/0x50\n[ 19.464788] kasan_save_track+0x14/0x30\n[ 19.466139] __kasan_kmalloc+0xaa/0xb0\n[ 19.467465] __kmalloc+0x1cd/0x470\n[ 19.468748] isst_if_cdev_register+0x1da/0x350 [isst_if_common]\n[ 19.470233] isst_if_mbox_init+0x108/0xff0 [isst_if_mbox_msr]\n[ 19.471670] do_one_initcall+0xa4/0x380\n[ 19.472903] do_init_module+0x238/0x760\n[ 19.474105] load_module+0x5239/0x6f00\n[ 19.475285] init_module_from_file+0xd1/0x130\n[ 19.476506] idempotent_init_module+0x23b/0x650\n[ 19.477725] __x64_sys_finit_module+0xbe/0x130\n[ 19.476506] idempotent_init_module+0x23b/0x650\n[ 19.477725] __x64_sys_finit_module+0xbe/0x130\n[ 19.478920] do_syscall_64+0x82/0x160\n[ 19.480036] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 19.481292]\n[ 19.482205] The buggy address belongs to the object at ffff888829e65000\n which belongs to the cache kmalloc-512 of size 512\n[ 19.484818] The buggy address is located 0 bytes to the right of\n allocated 512-byte region [ffff888829e65000, ffff888829e65200)\n[ 19.487447]\n[ 19.488328] The buggy address belongs to the physical page:\n[ 19.489569] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888829e60c00 pfn:0x829e60\n[ 19.491140] head: order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0\n[ 19.492466] anon flags: 0x57ffffc0000840(slab|head|node=1|zone=2|lastcpupid=0x1fffff)\n[ 19.493914] page_type: 0xffffffff()\n[ 19.494988] raw: 0057ffffc0000840 ffff88810004cc80 0000000000000000 0000000000000001\n[ 19.496451] raw: ffff888829e60c00 0000000080200018 00000001ffffffff 0000000000000000\n[ 19.497906] head: 0057ffffc0000840 ffff88810004cc80 0000000000000000 0000000000000001\n[ 19.499379] head: ffff888829e60c00 0000000080200018 00000001ffffffff 0000000000000000\n[ 19.500844] head: 0057ffffc0000003 ffffea0020a79801 ffffea0020a79848 00000000ffffffff\n[ 19.502316] head: 0000000800000000 0000000000000000 00000000ffffffff 0000000000000000\n[ 19.503784] page dumped because: k\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49886",
"url": "https://www.suse.com/security/cve/CVE-2024-49886"
},
{
"category": "external",
"summary": "SUSE Bug 1232196 for CVE-2024-49886",
"url": "https://bugzilla.suse.com/1232196"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49886"
},
{
"cve": "CVE-2024-49888",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49888"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a sdiv overflow issue\n\nZac Ecob reported a problem where a bpf program may cause kernel crash due\nto the following error:\n Oops: divide error: 0000 [#1] PREEMPT SMP KASAN PTI\n\nThe failure is due to the below signed divide:\n LLONG_MIN/-1 where LLONG_MIN equals to -9,223,372,036,854,775,808.\nLLONG_MIN/-1 is supposed to give a positive number 9,223,372,036,854,775,808,\nbut it is impossible since for 64-bit system, the maximum positive\nnumber is 9,223,372,036,854,775,807. On x86_64, LLONG_MIN/-1 will\ncause a kernel exception. On arm64, the result for LLONG_MIN/-1 is\nLLONG_MIN.\n\nFurther investigation found all the following sdiv/smod cases may trigger\nan exception when bpf program is running on x86_64 platform:\n - LLONG_MIN/-1 for 64bit operation\n - INT_MIN/-1 for 32bit operation\n - LLONG_MIN%-1 for 64bit operation\n - INT_MIN%-1 for 32bit operation\nwhere -1 can be an immediate or in a register.\n\nOn arm64, there are no exceptions:\n - LLONG_MIN/-1 = LLONG_MIN\n - INT_MIN/-1 = INT_MIN\n - LLONG_MIN%-1 = 0\n - INT_MIN%-1 = 0\nwhere -1 can be an immediate or in a register.\n\nInsn patching is needed to handle the above cases and the patched codes\nproduced results aligned with above arm64 result. The below are pseudo\ncodes to handle sdiv/smod exceptions including both divisor -1 and divisor 0\nand the divisor is stored in a register.\n\nsdiv:\n tmp = rX\n tmp += 1 /* [-1, 0] -\u003e [0, 1]\n if tmp \u003e(unsigned) 1 goto L2\n if tmp == 0 goto L1\n rY = 0\n L1:\n rY = -rY;\n goto L3\n L2:\n rY /= rX\n L3:\n\nsmod:\n tmp = rX\n tmp += 1 /* [-1, 0] -\u003e [0, 1]\n if tmp \u003e(unsigned) 1 goto L1\n if tmp == 1 (is64 ? goto L2 : goto L3)\n rY = 0;\n goto L2\n L1:\n rY %= rX\n L2:\n goto L4 // only when !is64\n L3:\n wY = wY // only when !is64\n L4:\n\n [1] https://lore.kernel.org/bpf/tPJLTEh7S_DxFEqAI2Ji5MBSoZVg7_G-Py2iaZpAaWtM961fFTWtsnlzwvTbzBzaUzwQAoNATXKUlt0LZOFgnDcIyKCswAnAGdUF3LBrhGQ=@protonmail.com/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49888",
"url": "https://www.suse.com/security/cve/CVE-2024-49888"
},
{
"category": "external",
"summary": "SUSE Bug 1232208 for CVE-2024-49888",
"url": "https://bugzilla.suse.com/1232208"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49888"
},
{
"cve": "CVE-2024-49890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49890"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: ensure the fw_info is not null before using it\n\nThis resolves the dereference null return value warning\nreported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49890",
"url": "https://www.suse.com/security/cve/CVE-2024-49890"
},
{
"category": "external",
"summary": "SUSE Bug 1232217 for CVE-2024-49890",
"url": "https://bugzilla.suse.com/1232217"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49890"
},
{
"cve": "CVE-2024-49891",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49891"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths\n\nWhen the HBA is undergoing a reset or is handling an errata event, NULL ptr\ndereference crashes may occur in routines such as\nlpfc_sli_flush_io_rings(), lpfc_dev_loss_tmo_callbk(), or\nlpfc_abort_handler().\n\nAdd NULL ptr checks before dereferencing hdwq pointers that may have been\nfreed due to operations colliding with a reset or errata event handler.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49891",
"url": "https://www.suse.com/security/cve/CVE-2024-49891"
},
{
"category": "external",
"summary": "SUSE Bug 1232218 for CVE-2024-49891",
"url": "https://bugzilla.suse.com/1232218"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49891"
},
{
"cve": "CVE-2024-49892",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49892"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Initialize get_bytes_per_element\u0027s default to 1\n\nVariables, used as denominators and maybe not assigned to other values,\nshould not be 0. bytes_per_element_y \u0026 bytes_per_element_c are\ninitialized by get_bytes_per_element() which should never return 0.\n\nThis fixes 10 DIVIDE_BY_ZERO issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49892",
"url": "https://www.suse.com/security/cve/CVE-2024-49892"
},
{
"category": "external",
"summary": "SUSE Bug 1232220 for CVE-2024-49892",
"url": "https://bugzilla.suse.com/1232220"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49892"
},
{
"cve": "CVE-2024-49894",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49894"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix index out of bounds in degamma hardware format translation\n\nFixes index out of bounds issue in\n`cm_helper_translate_curve_to_degamma_hw_format` function. The issue\ncould occur when the index \u0027i\u0027 exceeds the number of transfer function\npoints (TRANSFER_FUNC_POINTS).\n\nThe fix adds a check to ensure \u0027i\u0027 is within bounds before accessing the\ntransfer function points. If \u0027i\u0027 is out of bounds the function returns\nfalse to indicate an error.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:594 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.red\u0027 1025 \u003c= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:595 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.green\u0027 1025 \u003c= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:596 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.blue\u0027 1025 \u003c= s32max",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49894",
"url": "https://www.suse.com/security/cve/CVE-2024-49894"
},
{
"category": "external",
"summary": "SUSE Bug 1232354 for CVE-2024-49894",
"url": "https://bugzilla.suse.com/1232354"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49894"
},
{
"cve": "CVE-2024-49895",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49895"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation\n\nThis commit addresses a potential index out of bounds issue in the\n`cm3_helper_translate_curve_to_degamma_hw_format` function in the DCN30\ncolor management module. The issue could occur when the index \u0027i\u0027\nexceeds the number of transfer function points (TRANSFER_FUNC_POINTS).\n\nThe fix adds a check to ensure \u0027i\u0027 is within bounds before accessing the\ntransfer function points. If \u0027i\u0027 is out of bounds, the function returns\nfalse to indicate an error.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:338 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.red\u0027 1025 \u003c= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:339 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.green\u0027 1025 \u003c= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:340 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.blue\u0027 1025 \u003c= s32max",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49895",
"url": "https://www.suse.com/security/cve/CVE-2024-49895"
},
{
"category": "external",
"summary": "SUSE Bug 1232352 for CVE-2024-49895",
"url": "https://bugzilla.suse.com/1232352"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "low"
}
],
"title": "CVE-2024-49895"
},
{
"cve": "CVE-2024-49896",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49896"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check stream before comparing them\n\n[WHAT \u0026 HOW]\namdgpu_dm can pass a null stream to dc_is_stream_unchanged. It is\nnecessary to check for null before dereferencing them.\n\nThis fixes 1 FORWARD_NULL issue reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49896",
"url": "https://www.suse.com/security/cve/CVE-2024-49896"
},
{
"category": "external",
"summary": "SUSE Bug 1232221 for CVE-2024-49896",
"url": "https://bugzilla.suse.com/1232221"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49896"
},
{
"cve": "CVE-2024-49897",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49897"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check phantom_stream before it is used\n\ndcn32_enable_phantom_stream can return null, so returned value\nmust be checked before used.\n\nThis fixes 1 NULL_RETURNS issue reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49897",
"url": "https://www.suse.com/security/cve/CVE-2024-49897"
},
{
"category": "external",
"summary": "SUSE Bug 1232355 for CVE-2024-49897",
"url": "https://bugzilla.suse.com/1232355"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49897"
},
{
"cve": "CVE-2024-49898",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49898"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check null-initialized variables\n\n[WHAT \u0026 HOW]\ndrr_timing and subvp_pipe are initialized to null and they are not\nalways assigned new values. It is necessary to check for null before\ndereferencing.\n\nThis fixes 2 FORWARD_NULL issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49898",
"url": "https://www.suse.com/security/cve/CVE-2024-49898"
},
{
"category": "external",
"summary": "SUSE Bug 1232222 for CVE-2024-49898",
"url": "https://bugzilla.suse.com/1232222"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49898"
},
{
"cve": "CVE-2024-49899",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49899"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Initialize denominators\u0027 default to 1\n\n[WHAT \u0026 HOW]\nVariables used as denominators and maybe not assigned to other values,\nshould not be 0. Change their default to 1 so they are never 0.\n\nThis fixes 10 DIVIDE_BY_ZERO issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49899",
"url": "https://www.suse.com/security/cve/CVE-2024-49899"
},
{
"category": "external",
"summary": "SUSE Bug 1232358 for CVE-2024-49899",
"url": "https://bugzilla.suse.com/1232358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49899"
},
{
"cve": "CVE-2024-49900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49900"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix uninit-value access of new_ea in ea_buffer\n\nsyzbot reports that lzo1x_1_do_compress is using uninit-value:\n\n=====================================================\nBUG: KMSAN: uninit-value in lzo1x_1_do_compress+0x19f9/0x2510 lib/lzo/lzo1x_compress.c:178\n\n...\n\nUninit was stored to memory at:\n ea_put fs/jfs/xattr.c:639 [inline]\n\n...\n\nLocal variable ea_buf created at:\n __jfs_setxattr+0x5d/0x1ae0 fs/jfs/xattr.c:662\n __jfs_xattr_set+0xe6/0x1f0 fs/jfs/xattr.c:934\n\n=====================================================\n\nThe reason is ea_buf-\u003enew_ea is not initialized properly.\n\nFix this by using memset to empty its content at the beginning\nin ea_get().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49900",
"url": "https://www.suse.com/security/cve/CVE-2024-49900"
},
{
"category": "external",
"summary": "SUSE Bug 1232359 for CVE-2024-49900",
"url": "https://bugzilla.suse.com/1232359"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49900"
},
{
"cve": "CVE-2024-49901",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49901"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/adreno: Assign msm_gpu-\u003epdev earlier to avoid nullptrs\n\nThere are some cases, such as the one uncovered by Commit 46d4efcccc68\n(\"drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails\")\nwhere\n\nmsm_gpu_cleanup() : platform_set_drvdata(gpu-\u003epdev, NULL);\n\nis called on gpu-\u003epdev == NULL, as the GPU device has not been fully\ninitialized yet.\n\nTurns out that there\u0027s more than just the aforementioned path that\ncauses this to happen (e.g. the case when there\u0027s speedbin data in the\ncatalog, but opp-supported-hw is missing in DT).\n\nAssigning msm_gpu-\u003epdev earlier seems like the least painful solution\nto this, therefore do so.\n\nPatchwork: https://patchwork.freedesktop.org/patch/602742/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49901",
"url": "https://www.suse.com/security/cve/CVE-2024-49901"
},
{
"category": "external",
"summary": "SUSE Bug 1232305 for CVE-2024-49901",
"url": "https://bugzilla.suse.com/1232305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49901"
},
{
"cve": "CVE-2024-49902",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49902"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: check if leafidx greater than num leaves per dmap tree\n\nsyzbot report a out of bounds in dbSplit, it because dmt_leafidx greater\nthan num leaves per dmap tree, add a checking for dmt_leafidx in dbFindLeaf.\n\nShaggy:\nModified sanity check to apply to control pages as well as leaf pages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49902",
"url": "https://www.suse.com/security/cve/CVE-2024-49902"
},
{
"category": "external",
"summary": "SUSE Bug 1232378 for CVE-2024-49902",
"url": "https://bugzilla.suse.com/1232378"
},
{
"category": "external",
"summary": "SUSE Bug 1232379 for CVE-2024-49902",
"url": "https://bugzilla.suse.com/1232379"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-49902"
},
{
"cve": "CVE-2024-49903",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49903"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix uaf in dbFreeBits\n\n[syzbot reported]\n==================================================================\nBUG: KASAN: slab-use-after-free in __mutex_lock_common kernel/locking/mutex.c:587 [inline]\nBUG: KASAN: slab-use-after-free in __mutex_lock+0xfe/0xd70 kernel/locking/mutex.c:752\nRead of size 8 at addr ffff8880229254b0 by task syz-executor357/5216\n\nCPU: 0 UID: 0 PID: 5216 Comm: syz-executor357 Not tainted 6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n __mutex_lock_common kernel/locking/mutex.c:587 [inline]\n __mutex_lock+0xfe/0xd70 kernel/locking/mutex.c:752\n dbFreeBits+0x7ea/0xd90 fs/jfs/jfs_dmap.c:2390\n dbFreeDmap fs/jfs/jfs_dmap.c:2089 [inline]\n dbFree+0x35b/0x680 fs/jfs/jfs_dmap.c:409\n dbDiscardAG+0x8a9/0xa20 fs/jfs/jfs_dmap.c:1650\n jfs_ioc_trim+0x433/0x670 fs/jfs/jfs_discard.c:100\n jfs_ioctl+0x2d0/0x3e0 fs/jfs/ioctl.c:131\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n\nFreed by task 5218:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579\n poison_slab_object+0xe0/0x150 mm/kasan/common.c:240\n __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256\n kasan_slab_free include/linux/kasan.h:184 [inline]\n slab_free_hook mm/slub.c:2252 [inline]\n slab_free mm/slub.c:4473 [inline]\n kfree+0x149/0x360 mm/slub.c:4594\n dbUnmount+0x11d/0x190 fs/jfs/jfs_dmap.c:278\n jfs_mount_rw+0x4ac/0x6a0 fs/jfs/jfs_mount.c:247\n jfs_remount+0x3d1/0x6b0 fs/jfs/super.c:454\n reconfigure_super+0x445/0x880 fs/super.c:1083\n vfs_cmd_reconfigure fs/fsopen.c:263 [inline]\n vfs_fsconfig_locked fs/fsopen.c:292 [inline]\n __do_sys_fsconfig fs/fsopen.c:473 [inline]\n __se_sys_fsconfig+0xb6e/0xf80 fs/fsopen.c:345\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n[Analysis]\nThere are two paths (dbUnmount and jfs_ioc_trim) that generate race\ncondition when accessing bmap, which leads to the occurrence of uaf.\n\nUse the lock s_umount to synchronize them, in order to avoid uaf caused\nby race condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49903",
"url": "https://www.suse.com/security/cve/CVE-2024-49903"
},
{
"category": "external",
"summary": "SUSE Bug 1232362 for CVE-2024-49903",
"url": "https://bugzilla.suse.com/1232362"
},
{
"category": "external",
"summary": "SUSE Bug 1233020 for CVE-2024-49903",
"url": "https://bugzilla.suse.com/1233020"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-49903"
},
{
"cve": "CVE-2024-49905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49905"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check for \u0027afb\u0027 in amdgpu_dm_plane_handle_cursor_update (v2)\n\nThis commit adds a null check for the \u0027afb\u0027 variable in the\namdgpu_dm_plane_handle_cursor_update function. Previously, \u0027afb\u0027 was\nassumed to be null, but was used later in the code without a null check.\nThis could potentially lead to a null pointer dereference.\n\nChanges since v1:\n- Moved the null check for \u0027afb\u0027 to the line where \u0027afb\u0027 is used. (Alex)\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_plane.c:1298 amdgpu_dm_plane_handle_cursor_update() error: we previously assumed \u0027afb\u0027 could be null (see line 1252)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49905",
"url": "https://www.suse.com/security/cve/CVE-2024-49905"
},
{
"category": "external",
"summary": "SUSE Bug 1232357 for CVE-2024-49905",
"url": "https://bugzilla.suse.com/1232357"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49905"
},
{
"cve": "CVE-2024-49906",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49906"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check null pointer before try to access it\n\n[why \u0026 how]\nChange the order of the pipe_ctx-\u003eplane_state check to ensure that\nplane_state is not null before accessing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49906",
"url": "https://www.suse.com/security/cve/CVE-2024-49906"
},
{
"category": "external",
"summary": "SUSE Bug 1232332 for CVE-2024-49906",
"url": "https://bugzilla.suse.com/1232332"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49906"
},
{
"cve": "CVE-2024-49907",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49907"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check null pointers before using dc-\u003eclk_mgr\n\n[WHY \u0026 HOW]\ndc-\u003eclk_mgr is null checked previously in the same function, indicating\nit might be null.\n\nPassing \"dc\" to \"dc-\u003ehwss.apply_idle_power_optimizations\", which\ndereferences null \"dc-\u003eclk_mgr\". (The function pointer resolves to\n\"dcn35_apply_idle_power_optimizations\".)\n\nThis fixes 1 FORWARD_NULL issue reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49907",
"url": "https://www.suse.com/security/cve/CVE-2024-49907"
},
{
"category": "external",
"summary": "SUSE Bug 1232334 for CVE-2024-49907",
"url": "https://bugzilla.suse.com/1232334"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49907"
},
{
"cve": "CVE-2024-49908",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49908"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check for \u0027afb\u0027 in amdgpu_dm_update_cursor (v2)\n\nThis commit adds a null check for the \u0027afb\u0027 variable in the\namdgpu_dm_update_cursor function. Previously, \u0027afb\u0027 was assumed to be\nnull at line 8388, but was used later in the code without a null check.\nThis could potentially lead to a null pointer dereference.\n\nChanges since v1:\n- Moved the null check for \u0027afb\u0027 to the line where \u0027afb\u0027 is used. (Alex)\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:8433 amdgpu_dm_update_cursor()\n\terror: we previously assumed \u0027afb\u0027 could be null (see line 8388)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49908",
"url": "https://www.suse.com/security/cve/CVE-2024-49908"
},
{
"category": "external",
"summary": "SUSE Bug 1232335 for CVE-2024-49908",
"url": "https://bugzilla.suse.com/1232335"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49908"
},
{
"cve": "CVE-2024-49909",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49909"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func\n\nThis commit adds a null check for the set_output_gamma function pointer\nin the dcn32_set_output_transfer_func function. Previously,\nset_output_gamma was being checked for null, but then it was being\ndereferenced without any null check. This could lead to a null pointer\ndereference if set_output_gamma is null.\n\nTo fix this, we now ensure that set_output_gamma is not null before\ndereferencing it. We do this by adding a null check for set_output_gamma\nbefore the call to set_output_gamma.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49909",
"url": "https://www.suse.com/security/cve/CVE-2024-49909"
},
{
"category": "external",
"summary": "SUSE Bug 1232337 for CVE-2024-49909",
"url": "https://bugzilla.suse.com/1232337"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49909"
},
{
"cve": "CVE-2024-49911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49911"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func\n\nThis commit adds a null check for the set_output_gamma function pointer\nin the dcn20_set_output_transfer_func function. Previously,\nset_output_gamma was being checked for null at line 1030, but then it\nwas being dereferenced without any null check at line 1048. This could\npotentially lead to a null pointer dereference error if set_output_gamma\nis null.\n\nTo fix this, we now ensure that set_output_gamma is not null before\ndereferencing it. We do this by adding a null check for set_output_gamma\nbefore the call to set_output_gamma at line 1048.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49911",
"url": "https://www.suse.com/security/cve/CVE-2024-49911"
},
{
"category": "external",
"summary": "SUSE Bug 1232366 for CVE-2024-49911",
"url": "https://bugzilla.suse.com/1232366"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49911"
},
{
"cve": "CVE-2024-49912",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49912"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Handle null \u0027stream_status\u0027 in \u0027planes_changed_for_existing_stream\u0027\n\nThis commit adds a null check for \u0027stream_status\u0027 in the function\n\u0027planes_changed_for_existing_stream\u0027. Previously, the code assumed\n\u0027stream_status\u0027 could be null, but did not handle the case where it was\nactually null. This could lead to a null pointer dereference.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_resource.c:3784 planes_changed_for_existing_stream() error: we previously assumed \u0027stream_status\u0027 could be null (see line 3774)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49912",
"url": "https://www.suse.com/security/cve/CVE-2024-49912"
},
{
"category": "external",
"summary": "SUSE Bug 1232367 for CVE-2024-49912",
"url": "https://bugzilla.suse.com/1232367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49912"
},
{
"cve": "CVE-2024-49913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49913"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream\n\nThis commit addresses a null pointer dereference issue in the\n`commit_planes_for_stream` function at line 4140. The issue could occur\nwhen `top_pipe_to_program` is null.\n\nThe fix adds a check to ensure `top_pipe_to_program` is not null before\naccessing its stream_res. This prevents a null pointer dereference.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/core/dc.c:4140 commit_planes_for_stream() error: we previously assumed \u0027top_pipe_to_program\u0027 could be null (see line 3906)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49913",
"url": "https://www.suse.com/security/cve/CVE-2024-49913"
},
{
"category": "external",
"summary": "SUSE Bug 1232307 for CVE-2024-49913",
"url": "https://bugzilla.suse.com/1232307"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49913"
},
{
"cve": "CVE-2024-49914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49914"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check for pipe_ctx-\u003eplane_state in dcn20_program_pipe\n\nThis commit addresses a null pointer dereference issue in the\n`dcn20_program_pipe` function. The issue could occur when\n`pipe_ctx-\u003eplane_state` is null.\n\nThe fix adds a check to ensure `pipe_ctx-\u003eplane_state` is not null\nbefore accessing. This prevents a null pointer dereference.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn20/dcn20_hwseq.c:1925 dcn20_program_pipe() error: we previously assumed \u0027pipe_ctx-\u003eplane_state\u0027 could be null (see line 1877)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49914",
"url": "https://www.suse.com/security/cve/CVE-2024-49914"
},
{
"category": "external",
"summary": "SUSE Bug 1232369 for CVE-2024-49914",
"url": "https://bugzilla.suse.com/1232369"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49914"
},
{
"cve": "CVE-2024-49917",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49917"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL check for clk_mgr and clk_mgr-\u003efuncs in dcn30_init_hw\n\nThis commit addresses a potential null pointer dereference issue in the\n`dcn30_init_hw` function. The issue could occur when `dc-\u003eclk_mgr` or\n`dc-\u003eclk_mgr-\u003efuncs` is null.\n\nThe fix adds a check to ensure `dc-\u003eclk_mgr` and `dc-\u003eclk_mgr-\u003efuncs` is\nnot null before accessing its functions. This prevents a potential null\npointer dereference.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:789 dcn30_init_hw() error: we previously assumed \u0027dc-\u003eclk_mgr\u0027 could be null (see line 628)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49917",
"url": "https://www.suse.com/security/cve/CVE-2024-49917"
},
{
"category": "external",
"summary": "SUSE Bug 1231965 for CVE-2024-49917",
"url": "https://bugzilla.suse.com/1231965"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49917"
},
{
"cve": "CVE-2024-49918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49918"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer\n\nThis commit addresses a potential null pointer dereference issue in the\n`dcn32_acquire_idle_pipe_for_head_pipe_in_layer` function. The issue\ncould occur when `head_pipe` is null.\n\nThe fix adds a check to ensure `head_pipe` is not null before asserting\nit. If `head_pipe` is null, the function returns NULL to prevent a\npotential null pointer dereference.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn32/dcn32_resource.c:2690 dcn32_acquire_idle_pipe_for_head_pipe_in_layer() error: we previously assumed \u0027head_pipe\u0027 could be null (see line 2681)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49918",
"url": "https://www.suse.com/security/cve/CVE-2024-49918"
},
{
"category": "external",
"summary": "SUSE Bug 1231967 for CVE-2024-49918",
"url": "https://bugzilla.suse.com/1231967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49918"
},
{
"cve": "CVE-2024-49919",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49919"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer\n\nThis commit addresses a potential null pointer dereference issue in the\n`dcn201_acquire_free_pipe_for_layer` function. The issue could occur\nwhen `head_pipe` is null.\n\nThe fix adds a check to ensure `head_pipe` is not null before asserting\nit. If `head_pipe` is null, the function returns NULL to prevent a\npotential null pointer dereference.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn201/dcn201_resource.c:1016 dcn201_acquire_free_pipe_for_layer() error: we previously assumed \u0027head_pipe\u0027 could be null (see line 1010)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49919",
"url": "https://www.suse.com/security/cve/CVE-2024-49919"
},
{
"category": "external",
"summary": "SUSE Bug 1231968 for CVE-2024-49919",
"url": "https://bugzilla.suse.com/1231968"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49919"
},
{
"cve": "CVE-2024-49920",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49920"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check null pointers before multiple uses\n\n[WHAT \u0026 HOW]\nPoniters, such as stream_enc and dc-\u003ebw_vbios, are null checked previously\nin the same function, so Coverity warns \"implies that stream_enc and\ndc-\u003ebw_vbios might be null\". They are used multiple times in the\nsubsequent code and need to be checked.\n\nThis fixes 10 FORWARD_NULL issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49920",
"url": "https://www.suse.com/security/cve/CVE-2024-49920"
},
{
"category": "external",
"summary": "SUSE Bug 1232313 for CVE-2024-49920",
"url": "https://bugzilla.suse.com/1232313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49920"
},
{
"cve": "CVE-2024-49921",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49921"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check null pointers before used\n\n[WHAT \u0026 HOW]\nPoniters, such as dc-\u003eclk_mgr, are null checked previously in the same\nfunction, so Coverity warns \"implies that \"dc-\u003eclk_mgr\" might be null\".\nAs a result, these pointers need to be checked when used again.\n\nThis fixes 10 FORWARD_NULL issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49921",
"url": "https://www.suse.com/security/cve/CVE-2024-49921"
},
{
"category": "external",
"summary": "SUSE Bug 1232371 for CVE-2024-49921",
"url": "https://bugzilla.suse.com/1232371"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49921"
},
{
"cve": "CVE-2024-49922",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49922"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check null pointers before using them\n\n[WHAT \u0026 HOW]\nThese pointers are null checked previously in the same function,\nindicating they might be null as reported by Coverity. As a result,\nthey need to be checked when used again.\n\nThis fixes 3 FORWARD_NULL issue reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49922",
"url": "https://www.suse.com/security/cve/CVE-2024-49922"
},
{
"category": "external",
"summary": "SUSE Bug 1232374 for CVE-2024-49922",
"url": "https://bugzilla.suse.com/1232374"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49922"
},
{
"cve": "CVE-2024-49923",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49923"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags\n\n[WHAT \u0026 HOW]\n\"dcn20_validate_apply_pipe_split_flags\" dereferences merge, and thus it\ncannot be a null pointer. Let\u0027s pass a valid pointer to avoid null\ndereference.\n\nThis fixes 2 FORWARD_NULL issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49923",
"url": "https://www.suse.com/security/cve/CVE-2024-49923"
},
{
"category": "external",
"summary": "SUSE Bug 1232361 for CVE-2024-49923",
"url": "https://bugzilla.suse.com/1232361"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49923"
},
{
"cve": "CVE-2024-49925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49925"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: efifb: Register sysfs groups through driver core\n\nThe driver core can register and cleanup sysfs groups already.\nMake use of that functionality to simplify the error handling and\ncleanup.\n\nAlso avoid a UAF race during unregistering where the sysctl attributes\nwere usable after the info struct was freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49925",
"url": "https://www.suse.com/security/cve/CVE-2024-49925"
},
{
"category": "external",
"summary": "SUSE Bug 1232224 for CVE-2024-49925",
"url": "https://bugzilla.suse.com/1232224"
},
{
"category": "external",
"summary": "SUSE Bug 1232225 for CVE-2024-49925",
"url": "https://bugzilla.suse.com/1232225"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49925"
},
{
"cve": "CVE-2024-49928",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49928"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: avoid reading out of bounds when loading TX power FW elements\n\nBecause the loop-expression will do one more time before getting false from\ncond-expression, the original code copied one more entry size beyond valid\nregion.\n\nFix it by moving the entry copy to loop-body.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49928",
"url": "https://www.suse.com/security/cve/CVE-2024-49928"
},
{
"category": "external",
"summary": "SUSE Bug 1232250 for CVE-2024-49928",
"url": "https://bugzilla.suse.com/1232250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49928"
},
{
"cve": "CVE-2024-49929",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49929"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: avoid NULL pointer dereference\n\niwl_mvm_tx_skb_sta() and iwl_mvm_tx_mpdu() verify that the mvmvsta\npointer is not NULL.\nIt retrieves this pointer using iwl_mvm_sta_from_mac80211, which is\ndereferencing the ieee80211_sta pointer.\nIf sta is NULL, iwl_mvm_sta_from_mac80211 will dereference a NULL\npointer.\nFix this by checking the sta pointer before retrieving the mvmsta\nfrom it. If sta is not NULL, then mvmsta isn\u0027t either.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49929",
"url": "https://www.suse.com/security/cve/CVE-2024-49929"
},
{
"category": "external",
"summary": "SUSE Bug 1232253 for CVE-2024-49929",
"url": "https://bugzilla.suse.com/1232253"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49929"
},
{
"cve": "CVE-2024-49930",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49930"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix array out-of-bound access in SoC stats\n\nCurrently, the ath11k_soc_dp_stats::hal_reo_error array is defined with a\nmaximum size of DP_REO_DST_RING_MAX. However, the ath11k_dp_process_rx()\nfunction access ath11k_soc_dp_stats::hal_reo_error using the REO\ndestination SRNG ring ID, which is incorrect. SRNG ring ID differ from\nnormal ring ID, and this usage leads to out-of-bounds array access. To fix\nthis issue, modify ath11k_dp_process_rx() to use the normal ring ID\ndirectly instead of the SRNG ring ID to avoid out-of-bounds array access.\n\nTested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49930",
"url": "https://www.suse.com/security/cve/CVE-2024-49930"
},
{
"category": "external",
"summary": "SUSE Bug 1232260 for CVE-2024-49930",
"url": "https://bugzilla.suse.com/1232260"
},
{
"category": "external",
"summary": "SUSE Bug 1232261 for CVE-2024-49930",
"url": "https://bugzilla.suse.com/1232261"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-49930"
},
{
"cve": "CVE-2024-49931",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49931"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix array out-of-bound access in SoC stats\n\nCurrently, the ath12k_soc_dp_stats::hal_reo_error array is defined with a\nmaximum size of DP_REO_DST_RING_MAX. However, the ath12k_dp_rx_process()\nfunction access ath12k_soc_dp_stats::hal_reo_error using the REO\ndestination SRNG ring ID, which is incorrect. SRNG ring ID differ from\nnormal ring ID, and this usage leads to out-of-bounds array access. To\nfix this issue, modify ath12k_dp_rx_process() to use the normal ring ID\ndirectly instead of the SRNG ring ID to avoid out-of-bounds array access.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49931",
"url": "https://www.suse.com/security/cve/CVE-2024-49931"
},
{
"category": "external",
"summary": "SUSE Bug 1232275 for CVE-2024-49931",
"url": "https://bugzilla.suse.com/1232275"
},
{
"category": "external",
"summary": "SUSE Bug 1232277 for CVE-2024-49931",
"url": "https://bugzilla.suse.com/1232277"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-49931"
},
{
"cve": "CVE-2024-49933",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49933"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk_iocost: fix more out of bound shifts\n\nRecently running UBSAN caught few out of bound shifts in the\nioc_forgive_debts() function:\n\nUBSAN: shift-out-of-bounds in block/blk-iocost.c:2142:38\nshift exponent 80 is too large for 64-bit type \u0027u64\u0027 (aka \u0027unsigned long\nlong\u0027)\n...\nUBSAN: shift-out-of-bounds in block/blk-iocost.c:2144:30\nshift exponent 80 is too large for 64-bit type \u0027u64\u0027 (aka \u0027unsigned long\nlong\u0027)\n...\nCall Trace:\n\u003cIRQ\u003e\ndump_stack_lvl+0xca/0x130\n__ubsan_handle_shift_out_of_bounds+0x22c/0x280\n? __lock_acquire+0x6441/0x7c10\nioc_timer_fn+0x6cec/0x7750\n? blk_iocost_init+0x720/0x720\n? call_timer_fn+0x5d/0x470\ncall_timer_fn+0xfa/0x470\n? blk_iocost_init+0x720/0x720\n__run_timer_base+0x519/0x700\n...\n\nActual impact of this issue was not identified but I propose to fix the\nundefined behaviour.\nThe proposed fix to prevent those out of bound shifts consist of\nprecalculating exponent before using it the shift operations by taking\nmin value from the actual exponent and maximum possible number of bits.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49933",
"url": "https://www.suse.com/security/cve/CVE-2024-49933"
},
{
"category": "external",
"summary": "SUSE Bug 1232368 for CVE-2024-49933",
"url": "https://bugzilla.suse.com/1232368"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49933"
},
{
"cve": "CVE-2024-49934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49934"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name\n\nIt\u0027s observed that a crash occurs during hot-remove a memory device,\nin which user is accessing the hugetlb. See calltrace as following:\n\n------------[ cut here ]------------\nWARNING: CPU: 1 PID: 14045 at arch/x86/mm/fault.c:1278 do_user_addr_fault+0x2a0/0x790\nModules linked in: kmem device_dax cxl_mem cxl_pmem cxl_port cxl_pci dax_hmem dax_pmem nd_pmem cxl_acpi nd_btt cxl_core crc32c_intel nvme virtiofs fuse nvme_core nfit libnvdimm dm_multipath scsi_dh_rdac scsi_dh_emc s\nmirror dm_region_hash dm_log dm_mod\nCPU: 1 PID: 14045 Comm: daxctl Not tainted 6.10.0-rc2-lizhijian+ #492\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nRIP: 0010:do_user_addr_fault+0x2a0/0x790\nCode: 48 8b 00 a8 04 0f 84 b5 fe ff ff e9 1c ff ff ff 4c 89 e9 4c 89 e2 be 01 00 00 00 bf 02 00 00 00 e8 b5 ef 24 00 e9 42 fe ff ff \u003c0f\u003e 0b 48 83 c4 08 4c 89 ea 48 89 ee 4c 89 e7 5b 5d 41 5c 41 5d 41\nRSP: 0000:ffffc90000a575f0 EFLAGS: 00010046\nRAX: ffff88800c303600 RBX: 0000000000000000 RCX: 0000000000000000\nRDX: 0000000000001000 RSI: ffffffff82504162 RDI: ffffffff824b2c36\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffc90000a57658\nR13: 0000000000001000 R14: ffff88800bc2e040 R15: 0000000000000000\nFS: 00007f51cb57d880(0000) GS:ffff88807fd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000001000 CR3: 00000000072e2004 CR4: 00000000001706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? __warn+0x8d/0x190\n ? do_user_addr_fault+0x2a0/0x790\n ? report_bug+0x1c3/0x1d0\n ? handle_bug+0x3c/0x70\n ? exc_invalid_op+0x14/0x70\n ? asm_exc_invalid_op+0x16/0x20\n ? do_user_addr_fault+0x2a0/0x790\n ? exc_page_fault+0x31/0x200\n exc_page_fault+0x68/0x200\n\u003c...snip...\u003e\nBUG: unable to handle page fault for address: 0000000000001000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 800000000ad92067 P4D 800000000ad92067 PUD 7677067 PMD 0\n Oops: Oops: 0000 [#1] PREEMPT SMP PTI\n ---[ end trace 0000000000000000 ]---\n BUG: unable to handle page fault for address: 0000000000001000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 800000000ad92067 P4D 800000000ad92067 PUD 7677067 PMD 0\n Oops: Oops: 0000 [#1] PREEMPT SMP PTI\n CPU: 1 PID: 14045 Comm: daxctl Kdump: loaded Tainted: G W 6.10.0-rc2-lizhijian+ #492\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n RIP: 0010:dentry_name+0x1f4/0x440\n\u003c...snip...\u003e\n? dentry_name+0x2fa/0x440\nvsnprintf+0x1f3/0x4f0\nvprintk_store+0x23a/0x540\nvprintk_emit+0x6d/0x330\n_printk+0x58/0x80\ndump_mapping+0x10b/0x1a0\n? __pfx_free_object_rcu+0x10/0x10\n__dump_page+0x26b/0x3e0\n? vprintk_emit+0xe0/0x330\n? _printk+0x58/0x80\n? dump_page+0x17/0x50\ndump_page+0x17/0x50\ndo_migrate_range+0x2f7/0x7f0\n? do_migrate_range+0x42/0x7f0\n? offline_pages+0x2f4/0x8c0\noffline_pages+0x60a/0x8c0\nmemory_subsys_offline+0x9f/0x1c0\n? lockdep_hardirqs_on+0x77/0x100\n? _raw_spin_unlock_irqrestore+0x38/0x60\ndevice_offline+0xe3/0x110\nstate_store+0x6e/0xc0\nkernfs_fop_write_iter+0x143/0x200\nvfs_write+0x39f/0x560\nksys_write+0x65/0xf0\ndo_syscall_64+0x62/0x130\n\nPreviously, some sanity check have been done in dump_mapping() before\nthe print facility parsing \u0027%pd\u0027 though, it\u0027s still possible to run into\nan invalid dentry.d_name.name.\n\nSince dump_mapping() only needs to dump the filename only, retrieve it\nby itself in a safer way to prevent an unnecessary crash.\n\nNote that either retrieving the filename with \u0027%pd\u0027 or\nstrncpy_from_kernel_nofault(), the filename could be unreliable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49934",
"url": "https://www.suse.com/security/cve/CVE-2024-49934"
},
{
"category": "external",
"summary": "SUSE Bug 1232387 for CVE-2024-49934",
"url": "https://bugzilla.suse.com/1232387"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49934"
},
{
"cve": "CVE-2024-49935",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49935"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: PAD: fix crash in exit_round_robin()\n\nThe kernel occasionally crashes in cpumask_clear_cpu(), which is called\nwithin exit_round_robin(), because when executing clear_bit(nr, addr) with\nnr set to 0xffffffff, the address calculation may cause misalignment within\nthe memory, leading to access to an invalid memory address.\n\n----------\nBUG: unable to handle kernel paging request at ffffffffe0740618\n ...\nCPU: 3 PID: 2919323 Comm: acpi_pad/14 Kdump: loaded Tainted: G OE X --------- - - 4.18.0-425.19.2.el8_7.x86_64 #1\n ...\nRIP: 0010:power_saving_thread+0x313/0x411 [acpi_pad]\nCode: 89 cd 48 89 d3 eb d1 48 c7 c7 55 70 72 c0 e8 64 86 b0 e4 c6 05 0d a1 02 00 01 e9 bc fd ff ff 45 89 e4 42 8b 04 a5 20 82 72 c0 \u003cf0\u003e 48 0f b3 05 f4 9c 01 00 42 c7 04 a5 20 82 72 c0 ff ff ff ff 31\nRSP: 0018:ff72a5d51fa77ec8 EFLAGS: 00010202\nRAX: 00000000ffffffff RBX: ff462981e5d8cb80 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000246 RDI: 0000000000000246\nRBP: ff46297556959d80 R08: 0000000000000382 R09: ff46297c8d0f38d8\nR10: 0000000000000000 R11: 0000000000000001 R12: 000000000000000e\nR13: 0000000000000000 R14: ffffffffffffffff R15: 000000000000000e\nFS: 0000000000000000(0000) GS:ff46297a800c0000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffffffffe0740618 CR3: 0000007e20410004 CR4: 0000000000771ee0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n ? acpi_pad_add+0x120/0x120 [acpi_pad]\n kthread+0x10b/0x130\n ? set_kthread_struct+0x50/0x50\n ret_from_fork+0x1f/0x40\n ...\nCR2: ffffffffe0740618\n\ncrash\u003e dis -lr ffffffffc0726923\n ...\n/usr/src/debug/kernel-4.18.0-425.19.2.el8_7/linux-4.18.0-425.19.2.el8_7.x86_64/./include/linux/cpumask.h: 114\n0xffffffffc0726918 \u003cpower_saving_thread+776\u003e:\tmov %r12d,%r12d\n/usr/src/debug/kernel-4.18.0-425.19.2.el8_7/linux-4.18.0-425.19.2.el8_7.x86_64/./include/linux/cpumask.h: 325\n0xffffffffc072691b \u003cpower_saving_thread+779\u003e:\tmov -0x3f8d7de0(,%r12,4),%eax\n/usr/src/debug/kernel-4.18.0-425.19.2.el8_7/linux-4.18.0-425.19.2.el8_7.x86_64/./arch/x86/include/asm/bitops.h: 80\n0xffffffffc0726923 \u003cpower_saving_thread+787\u003e:\tlock btr %rax,0x19cf4(%rip) # 0xffffffffc0740620 \u003cpad_busy_cpus_bits\u003e\n\ncrash\u003e px tsk_in_cpu[14]\n$66 = 0xffffffff\n\ncrash\u003e px 0xffffffffc072692c+0x19cf4\n$99 = 0xffffffffc0740620\n\ncrash\u003e sym 0xffffffffc0740620\nffffffffc0740620 (b) pad_busy_cpus_bits [acpi_pad]\n\ncrash\u003e px pad_busy_cpus_bits[0]\n$42 = 0xfffc0\n----------\n\nTo fix this, ensure that tsk_in_cpu[tsk_index] != -1 before calling\ncpumask_clear_cpu() in exit_round_robin(), just as it is done in\nround_robin_cpu().\n\n[ rjw: Subject edit, avoid updates to the same value ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49935",
"url": "https://www.suse.com/security/cve/CVE-2024-49935"
},
{
"category": "external",
"summary": "SUSE Bug 1232370 for CVE-2024-49935",
"url": "https://bugzilla.suse.com/1232370"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49935"
},
{
"cve": "CVE-2024-49936",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49936"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/xen-netback: prevent UAF in xenvif_flush_hash()\n\nDuring the list_for_each_entry_rcu iteration call of xenvif_flush_hash,\nkfree_rcu does not exist inside the rcu read critical section, so if\nkfree_rcu is called when the rcu grace period ends during the iteration,\nUAF occurs when accessing head-\u003enext after the entry becomes free.\n\nTherefore, to solve this, you need to change it to list_for_each_entry_safe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49936",
"url": "https://www.suse.com/security/cve/CVE-2024-49936"
},
{
"category": "external",
"summary": "SUSE Bug 1232424 for CVE-2024-49936",
"url": "https://bugzilla.suse.com/1232424"
},
{
"category": "external",
"summary": "SUSE Bug 1232426 for CVE-2024-49936",
"url": "https://bugzilla.suse.com/1232426"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-49936"
},
{
"cve": "CVE-2024-49937",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49937"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: Set correct chandef when starting CAC\n\nWhen starting CAC in a mode other than AP mode, it return a\n\"WARNING: CPU: 0 PID: 63 at cfg80211_chandef_dfs_usable+0x20/0xaf [cfg80211]\"\ncaused by the chandef.chan being null at the end of CAC.\n\nSolution: Ensure the channel definition is set for the different modes\nwhen starting CAC to avoid getting a NULL \u0027chan\u0027 at the end of CAC.\n\n Call Trace:\n ? show_regs.part.0+0x14/0x16\n ? __warn+0x67/0xc0\n ? cfg80211_chandef_dfs_usable+0x20/0xaf [cfg80211]\n ? report_bug+0xa7/0x130\n ? exc_overflow+0x30/0x30\n ? handle_bug+0x27/0x50\n ? exc_invalid_op+0x18/0x60\n ? handle_exception+0xf6/0xf6\n ? exc_overflow+0x30/0x30\n ? cfg80211_chandef_dfs_usable+0x20/0xaf [cfg80211]\n ? exc_overflow+0x30/0x30\n ? cfg80211_chandef_dfs_usable+0x20/0xaf [cfg80211]\n ? regulatory_propagate_dfs_state.cold+0x1b/0x4c [cfg80211]\n ? cfg80211_propagate_cac_done_wk+0x1a/0x30 [cfg80211]\n ? process_one_work+0x165/0x280\n ? worker_thread+0x120/0x3f0\n ? kthread+0xc2/0xf0\n ? process_one_work+0x280/0x280\n ? kthread_complete_and_exit+0x20/0x20\n ? ret_from_fork+0x19/0x24\n\n[shorten subject, remove OCB, reorder cases to match previous list]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49937",
"url": "https://www.suse.com/security/cve/CVE-2024-49937"
},
{
"category": "external",
"summary": "SUSE Bug 1232427 for CVE-2024-49937",
"url": "https://bugzilla.suse.com/1232427"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49937"
},
{
"cve": "CVE-2024-49938",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49938"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit\n\nSyzbot points out that skb_trim() has a sanity check on the existing length of\nthe skb, which can be uninitialised in some error paths. The intent here is\nclearly just to reset the length to zero before resubmitting, so switch to\ncalling __skb_set_length(skb, 0) directly. In addition, __skb_set_length()\nalready contains a call to skb_reset_tail_pointer(), so remove the redundant\ncall.\n\nThe syzbot report came from ath9k_hif_usb_reg_in_cb(), but there\u0027s a similar\nusage of skb_trim() in ath9k_hif_usb_rx_cb(), change both while we\u0027re at it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49938",
"url": "https://www.suse.com/security/cve/CVE-2024-49938"
},
{
"category": "external",
"summary": "SUSE Bug 1232552 for CVE-2024-49938",
"url": "https://bugzilla.suse.com/1232552"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49938"
},
{
"cve": "CVE-2024-49939",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49939"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: avoid to add interface to list twice when SER\n\nIf SER L2 occurs during the WoWLAN resume flow, the add interface flow\nis triggered by ieee80211_reconfig(). However, due to\nrtw89_wow_resume() return failure, it will cause the add interface flow\nto be executed again, resulting in a double add list and causing a kernel\npanic. Therefore, we have added a check to prevent double adding of the\nlist.\n\nlist_add double add: new=ffff99d6992e2010, prev=ffff99d6992e2010, next=ffff99d695302628.\n------------[ cut here ]------------\nkernel BUG at lib/list_debug.c:37!\ninvalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 0 PID: 9 Comm: kworker/0:1 Tainted: G W O 6.6.30-02659-gc18865c4dfbd #1 770df2933251a0e3c888ba69d1053a817a6376a7\nHardware name: HP Grunt/Grunt, BIOS Google_Grunt.11031.169.0 06/24/2021\nWorkqueue: events_freezable ieee80211_restart_work [mac80211]\nRIP: 0010:__list_add_valid_or_report+0x5e/0xb0\nCode: c7 74 18 48 39 ce 74 13 b0 01 59 5a 5e 5f 41 58 41 59 41 5a 5d e9 e2 d6 03 00 cc 48 c7 c7 8d 4f 17 83 48 89 c2 e8 02 c0 00 00 \u003c0f\u003e 0b 48 c7 c7 aa 8c 1c 83 e8 f4 bf 00 00 0f 0b 48 c7 c7 c8 bc 12\nRSP: 0018:ffffa91b8007bc50 EFLAGS: 00010246\nRAX: 0000000000000058 RBX: ffff99d6992e0900 RCX: a014d76c70ef3900\nRDX: ffffa91b8007bae8 RSI: 00000000ffffdfff RDI: 0000000000000001\nRBP: ffffa91b8007bc88 R08: 0000000000000000 R09: ffffa91b8007bae0\nR10: 00000000ffffdfff R11: ffffffff83a79800 R12: ffff99d695302060\nR13: ffff99d695300900 R14: ffff99d6992e1be0 R15: ffff99d6992e2010\nFS: 0000000000000000(0000) GS:ffff99d6aac00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000078fbdba43480 CR3: 000000010e464000 CR4: 00000000001506f0\nCall Trace:\n \u003cTASK\u003e\n ? __die_body+0x1f/0x70\n ? die+0x3d/0x60\n ? do_trap+0xa4/0x110\n ? __list_add_valid_or_report+0x5e/0xb0\n ? do_error_trap+0x6d/0x90\n ? __list_add_valid_or_report+0x5e/0xb0\n ? handle_invalid_op+0x30/0x40\n ? __list_add_valid_or_report+0x5e/0xb0\n ? exc_invalid_op+0x3c/0x50\n ? asm_exc_invalid_op+0x16/0x20\n ? __list_add_valid_or_report+0x5e/0xb0\n rtw89_ops_add_interface+0x309/0x310 [rtw89_core 7c32b1ee6854761c0321027c8a58c5160e41f48f]\n drv_add_interface+0x5c/0x130 [mac80211 83e989e6e616bd5b4b8a2b0a9f9352a2c385a3bc]\n ieee80211_reconfig+0x241/0x13d0 [mac80211 83e989e6e616bd5b4b8a2b0a9f9352a2c385a3bc]\n ? finish_wait+0x3e/0x90\n ? synchronize_rcu_expedited+0x174/0x260\n ? sync_rcu_exp_done_unlocked+0x50/0x50\n ? wake_bit_function+0x40/0x40\n ieee80211_restart_work+0xf0/0x140 [mac80211 83e989e6e616bd5b4b8a2b0a9f9352a2c385a3bc]\n process_scheduled_works+0x1e5/0x480\n worker_thread+0xea/0x1e0\n kthread+0xdb/0x110\n ? move_linked_works+0x90/0x90\n ? kthread_associate_blkcg+0xa0/0xa0\n ret_from_fork+0x3b/0x50\n ? kthread_associate_blkcg+0xa0/0xa0\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e\nModules linked in: dm_integrity async_xor xor async_tx lz4 lz4_compress zstd zstd_compress zram zsmalloc rfcomm cmac uinput algif_hash algif_skcipher af_alg btusb btrtl iio_trig_hrtimer industrialio_sw_trigger btmtk industrialio_configfs btbcm btintel uvcvideo videobuf2_vmalloc iio_trig_sysfs videobuf2_memops videobuf2_v4l2 videobuf2_common uvc snd_hda_codec_hdmi veth snd_hda_intel snd_intel_dspcfg acpi_als snd_hda_codec industrialio_triggered_buffer kfifo_buf snd_hwdep industrialio i2c_piix4 snd_hda_core designware_i2s ip6table_nat snd_soc_max98357a xt_MASQUERADE xt_cgroup snd_soc_acp_rt5682_mach fuse rtw89_8922ae(O) rtw89_8922a(O) rtw89_pci(O) rtw89_core(O) 8021q mac80211(O) bluetooth ecdh_generic ecc cfg80211 r8152 mii joydev\ngsmi: Log Shutdown Reason 0x03\n---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49939",
"url": "https://www.suse.com/security/cve/CVE-2024-49939"
},
{
"category": "external",
"summary": "SUSE Bug 1232381 for CVE-2024-49939",
"url": "https://bugzilla.suse.com/1232381"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49939"
},
{
"cve": "CVE-2024-49944",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49944"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start\n\nIn sctp_listen_start() invoked by sctp_inet_listen(), it should set the\nsk_state back to CLOSED if sctp_autobind() fails due to whatever reason.\n\nOtherwise, next time when calling sctp_inet_listen(), if sctp_sk(sk)-\u003ereuse\nis already set via setsockopt(SCTP_REUSE_PORT), sctp_sk(sk)-\u003ebind_hash will\nbe dereferenced as sk_state is LISTENING, which causes a crash as bind_hash\nis NULL.\n\n KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\n RIP: 0010:sctp_inet_listen+0x7f0/0xa20 net/sctp/socket.c:8617\n Call Trace:\n \u003cTASK\u003e\n __sys_listen_socket net/socket.c:1883 [inline]\n __sys_listen+0x1b7/0x230 net/socket.c:1894\n __do_sys_listen net/socket.c:1902 [inline]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49944",
"url": "https://www.suse.com/security/cve/CVE-2024-49944"
},
{
"category": "external",
"summary": "SUSE Bug 1232166 for CVE-2024-49944",
"url": "https://bugzilla.suse.com/1232166"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49944"
},
{
"cve": "CVE-2024-49945",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49945"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/ncsi: Disable the ncsi work before freeing the associated structure\n\nThe work function can run after the ncsi device is freed, resulting\nin use-after-free bugs or kernel panic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49945",
"url": "https://www.suse.com/security/cve/CVE-2024-49945"
},
{
"category": "external",
"summary": "SUSE Bug 1232165 for CVE-2024-49945",
"url": "https://bugzilla.suse.com/1232165"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49945"
},
{
"cve": "CVE-2024-49946",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49946"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: do not assume bh is held in ppp_channel_bridge_input()\n\nNetworking receive path is usually handled from BH handler.\nHowever, some protocols need to acquire the socket lock, and\npackets might be stored in the socket backlog is the socket was\nowned by a user process.\n\nIn this case, release_sock(), __release_sock(), and sk_backlog_rcv()\nmight call the sk-\u003esk_backlog_rcv() handler in process context.\n\nsybot caught ppp was not considering this case in\nppp_channel_bridge_input() :\n\nWARNING: inconsistent lock state\n6.11.0-rc7-syzkaller-g5f5673607153 #0 Not tainted\n--------------------------------\ninconsistent {SOFTIRQ-ON-W} -\u003e {IN-SOFTIRQ-W} usage.\nksoftirqd/1/24 [HC0[0]:SC1[1]:HE1:SE0] takes:\n ffff0000db7f11e0 (\u0026pch-\u003edownl){+.?.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]\n ffff0000db7f11e0 (\u0026pch-\u003edownl){+.?.}-{2:2}, at: ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2272 [inline]\n ffff0000db7f11e0 (\u0026pch-\u003edownl){+.?.}-{2:2}, at: ppp_input+0x16c/0x854 drivers/net/ppp/ppp_generic.c:2304\n{SOFTIRQ-ON-W} state was registered at:\n lock_acquire+0x240/0x728 kernel/locking/lockdep.c:5759\n __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]\n _raw_spin_lock+0x48/0x60 kernel/locking/spinlock.c:154\n spin_lock include/linux/spinlock.h:351 [inline]\n ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2272 [inline]\n ppp_input+0x16c/0x854 drivers/net/ppp/ppp_generic.c:2304\n pppoe_rcv_core+0xfc/0x314 drivers/net/ppp/pppoe.c:379\n sk_backlog_rcv include/net/sock.h:1111 [inline]\n __release_sock+0x1a8/0x3d8 net/core/sock.c:3004\n release_sock+0x68/0x1b8 net/core/sock.c:3558\n pppoe_sendmsg+0xc8/0x5d8 drivers/net/ppp/pppoe.c:903\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n __sys_sendto+0x374/0x4f4 net/socket.c:2204\n __do_sys_sendto net/socket.c:2216 [inline]\n __se_sys_sendto net/socket.c:2212 [inline]\n __arm64_sys_sendto+0xd8/0xf8 net/socket.c:2212\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712\n el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730\n el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598\nirq event stamp: 282914\n hardirqs last enabled at (282914): [\u003cffff80008b42e30c\u003e] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]\n hardirqs last enabled at (282914): [\u003cffff80008b42e30c\u003e] _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:194\n hardirqs last disabled at (282913): [\u003cffff80008b42e13c\u003e] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline]\n hardirqs last disabled at (282913): [\u003cffff80008b42e13c\u003e] _raw_spin_lock_irqsave+0x2c/0x7c kernel/locking/spinlock.c:162\n softirqs last enabled at (282904): [\u003cffff8000801f8e88\u003e] softirq_handle_end kernel/softirq.c:400 [inline]\n softirqs last enabled at (282904): [\u003cffff8000801f8e88\u003e] handle_softirqs+0xa3c/0xbfc kernel/softirq.c:582\n softirqs last disabled at (282909): [\u003cffff8000801fbdf8\u003e] run_ksoftirqd+0x70/0x158 kernel/softirq.c:928\n\nother info that might help us debug this:\n Possible unsafe locking scenario:\n\n CPU0\n ----\n lock(\u0026pch-\u003edownl);\n \u003cInterrupt\u003e\n lock(\u0026pch-\u003edownl);\n\n *** DEADLOCK ***\n\n1 lock held by ksoftirqd/1/24:\n #0: ffff80008f74dfa0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:325\n\nstack backtrace:\nCPU: 1 UID: 0 PID: 24 Comm: ksoftirqd/1 Not tainted 6.11.0-rc7-syzkaller-g5f5673607153 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall trace:\n dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:319\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:326\n __dump_sta\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49946",
"url": "https://www.suse.com/security/cve/CVE-2024-49946"
},
{
"category": "external",
"summary": "SUSE Bug 1232164 for CVE-2024-49946",
"url": "https://bugzilla.suse.com/1232164"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49946"
},
{
"cve": "CVE-2024-49947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49947"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: test for not too small csum_start in virtio_net_hdr_to_skb()\n\nsyzbot was able to trigger this warning [1], after injecting a\nmalicious packet through af_packet, setting skb-\u003ecsum_start and thus\nthe transport header to an incorrect value.\n\nWe can at least make sure the transport header is after\nthe end of the network header (with a estimated minimal size).\n\n[1]\n[ 67.873027] skb len=4096 headroom=16 headlen=14 tailroom=0\nmac=(-1,-1) mac_len=0 net=(16,-6) trans=10\nshinfo(txflags=0 nr_frags=1 gso(size=0 type=0 segs=0))\ncsum(0xa start=10 offset=0 ip_summed=3 complete_sw=0 valid=0 level=0)\nhash(0x0 sw=0 l4=0) proto=0x0800 pkttype=0 iif=0\npriority=0x0 mark=0x0 alloc_cpu=10 vlan_all=0x0\nencapsulation=0 inner(proto=0x0000, mac=0, net=0, trans=0)\n[ 67.877172] dev name=veth0_vlan feat=0x000061164fdd09e9\n[ 67.877764] sk family=17 type=3 proto=0\n[ 67.878279] skb linear: 00000000: 00 00 10 00 00 00 00 00 0f 00 00 00 08 00\n[ 67.879128] skb frag: 00000000: 0e 00 07 00 00 00 28 00 08 80 1c 00 04 00 00 02\n[ 67.879877] skb frag: 00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.880647] skb frag: 00000020: 00 00 02 00 00 00 08 00 1b 00 00 00 00 00 00 00\n[ 67.881156] skb frag: 00000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.881753] skb frag: 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.882173] skb frag: 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.882790] skb frag: 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.883171] skb frag: 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.883733] skb frag: 00000080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.884206] skb frag: 00000090: 00 00 00 00 00 00 00 00 00 00 69 70 76 6c 61 6e\n[ 67.884704] skb frag: 000000a0: 31 00 00 00 00 00 00 00 00 00 2b 00 00 00 00 00\n[ 67.885139] skb frag: 000000b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.885677] skb frag: 000000c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.886042] skb frag: 000000d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.886408] skb frag: 000000e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.887020] skb frag: 000000f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.887384] skb frag: 00000100: 00 00\n[ 67.887878] ------------[ cut here ]------------\n[ 67.887908] offset (-6) \u003e= skb_headlen() (14)\n[ 67.888445] WARNING: CPU: 10 PID: 2088 at net/core/dev.c:3332 skb_checksum_help (net/core/dev.c:3332 (discriminator 2))\n[ 67.889353] Modules linked in: macsec macvtap macvlan hsr wireguard curve25519_x86_64 libcurve25519_generic libchacha20poly1305 chacha_x86_64 libchacha poly1305_x86_64 dummy bridge sr_mod cdrom evdev pcspkr i2c_piix4 9pnet_virtio 9p 9pnet netfs\n[ 67.890111] CPU: 10 UID: 0 PID: 2088 Comm: b363492833 Not tainted 6.11.0-virtme #1011\n[ 67.890183] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 67.890309] RIP: 0010:skb_checksum_help (net/core/dev.c:3332 (discriminator 2))\n[ 67.891043] Call Trace:\n[ 67.891173] \u003cTASK\u003e\n[ 67.891274] ? __warn (kernel/panic.c:741)\n[ 67.891320] ? skb_checksum_help (net/core/dev.c:3332 (discriminator 2))\n[ 67.891333] ? report_bug (lib/bug.c:180 lib/bug.c:219)\n[ 67.891348] ? handle_bug (arch/x86/kernel/traps.c:239)\n[ 67.891363] ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminator 1))\n[ 67.891372] ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621)\n[ 67.891388] ? skb_checksum_help (net/core/dev.c:3332 (discriminator 2))\n[ 67.891399] ? skb_checksum_help (net/core/dev.c:3332 (discriminator 2))\n[ 67.891416] ip_do_fragment (net/ipv4/ip_output.c:777 (discriminator 1))\n[ 67.891448] ? __ip_local_out (./include/linux/skbuff.h:1146 ./include/net/l3mdev.h:196 ./include/net/l3mdev.h:213 ne\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49947",
"url": "https://www.suse.com/security/cve/CVE-2024-49947"
},
{
"category": "external",
"summary": "SUSE Bug 1232162 for CVE-2024-49947",
"url": "https://bugzilla.suse.com/1232162"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49947"
},
{
"cve": "CVE-2024-49949",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49949"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: avoid potential underflow in qdisc_pkt_len_init() with UFO\n\nAfter commit 7c6d2ecbda83 (\"net: be more gentle about silly gso\nrequests coming from user\") virtio_net_hdr_to_skb() had sanity check\nto detect malicious attempts from user space to cook a bad GSO packet.\n\nThen commit cf9acc90c80ec (\"net: virtio_net_hdr_to_skb: count\ntransport header in UFO\") while fixing one issue, allowed user space\nto cook a GSO packet with the following characteristic :\n\nIPv4 SKB_GSO_UDP, gso_size=3, skb-\u003elen = 28.\n\nWhen this packet arrives in qdisc_pkt_len_init(), we end up\nwith hdr_len = 28 (IPv4 header + UDP header), matching skb-\u003elen\n\nThen the following sets gso_segs to 0 :\n\ngso_segs = DIV_ROUND_UP(skb-\u003elen - hdr_len,\n shinfo-\u003egso_size);\n\nThen later we set qdisc_skb_cb(skb)-\u003epkt_len to back to zero :/\n\nqdisc_skb_cb(skb)-\u003epkt_len += (gso_segs - 1) * hdr_len;\n\nThis leads to the following crash in fq_codel [1]\n\nqdisc_pkt_len_init() is best effort, we only want an estimation\nof the bytes sent on the wire, not crashing the kernel.\n\nThis patch is fixing this particular issue, a following one\nadds more sanity checks for another potential bug.\n\n[1]\n[ 70.724101] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 70.724561] #PF: supervisor read access in kernel mode\n[ 70.724561] #PF: error_code(0x0000) - not-present page\n[ 70.724561] PGD 10ac61067 P4D 10ac61067 PUD 107ee2067 PMD 0\n[ 70.724561] Oops: Oops: 0000 [#1] SMP NOPTI\n[ 70.724561] CPU: 11 UID: 0 PID: 2163 Comm: b358537762 Not tainted 6.11.0-virtme #991\n[ 70.724561] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 70.724561] RIP: 0010:fq_codel_enqueue (net/sched/sch_fq_codel.c:120 net/sched/sch_fq_codel.c:168 net/sched/sch_fq_codel.c:230) sch_fq_codel\n[ 70.724561] Code: 24 08 49 c1 e1 06 44 89 7c 24 18 45 31 ed 45 31 c0 31 ff 89 44 24 14 4c 03 8b 90 01 00 00 eb 04 39 ca 73 37 4d 8b 39 83 c7 01 \u003c49\u003e 8b 17 49 89 11 41 8b 57 28 45 8b 5f 34 49 c7 07 00 00 00 00 49\nAll code\n========\n 0:\t24 08 \tand $0x8,%al\n 2:\t49 c1 e1 06 \tshl $0x6,%r9\n 6:\t44 89 7c 24 18 \tmov %r15d,0x18(%rsp)\n b:\t45 31 ed \txor %r13d,%r13d\n e:\t45 31 c0 \txor %r8d,%r8d\n 11:\t31 ff \txor %edi,%edi\n 13:\t89 44 24 14 \tmov %eax,0x14(%rsp)\n 17:\t4c 03 8b 90 01 00 00 \tadd 0x190(%rbx),%r9\n 1e:\teb 04 \tjmp 0x24\n 20:\t39 ca \tcmp %ecx,%edx\n 22:\t73 37 \tjae 0x5b\n 24:\t4d 8b 39 \tmov (%r9),%r15\n 27:\t83 c7 01 \tadd $0x1,%edi\n 2a:*\t49 8b 17 \tmov (%r15),%rdx\t\t\u003c-- trapping instruction\n 2d:\t49 89 11 \tmov %rdx,(%r9)\n 30:\t41 8b 57 28 \tmov 0x28(%r15),%edx\n 34:\t45 8b 5f 34 \tmov 0x34(%r15),%r11d\n 38:\t49 c7 07 00 00 00 00 \tmovq $0x0,(%r15)\n 3f:\t49 \trex.WB\n\nCode starting with the faulting instruction\n===========================================\n 0:\t49 8b 17 \tmov (%r15),%rdx\n 3:\t49 89 11 \tmov %rdx,(%r9)\n 6:\t41 8b 57 28 \tmov 0x28(%r15),%edx\n a:\t45 8b 5f 34 \tmov 0x34(%r15),%r11d\n e:\t49 c7 07 00 00 00 00 \tmovq $0x0,(%r15)\n 15:\t49 \trex.WB\n[ 70.724561] RSP: 0018:ffff95ae85e6fb90 EFLAGS: 00000202\n[ 70.724561] RAX: 0000000002000000 RBX: ffff95ae841de000 RCX: 0000000000000000\n[ 70.724561] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001\n[ 70.724561] RBP: ffff95ae85e6fbf8 R08: 0000000000000000 R09: ffff95b710a30000\n[ 70.724561] R10: 0000000000000000 R11: bdf289445ce31881 R12: ffff95ae85e6fc58\n[ 70.724561] R13: 0000000000000000 R14: 0000000000000040 R15: 0000000000000000\n[ 70.724561] FS: 000000002c5c1380(0000) GS:ffff95bd7fcc0000(0000) knlGS:0000000000000000\n[ 70.724561] CS: 0010 DS: 0000 ES: 0000 C\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49949",
"url": "https://www.suse.com/security/cve/CVE-2024-49949"
},
{
"category": "external",
"summary": "SUSE Bug 1232160 for CVE-2024-49949",
"url": "https://bugzilla.suse.com/1232160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49949"
},
{
"cve": "CVE-2024-49950",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49950"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix uaf in l2cap_connect\n\n[Syzbot reported]\nBUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\nRead of size 8 at addr ffff8880241e9800 by task kworker/u9:0/54\n\nCPU: 0 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.11.0-rc6-syzkaller-00268-g788220eee30d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nWorkqueue: hci2 hci_rx_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\n l2cap_connect_req net/bluetooth/l2cap_core.c:4080 [inline]\n l2cap_bredr_sig_cmd net/bluetooth/l2cap_core.c:4772 [inline]\n l2cap_sig_channel net/bluetooth/l2cap_core.c:5543 [inline]\n l2cap_recv_frame+0xf0b/0x8eb0 net/bluetooth/l2cap_core.c:6825\n l2cap_recv_acldata+0x9b4/0xb70 net/bluetooth/l2cap_core.c:7514\n hci_acldata_packet net/bluetooth/hci_core.c:3791 [inline]\n hci_rx_work+0xaab/0x1610 net/bluetooth/hci_core.c:4028\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n...\n\nFreed by task 5245:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579\n poison_slab_object+0xf7/0x160 mm/kasan/common.c:240\n __kasan_slab_free+0x32/0x50 mm/kasan/common.c:256\n kasan_slab_free include/linux/kasan.h:184 [inline]\n slab_free_hook mm/slub.c:2256 [inline]\n slab_free mm/slub.c:4477 [inline]\n kfree+0x12a/0x3b0 mm/slub.c:4598\n l2cap_conn_free net/bluetooth/l2cap_core.c:1810 [inline]\n kref_put include/linux/kref.h:65 [inline]\n l2cap_conn_put net/bluetooth/l2cap_core.c:1822 [inline]\n l2cap_conn_del+0x59d/0x730 net/bluetooth/l2cap_core.c:1802\n l2cap_connect_cfm+0x9e6/0xf80 net/bluetooth/l2cap_core.c:7241\n hci_connect_cfm include/net/bluetooth/hci_core.h:1960 [inline]\n hci_conn_failed+0x1c3/0x370 net/bluetooth/hci_conn.c:1265\n hci_abort_conn_sync+0x75a/0xb50 net/bluetooth/hci_sync.c:5583\n abort_conn_sync+0x197/0x360 net/bluetooth/hci_conn.c:2917\n hci_cmd_sync_work+0x1a4/0x410 net/bluetooth/hci_sync.c:328\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49950",
"url": "https://www.suse.com/security/cve/CVE-2024-49950"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-49950",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232159 for CVE-2024-49950",
"url": "https://bugzilla.suse.com/1232159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49950"
},
{
"cve": "CVE-2024-49952",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49952"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: prevent nf_skb_duplicated corruption\n\nsyzbot found that nf_dup_ipv4() or nf_dup_ipv6() could write\nper-cpu variable nf_skb_duplicated in an unsafe way [1].\n\nDisabling preemption as hinted by the splat is not enough,\nwe have to disable soft interrupts as well.\n\n[1]\nBUG: using __this_cpu_write() in preemptible [00000000] code: syz.4.282/6316\n caller is nf_dup_ipv4+0x651/0x8f0 net/ipv4/netfilter/nf_dup_ipv4.c:87\nCPU: 0 UID: 0 PID: 6316 Comm: syz.4.282 Not tainted 6.11.0-rc7-syzkaller-00104-g7052622fccb1 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n check_preemption_disabled+0x10e/0x120 lib/smp_processor_id.c:49\n nf_dup_ipv4+0x651/0x8f0 net/ipv4/netfilter/nf_dup_ipv4.c:87\n nft_dup_ipv4_eval+0x1db/0x300 net/ipv4/netfilter/nft_dup_ipv4.c:30\n expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]\n nft_do_chain+0x4ad/0x1da0 net/netfilter/nf_tables_core.c:288\n nft_do_chain_ipv4+0x202/0x320 net/netfilter/nft_chain_filter.c:23\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626\n nf_hook+0x2c4/0x450 include/linux/netfilter.h:269\n NF_HOOK_COND include/linux/netfilter.h:302 [inline]\n ip_output+0x185/0x230 net/ipv4/ip_output.c:433\n ip_local_out net/ipv4/ip_output.c:129 [inline]\n ip_send_skb+0x74/0x100 net/ipv4/ip_output.c:1495\n udp_send_skb+0xacf/0x1650 net/ipv4/udp.c:981\n udp_sendmsg+0x1c21/0x2a60 net/ipv4/udp.c:1269\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x1a6/0x270 net/socket.c:745\n ____sys_sendmsg+0x525/0x7d0 net/socket.c:2597\n ___sys_sendmsg net/socket.c:2651 [inline]\n __sys_sendmmsg+0x3b2/0x740 net/socket.c:2737\n __do_sys_sendmmsg net/socket.c:2766 [inline]\n __se_sys_sendmmsg net/socket.c:2763 [inline]\n __x64_sys_sendmmsg+0xa0/0xb0 net/socket.c:2763\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f4ce4f7def9\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f4ce5d4a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133\nRAX: ffffffffffffffda RBX: 00007f4ce5135f80 RCX: 00007f4ce4f7def9\nRDX: 0000000000000001 RSI: 0000000020005d40 RDI: 0000000000000006\nRBP: 00007f4ce4ff0b76 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007f4ce5135f80 R15: 00007ffd4cbc6d68\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49952",
"url": "https://www.suse.com/security/cve/CVE-2024-49952"
},
{
"category": "external",
"summary": "SUSE Bug 1232157 for CVE-2024-49952",
"url": "https://bugzilla.suse.com/1232157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49952"
},
{
"cve": "CVE-2024-49953",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49953"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice\n\nThe km.state is not checked in driver\u0027s delayed work. When\nxfrm_state_check_expire() is called, the state can be reset to\nXFRM_STATE_EXPIRED, even if it is XFRM_STATE_DEAD already. This\nhappens when xfrm state is deleted, but not freed yet. As\n__xfrm_state_delete() is called again in xfrm timer, the following\ncrash occurs.\n\nTo fix this issue, skip xfrm_state_check_expire() if km.state is not\nXFRM_STATE_VALID.\n\n Oops: general protection fault, probably for non-canonical address 0xdead000000000108: 0000 [#1] SMP\n CPU: 5 UID: 0 PID: 7448 Comm: kworker/u102:2 Not tainted 6.11.0-rc2+ #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Workqueue: mlx5e_ipsec: eth%d mlx5e_ipsec_handle_sw_limits [mlx5_core]\n RIP: 0010:__xfrm_state_delete+0x3d/0x1b0\n Code: 0f 84 8b 01 00 00 48 89 fd c6 87 c8 00 00 00 05 48 8d bb 40 10 00 00 e8 11 04 1a 00 48 8b 95 b8 00 00 00 48 8b 85 c0 00 00 00 \u003c48\u003e 89 42 08 48 89 10 48 8b 55 10 48 b8 00 01 00 00 00 00 ad de 48\n RSP: 0018:ffff88885f945ec8 EFLAGS: 00010246\n RAX: dead000000000122 RBX: ffffffff82afa940 RCX: 0000000000000036\n RDX: dead000000000100 RSI: 0000000000000000 RDI: ffffffff82afb980\n RBP: ffff888109a20340 R08: ffff88885f945ea0 R09: 0000000000000000\n R10: 0000000000000000 R11: ffff88885f945ff8 R12: 0000000000000246\n R13: ffff888109a20340 R14: ffff88885f95f420 R15: ffff88885f95f400\n FS: 0000000000000000(0000) GS:ffff88885f940000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f2163102430 CR3: 00000001128d6001 CR4: 0000000000370eb0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cIRQ\u003e\n ? die_addr+0x33/0x90\n ? exc_general_protection+0x1a2/0x390\n ? asm_exc_general_protection+0x22/0x30\n ? __xfrm_state_delete+0x3d/0x1b0\n ? __xfrm_state_delete+0x2f/0x1b0\n xfrm_timer_handler+0x174/0x350\n ? __xfrm_state_delete+0x1b0/0x1b0\n __hrtimer_run_queues+0x121/0x270\n hrtimer_run_softirq+0x88/0xd0\n handle_softirqs+0xcc/0x270\n do_softirq+0x3c/0x50\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n __local_bh_enable_ip+0x47/0x50\n mlx5e_ipsec_handle_sw_limits+0x7d/0x90 [mlx5_core]\n process_one_work+0x137/0x2d0\n worker_thread+0x28d/0x3a0\n ? rescuer_thread+0x480/0x480\n kthread+0xb8/0xe0\n ? kthread_park+0x80/0x80\n ret_from_fork+0x2d/0x50\n ? kthread_park+0x80/0x80\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49953",
"url": "https://www.suse.com/security/cve/CVE-2024-49953"
},
{
"category": "external",
"summary": "SUSE Bug 1232156 for CVE-2024-49953",
"url": "https://bugzilla.suse.com/1232156"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49953"
},
{
"cve": "CVE-2024-49954",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49954"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstatic_call: Replace pointless WARN_ON() in static_call_module_notify()\n\nstatic_call_module_notify() triggers a WARN_ON(), when memory allocation\nfails in __static_call_add_module().\n\nThat\u0027s not really justified, because the failure case must be correctly\nhandled by the well known call chain and the error code is passed\nthrough to the initiating userspace application.\n\nA memory allocation fail is not a fatal problem, but the WARN_ON() takes\nthe machine out when panic_on_warn is set.\n\nReplace it with a pr_warn().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49954",
"url": "https://www.suse.com/security/cve/CVE-2024-49954"
},
{
"category": "external",
"summary": "SUSE Bug 1232155 for CVE-2024-49954",
"url": "https://bugzilla.suse.com/1232155"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49954"
},
{
"cve": "CVE-2024-49955",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49955"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: battery: Fix possible crash when unregistering a battery hook\n\nWhen a battery hook returns an error when adding a new battery, then\nthe battery hook is automatically unregistered.\nHowever the battery hook provider cannot know that, so it will later\ncall battery_hook_unregister() on the already unregistered battery\nhook, resulting in a crash.\n\nFix this by using the list head to mark already unregistered battery\nhooks as already being unregistered so that they can be ignored by\nbattery_hook_unregister().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49955",
"url": "https://www.suse.com/security/cve/CVE-2024-49955"
},
{
"category": "external",
"summary": "SUSE Bug 1232154 for CVE-2024-49955",
"url": "https://bugzilla.suse.com/1232154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49955"
},
{
"cve": "CVE-2024-49957",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49957"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix null-ptr-deref when journal load failed.\n\nDuring the mounting process, if journal_reset() fails because of too short\njournal, then lead to jbd2_journal_load() fails with NULL j_sb_buffer. \nSubsequently, ocfs2_journal_shutdown() calls\njbd2_journal_flush()-\u003ejbd2_cleanup_journal_tail()-\u003e\n__jbd2_update_log_tail()-\u003ejbd2_journal_update_sb_log_tail()\n-\u003elock_buffer(journal-\u003ej_sb_buffer), resulting in a null-pointer\ndereference error.\n\nTo resolve this issue, we should check the JBD2_LOADED flag to ensure the\njournal was properly loaded. Additionally, use journal instead of\nosb-\u003ejournal directly to simplify the code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49957",
"url": "https://www.suse.com/security/cve/CVE-2024-49957"
},
{
"category": "external",
"summary": "SUSE Bug 1232152 for CVE-2024-49957",
"url": "https://bugzilla.suse.com/1232152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49957"
},
{
"cve": "CVE-2024-49958",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49958"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: reserve space for inline xattr before attaching reflink tree\n\nOne of our customers reported a crash and a corrupted ocfs2 filesystem. \nThe crash was due to the detection of corruption. Upon troubleshooting,\nthe fsck -fn output showed the below corruption\n\n[EXTENT_LIST_FREE] Extent list in owner 33080590 claims 230 as the next free chain record,\nbut fsck believes the largest valid value is 227. Clamp the next record value? n\n\nThe stat output from the debugfs.ocfs2 showed the following corruption\nwhere the \"Next Free Rec:\" had overshot the \"Count:\" in the root metadata\nblock.\n\n Inode: 33080590 Mode: 0640 Generation: 2619713622 (0x9c25a856)\n FS Generation: 904309833 (0x35e6ac49)\n CRC32: 00000000 ECC: 0000\n Type: Regular Attr: 0x0 Flags: Valid\n Dynamic Features: (0x16) HasXattr InlineXattr Refcounted\n Extended Attributes Block: 0 Extended Attributes Inline Size: 256\n User: 0 (root) Group: 0 (root) Size: 281320357888\n Links: 1 Clusters: 141738\n ctime: 0x66911b56 0x316edcb8 -- Fri Jul 12 06:02:30.829349048 2024\n atime: 0x66911d6b 0x7f7a28d -- Fri Jul 12 06:11:23.133669517 2024\n mtime: 0x66911b56 0x12ed75d7 -- Fri Jul 12 06:02:30.317552087 2024\n dtime: 0x0 -- Wed Dec 31 17:00:00 1969\n Refcount Block: 2777346\n Last Extblk: 2886943 Orphan Slot: 0\n Sub Alloc Slot: 0 Sub Alloc Bit: 14\n Tree Depth: 1 Count: 227 Next Free Rec: 230\n ## Offset Clusters Block#\n 0 0 2310 2776351\n 1 2310 2139 2777375\n 2 4449 1221 2778399\n 3 5670 731 2779423\n 4 6401 566 2780447\n ....... .... .......\n ....... .... .......\n\nThe issue was in the reflink workfow while reserving space for inline\nxattr. The problematic function is ocfs2_reflink_xattr_inline(). By the\ntime this function is called the reflink tree is already recreated at the\ndestination inode from the source inode. At this point, this function\nreserves space for inline xattrs at the destination inode without even\nchecking if there is space at the root metadata block. It simply reduces\nthe l_count from 243 to 227 thereby making space of 256 bytes for inline\nxattr whereas the inode already has extents beyond this index (in this\ncase up to 230), thereby causing corruption.\n\nThe fix for this is to reserve space for inline metadata at the destination\ninode before the reflink tree gets recreated. The customer has verified the\nfix.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49958",
"url": "https://www.suse.com/security/cve/CVE-2024-49958"
},
{
"category": "external",
"summary": "SUSE Bug 1232151 for CVE-2024-49958",
"url": "https://bugzilla.suse.com/1232151"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49958"
},
{
"cve": "CVE-2024-49959",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49959"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error\n\nIn __jbd2_log_wait_for_space(), we might call jbd2_cleanup_journal_tail()\nto recover some journal space. But if an error occurs while executing\njbd2_cleanup_journal_tail() (e.g., an EIO), we don\u0027t stop waiting for free\nspace right away, we try other branches, and if j_committing_transaction\nis NULL (i.e., the tid is 0), we will get the following complain:\n\n============================================\nJBD2: I/O error when updating journal superblock for sdd-8.\n__jbd2_log_wait_for_space: needed 256 blocks and only had 217 space available\n__jbd2_log_wait_for_space: no way to get more journal space in sdd-8\n------------[ cut here ]------------\nWARNING: CPU: 2 PID: 139804 at fs/jbd2/checkpoint.c:109 __jbd2_log_wait_for_space+0x251/0x2e0\nModules linked in:\nCPU: 2 PID: 139804 Comm: kworker/u8:3 Not tainted 6.6.0+ #1\nRIP: 0010:__jbd2_log_wait_for_space+0x251/0x2e0\nCall Trace:\n \u003cTASK\u003e\n add_transaction_credits+0x5d1/0x5e0\n start_this_handle+0x1ef/0x6a0\n jbd2__journal_start+0x18b/0x340\n ext4_dirty_inode+0x5d/0xb0\n __mark_inode_dirty+0xe4/0x5d0\n generic_update_time+0x60/0x70\n[...]\n============================================\n\nSo only if jbd2_cleanup_journal_tail() returns 1, i.e., there is nothing to\nclean up at the moment, continue to try to reclaim free space in other ways.\n\nNote that this fix relies on commit 6f6a6fda2945 (\"jbd2: fix ocfs2 corrupt\nwhen updating journal superblock fails\") to make jbd2_cleanup_journal_tail\nreturn the correct error code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49959",
"url": "https://www.suse.com/security/cve/CVE-2024-49959"
},
{
"category": "external",
"summary": "SUSE Bug 1232149 for CVE-2024-49959",
"url": "https://bugzilla.suse.com/1232149"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49959"
},
{
"cve": "CVE-2024-49960",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49960"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix timer use-after-free on failed mount\n\nSyzbot has found an ODEBUG bug in ext4_fill_super\n\nThe del_timer_sync function cancels the s_err_report timer,\nwhich reminds about filesystem errors daily. We should\nguarantee the timer is no longer active before kfree(sbi).\n\nWhen filesystem mounting fails, the flow goes to failed_mount3,\nwhere an error occurs when ext4_stop_mmpd is called, causing\na read I/O failure. This triggers the ext4_handle_error function\nthat ultimately re-arms the timer,\nleaving the s_err_report timer active before kfree(sbi) is called.\n\nFix the issue by canceling the s_err_report timer after calling ext4_stop_mmpd.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49960",
"url": "https://www.suse.com/security/cve/CVE-2024-49960"
},
{
"category": "external",
"summary": "SUSE Bug 1232395 for CVE-2024-49960",
"url": "https://bugzilla.suse.com/1232395"
},
{
"category": "external",
"summary": "SUSE Bug 1232803 for CVE-2024-49960",
"url": "https://bugzilla.suse.com/1232803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49960"
},
{
"cve": "CVE-2024-49961",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49961"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c: ar0521: Use cansleep version of gpiod_set_value()\n\nIf we use GPIO reset from I2C port expander, we must use *_cansleep()\nvariant of GPIO functions.\nThis was not done in ar0521_power_on()/ar0521_power_off() functions.\nLet\u0027s fix that.\n\n------------[ cut here ]------------\nWARNING: CPU: 0 PID: 11 at drivers/gpio/gpiolib.c:3496 gpiod_set_value+0x74/0x7c\nModules linked in:\nCPU: 0 PID: 11 Comm: kworker/u16:0 Not tainted 6.10.0 #53\nHardware name: Diasom DS-RK3568-SOM-EVB (DT)\nWorkqueue: events_unbound deferred_probe_work_func\npstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : gpiod_set_value+0x74/0x7c\nlr : ar0521_power_on+0xcc/0x290\nsp : ffffff8001d7ab70\nx29: ffffff8001d7ab70 x28: ffffff80027dcc90 x27: ffffff8003c82000\nx26: ffffff8003ca9250 x25: ffffffc080a39c60 x24: ffffff8003ca9088\nx23: ffffff8002402720 x22: ffffff8003ca9080 x21: ffffff8003ca9088\nx20: 0000000000000000 x19: ffffff8001eb2a00 x18: ffffff80efeeac80\nx17: 756d2d6332692f30 x16: 0000000000000000 x15: 0000000000000000\nx14: ffffff8001d91d40 x13: 0000000000000016 x12: ffffffc080e98930\nx11: ffffff8001eb2880 x10: 0000000000000890 x9 : ffffff8001d7a9f0\nx8 : ffffff8001d92570 x7 : ffffff80efeeac80 x6 : 000000003fc6e780\nx5 : ffffff8001d91c80 x4 : 0000000000000002 x3 : 0000000000000000\nx2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000001\nCall trace:\n gpiod_set_value+0x74/0x7c\n ar0521_power_on+0xcc/0x290\n...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49961",
"url": "https://www.suse.com/security/cve/CVE-2024-49961"
},
{
"category": "external",
"summary": "SUSE Bug 1232148 for CVE-2024-49961",
"url": "https://bugzilla.suse.com/1232148"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49961"
},
{
"cve": "CVE-2024-49962",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49962"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package()\n\nACPICA commit 4d4547cf13cca820ff7e0f859ba83e1a610b9fd0\n\nACPI_ALLOCATE_ZEROED() may fail, elements might be NULL and will cause\nNULL pointer dereference later.\n\n[ rjw: Subject and changelog edits ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49962",
"url": "https://www.suse.com/security/cve/CVE-2024-49962"
},
{
"category": "external",
"summary": "SUSE Bug 1232314 for CVE-2024-49962",
"url": "https://bugzilla.suse.com/1232314"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49962"
},
{
"cve": "CVE-2024-49963",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49963"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmailbox: bcm2835: Fix timeout during suspend mode\n\nDuring noirq suspend phase the Raspberry Pi power driver suffer of\nfirmware property timeouts. The reason is that the IRQ of the underlying\nBCM2835 mailbox is disabled and rpi_firmware_property_list() will always\nrun into a timeout [1].\n\nSince the VideoCore side isn\u0027t consider as a wakeup source, set the\nIRQF_NO_SUSPEND flag for the mailbox IRQ in order to keep it enabled\nduring suspend-resume cycle.\n\n[1]\nPM: late suspend of devices complete after 1.754 msecs\nWARNING: CPU: 0 PID: 438 at drivers/firmware/raspberrypi.c:128\n rpi_firmware_property_list+0x204/0x22c\nFirmware transaction 0x00028001 timeout\nModules linked in:\nCPU: 0 PID: 438 Comm: bash Tainted: G C 6.9.3-dirty #17\nHardware name: BCM2835\nCall trace:\nunwind_backtrace from show_stack+0x18/0x1c\nshow_stack from dump_stack_lvl+0x34/0x44\ndump_stack_lvl from __warn+0x88/0xec\n__warn from warn_slowpath_fmt+0x7c/0xb0\nwarn_slowpath_fmt from rpi_firmware_property_list+0x204/0x22c\nrpi_firmware_property_list from rpi_firmware_property+0x68/0x8c\nrpi_firmware_property from rpi_firmware_set_power+0x54/0xc0\nrpi_firmware_set_power from _genpd_power_off+0xe4/0x148\n_genpd_power_off from genpd_sync_power_off+0x7c/0x11c\ngenpd_sync_power_off from genpd_finish_suspend+0xcc/0xe0\ngenpd_finish_suspend from dpm_run_callback+0x78/0xd0\ndpm_run_callback from device_suspend_noirq+0xc0/0x238\ndevice_suspend_noirq from dpm_suspend_noirq+0xb0/0x168\ndpm_suspend_noirq from suspend_devices_and_enter+0x1b8/0x5ac\nsuspend_devices_and_enter from pm_suspend+0x254/0x2e4\npm_suspend from state_store+0xa8/0xd4\nstate_store from kernfs_fop_write_iter+0x154/0x1a0\nkernfs_fop_write_iter from vfs_write+0x12c/0x184\nvfs_write from ksys_write+0x78/0xc0\nksys_write from ret_fast_syscall+0x0/0x54\nException stack(0xcc93dfa8 to 0xcc93dff0)\n[...]\nPM: noirq suspend of devices complete after 3095.584 msecs",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49963",
"url": "https://www.suse.com/security/cve/CVE-2024-49963"
},
{
"category": "external",
"summary": "SUSE Bug 1232147 for CVE-2024-49963",
"url": "https://bugzilla.suse.com/1232147"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49963"
},
{
"cve": "CVE-2024-49965",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49965"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: remove unreasonable unlock in ocfs2_read_blocks\n\nPatch series \"Misc fixes for ocfs2_read_blocks\", v5.\n\nThis series contains 2 fixes for ocfs2_read_blocks(). The first patch fix\nthe issue reported by syzbot, which detects bad unlock balance in\nocfs2_read_blocks(). The second patch fixes an issue reported by Heming\nZhao when reviewing above fix.\n\n\nThis patch (of 2):\n\nThere was a lock release before exiting, so remove the unreasonable unlock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49965",
"url": "https://www.suse.com/security/cve/CVE-2024-49965"
},
{
"category": "external",
"summary": "SUSE Bug 1232142 for CVE-2024-49965",
"url": "https://bugzilla.suse.com/1232142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49965"
},
{
"cve": "CVE-2024-49966",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49966"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: cancel dqi_sync_work before freeing oinfo\n\nocfs2_global_read_info() will initialize and schedule dqi_sync_work at the\nend, if error occurs after successfully reading global quota, it will\ntrigger the following warning with CONFIG_DEBUG_OBJECTS_* enabled:\n\nODEBUG: free active (active state 0) object: 00000000d8b0ce28 object type: timer_list hint: qsync_work_fn+0x0/0x16c\n\nThis reports that there is an active delayed work when freeing oinfo in\nerror handling, so cancel dqi_sync_work first. BTW, return status instead\nof -1 when .read_file_info fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49966",
"url": "https://www.suse.com/security/cve/CVE-2024-49966"
},
{
"category": "external",
"summary": "SUSE Bug 1232141 for CVE-2024-49966",
"url": "https://bugzilla.suse.com/1232141"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49966"
},
{
"cve": "CVE-2024-49967",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49967"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49967",
"url": "https://www.suse.com/security/cve/CVE-2024-49967"
},
{
"category": "external",
"summary": "SUSE Bug 1232140 for CVE-2024-49967",
"url": "https://bugzilla.suse.com/1232140"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49967"
},
{
"cve": "CVE-2024-49968",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49968"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: filesystems without casefold feature cannot be mounted with siphash\n\nWhen mounting the ext4 filesystem, if the default hash version is set to\nDX_HASH_SIPHASH but the casefold feature is not set, exit the mounting.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49968",
"url": "https://www.suse.com/security/cve/CVE-2024-49968"
},
{
"category": "external",
"summary": "SUSE Bug 1232264 for CVE-2024-49968",
"url": "https://bugzilla.suse.com/1232264"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49968"
},
{
"cve": "CVE-2024-49969",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49969"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix index out of bounds in DCN30 color transformation\n\nThis commit addresses a potential index out of bounds issue in the\n`cm3_helper_translate_curve_to_hw_format` function in the DCN30 color\nmanagement module. The issue could occur when the index \u0027i\u0027 exceeds the\nnumber of transfer function points (TRANSFER_FUNC_POINTS).\n\nThe fix adds a check to ensure \u0027i\u0027 is within bounds before accessing the\ntransfer function points. If \u0027i\u0027 is out of bounds, the function returns\nfalse to indicate an error.\n\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:180 cm3_helper_translate_curve_to_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.red\u0027 1025 \u003c= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:181 cm3_helper_translate_curve_to_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.green\u0027 1025 \u003c= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:182 cm3_helper_translate_curve_to_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.blue\u0027 1025 \u003c= s32max",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49969",
"url": "https://www.suse.com/security/cve/CVE-2024-49969"
},
{
"category": "external",
"summary": "SUSE Bug 1232519 for CVE-2024-49969",
"url": "https://bugzilla.suse.com/1232519"
},
{
"category": "external",
"summary": "SUSE Bug 1232524 for CVE-2024-49969",
"url": "https://bugzilla.suse.com/1232524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-49969"
},
{
"cve": "CVE-2024-49972",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49972"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Deallocate DML memory if allocation fails\n\n[Why]\nWhen DC state create DML memory allocation fails, memory is not\ndeallocated subsequently, resulting in uninitialized structure\nthat is not NULL.\n\n[How]\nDeallocate memory if DML memory allocation fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49972",
"url": "https://www.suse.com/security/cve/CVE-2024-49972"
},
{
"category": "external",
"summary": "SUSE Bug 1232315 for CVE-2024-49972",
"url": "https://bugzilla.suse.com/1232315"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49972"
},
{
"cve": "CVE-2024-49973",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49973"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nr8169: add tally counter fields added with RTL8125\n\nRTL8125 added fields to the tally counter, what may result in the chip\ndma\u0027ing these new fields to unallocated memory. Therefore make sure\nthat the allocated memory area is big enough to hold all of the\ntally counter values, even if we use only parts of it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49973",
"url": "https://www.suse.com/security/cve/CVE-2024-49973"
},
{
"category": "external",
"summary": "SUSE Bug 1232105 for CVE-2024-49973",
"url": "https://bugzilla.suse.com/1232105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49973"
},
{
"cve": "CVE-2024-49974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49974"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Limit the number of concurrent async COPY operations\n\nNothing appears to limit the number of concurrent async COPY\noperations that clients can start. In addition, AFAICT each async\nCOPY can copy an unlimited number of 4MB chunks, so can run for a\nlong time. Thus IMO async COPY can become a DoS vector.\n\nAdd a restriction mechanism that bounds the number of concurrent\nbackground COPY operations. Start simple and try to be fair -- this\npatch implements a per-namespace limit.\n\nAn async COPY request that occurs while this limit is exceeded gets\nNFS4ERR_DELAY. The requesting client can choose to send the request\nagain after a delay or fall back to a traditional read/write style\ncopy.\n\nIf there is need to make the mechanism more sophisticated, we can\nvisit that in future patches.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49974",
"url": "https://www.suse.com/security/cve/CVE-2024-49974"
},
{
"category": "external",
"summary": "SUSE Bug 1232383 for CVE-2024-49974",
"url": "https://bugzilla.suse.com/1232383"
},
{
"category": "external",
"summary": "SUSE Bug 1232384 for CVE-2024-49974",
"url": "https://bugzilla.suse.com/1232384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-49974"
},
{
"cve": "CVE-2024-49975",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49975"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nuprobes: fix kernel info leak via \"[uprobes]\" vma\n\nxol_add_vma() maps the uninitialized page allocated by __create_xol_area()\ninto userspace. On some architectures (x86) this memory is readable even\nwithout VM_READ, VM_EXEC results in the same pgprot_t as VM_EXEC|VM_READ,\nalthough this doesn\u0027t really matter, debugger can read this memory anyway.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49975",
"url": "https://www.suse.com/security/cve/CVE-2024-49975"
},
{
"category": "external",
"summary": "SUSE Bug 1232104 for CVE-2024-49975",
"url": "https://bugzilla.suse.com/1232104"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49975"
},
{
"cve": "CVE-2024-49976",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49976"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/timerlat: Drop interface_lock in stop_kthread()\n\nstop_kthread() is the offline callback for \"trace/osnoise:online\", since\ncommit 5bfbcd1ee57b (\"tracing/timerlat: Add interface_lock around clearing\nof kthread in stop_kthread()\"), the following ABBA deadlock scenario is\nintroduced:\n\nT1 | T2 [BP] | T3 [AP]\nosnoise_hotplug_workfn() | work_for_cpu_fn() | cpuhp_thread_fun()\n | _cpu_down() | osnoise_cpu_die()\n mutex_lock(\u0026interface_lock) | | stop_kthread()\n | cpus_write_lock() | mutex_lock(\u0026interface_lock)\n cpus_read_lock() | cpuhp_kick_ap() |\n\nAs the interface_lock here in just for protecting the \"kthread\" field of\nthe osn_var, use xchg() instead to fix this issue. Also use\nfor_each_online_cpu() back in stop_per_cpu_kthreads() as it can take\ncpu_read_lock() again.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49976",
"url": "https://www.suse.com/security/cve/CVE-2024-49976"
},
{
"category": "external",
"summary": "SUSE Bug 1232103 for CVE-2024-49976",
"url": "https://bugzilla.suse.com/1232103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49976"
},
{
"cve": "CVE-2024-49981",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49981"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: fix use after free bug in venus_remove due to race condition\n\nin venus_probe, core-\u003ework is bound with venus_sys_error_handler, which is\nused to handle error. The code use core-\u003esys_err_done to make sync work.\nThe core-\u003ework is started in venus_event_notify.\n\nIf we call venus_remove, there might be an unfished work. The possible\nsequence is as follows:\n\nCPU0 CPU1\n\n |venus_sys_error_handler\nvenus_remove |\nhfi_destroy\t \t\t |\nvenus_hfi_destroy\t |\nkfree(hdev);\t |\n |hfi_reinit\n\t\t\t\t\t |venus_hfi_queues_reinit\n |//use hdev\n\nFix it by canceling the work in venus_remove.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49981",
"url": "https://www.suse.com/security/cve/CVE-2024-49981"
},
{
"category": "external",
"summary": "SUSE Bug 1232098 for CVE-2024-49981",
"url": "https://bugzilla.suse.com/1232098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49981"
},
{
"cve": "CVE-2024-49982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49982"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naoe: fix the potential use-after-free problem in more places\n\nFor fixing CVE-2023-6270, f98364e92662 (\"aoe: fix the potential\nuse-after-free problem in aoecmd_cfg_pkts\") makes tx() calling dev_put()\ninstead of doing in aoecmd_cfg_pkts(). It avoids that the tx() runs\ninto use-after-free.\n\nThen Nicolai Stange found more places in aoe have potential use-after-free\nproblem with tx(). e.g. revalidate(), aoecmd_ata_rw(), resend(), probe()\nand aoecmd_cfg_rsp(). Those functions also use aoenet_xmit() to push\npacket to tx queue. So they should also use dev_hold() to increase the\nrefcnt of skb-\u003edev.\n\nOn the other hand, moving dev_put() to tx() causes that the refcnt of\nskb-\u003edev be reduced to a negative value, because corresponding\ndev_hold() are not called in revalidate(), aoecmd_ata_rw(), resend(),\nprobe(), and aoecmd_cfg_rsp(). This patch fixed this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49982",
"url": "https://www.suse.com/security/cve/CVE-2024-49982"
},
{
"category": "external",
"summary": "SUSE Bug 1232097 for CVE-2024-49982",
"url": "https://bugzilla.suse.com/1232097"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49982"
},
{
"cve": "CVE-2024-49983",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49983"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free\n\nWhen calling ext4_force_split_extent_at() in ext4_ext_replay_update_ex(),\nthe \u0027ppath\u0027 is updated but it is the \u0027path\u0027 that is freed, thus potentially\ntriggering a double-free in the following process:\n\next4_ext_replay_update_ex\n ppath = path\n ext4_force_split_extent_at(\u0026ppath)\n ext4_split_extent_at\n ext4_ext_insert_extent\n ext4_ext_create_new_leaf\n ext4_ext_grow_indepth\n ext4_find_extent\n if (depth \u003e path[0].p_maxdepth)\n kfree(path) ---\u003e path First freed\n *orig_path = path = NULL ---\u003e null ppath\n kfree(path) ---\u003e path double-free !!!\n\nSo drop the unnecessary ppath and use path directly to avoid this problem.\nAnd use ext4_find_extent() directly to update path, avoiding unnecessary\nmemory allocation and freeing. Also, propagate the error returned by\next4_find_extent() instead of using strange error codes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49983",
"url": "https://www.suse.com/security/cve/CVE-2024-49983"
},
{
"category": "external",
"summary": "SUSE Bug 1232096 for CVE-2024-49983",
"url": "https://bugzilla.suse.com/1232096"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49983"
},
{
"cve": "CVE-2024-49985",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49985"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume\n\nIn case there is any sort of clock controller attached to this I2C bus\ncontroller, for example Versaclock or even an AIC32x4 I2C codec, then\nan I2C transfer triggered from the clock controller clk_ops .prepare\ncallback may trigger a deadlock on drivers/clk/clk.c prepare_lock mutex.\n\nThis is because the clock controller first grabs the prepare_lock mutex\nand then performs the prepare operation, including its I2C access. The\nI2C access resumes this I2C bus controller via .runtime_resume callback,\nwhich calls clk_prepare_enable(), which attempts to grab the prepare_lock\nmutex again and deadlocks.\n\nSince the clock are already prepared since probe() and unprepared in\nremove(), use simple clk_enable()/clk_disable() calls to enable and\ndisable the clock on runtime suspend and resume, to avoid hitting the\nprepare_lock mutex.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49985",
"url": "https://www.suse.com/security/cve/CVE-2024-49985"
},
{
"category": "external",
"summary": "SUSE Bug 1232094 for CVE-2024-49985",
"url": "https://bugzilla.suse.com/1232094"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49985"
},
{
"cve": "CVE-2024-49986",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49986"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors\n\nx86_android_tablet_remove() frees the pdevs[] array, so it should not\nbe used after calling x86_android_tablet_remove().\n\nWhen platform_device_register() fails, store the pdevs[x] PTR_ERR() value\ninto the local ret variable before calling x86_android_tablet_remove()\nto avoid using pdevs[] after it has been freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49986",
"url": "https://www.suse.com/security/cve/CVE-2024-49986"
},
{
"category": "external",
"summary": "SUSE Bug 1232093 for CVE-2024-49986",
"url": "https://bugzilla.suse.com/1232093"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49986"
},
{
"cve": "CVE-2024-49987",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49987"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpftool: Fix undefined behavior in qsort(NULL, 0, ...)\n\nWhen netfilter has no entry to display, qsort is called with\nqsort(NULL, 0, ...). This results in undefined behavior, as UBSan\nreports:\n\nnet.c:827:2: runtime error: null pointer passed as argument 1, which is declared to never be null\n\nAlthough the C standard does not explicitly state whether calling qsort\nwith a NULL pointer when the size is 0 constitutes undefined behavior,\nSection 7.1.4 of the C standard (Use of library functions) mentions:\n\n\"Each of the following statements applies unless explicitly stated\notherwise in the detailed descriptions that follow: If an argument to a\nfunction has an invalid value (such as a value outside the domain of\nthe function, or a pointer outside the address space of the program, or\na null pointer, or a pointer to non-modifiable storage when the\ncorresponding parameter is not const-qualified) or a type (after\npromotion) not expected by a function with variable number of\narguments, the behavior is undefined.\"\n\nTo avoid this, add an early return when nf_link_info is NULL to prevent\ncalling qsort with a NULL pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49987",
"url": "https://www.suse.com/security/cve/CVE-2024-49987"
},
{
"category": "external",
"summary": "SUSE Bug 1232258 for CVE-2024-49987",
"url": "https://bugzilla.suse.com/1232258"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49987"
},
{
"cve": "CVE-2024-49989",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49989"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix double free issue during amdgpu module unload\n\nFlexible endpoints use DIGs from available inflexible endpoints,\nso only the encoders of inflexible links need to be freed.\nOtherwise, a double free issue may occur when unloading the\namdgpu module.\n\n[ 279.190523] RIP: 0010:__slab_free+0x152/0x2f0\n[ 279.190577] Call Trace:\n[ 279.190580] \u003cTASK\u003e\n[ 279.190582] ? show_regs+0x69/0x80\n[ 279.190590] ? die+0x3b/0x90\n[ 279.190595] ? do_trap+0xc8/0xe0\n[ 279.190601] ? do_error_trap+0x73/0xa0\n[ 279.190605] ? __slab_free+0x152/0x2f0\n[ 279.190609] ? exc_invalid_op+0x56/0x70\n[ 279.190616] ? __slab_free+0x152/0x2f0\n[ 279.190642] ? asm_exc_invalid_op+0x1f/0x30\n[ 279.190648] ? dcn10_link_encoder_destroy+0x19/0x30 [amdgpu]\n[ 279.191096] ? __slab_free+0x152/0x2f0\n[ 279.191102] ? dcn10_link_encoder_destroy+0x19/0x30 [amdgpu]\n[ 279.191469] kfree+0x260/0x2b0\n[ 279.191474] dcn10_link_encoder_destroy+0x19/0x30 [amdgpu]\n[ 279.191821] link_destroy+0xd7/0x130 [amdgpu]\n[ 279.192248] dc_destruct+0x90/0x270 [amdgpu]\n[ 279.192666] dc_destroy+0x19/0x40 [amdgpu]\n[ 279.193020] amdgpu_dm_fini+0x16e/0x200 [amdgpu]\n[ 279.193432] dm_hw_fini+0x26/0x40 [amdgpu]\n[ 279.193795] amdgpu_device_fini_hw+0x24c/0x400 [amdgpu]\n[ 279.194108] amdgpu_driver_unload_kms+0x4f/0x70 [amdgpu]\n[ 279.194436] amdgpu_pci_remove+0x40/0x80 [amdgpu]\n[ 279.194632] pci_device_remove+0x3a/0xa0\n[ 279.194638] device_remove+0x40/0x70\n[ 279.194642] device_release_driver_internal+0x1ad/0x210\n[ 279.194647] driver_detach+0x4e/0xa0\n[ 279.194650] bus_remove_driver+0x6f/0xf0\n[ 279.194653] driver_unregister+0x33/0x60\n[ 279.194657] pci_unregister_driver+0x44/0x90\n[ 279.194662] amdgpu_exit+0x19/0x1f0 [amdgpu]\n[ 279.194939] __do_sys_delete_module.isra.0+0x198/0x2f0\n[ 279.194946] __x64_sys_delete_module+0x16/0x20\n[ 279.194950] do_syscall_64+0x58/0x120\n[ 279.194954] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n[ 279.194980] \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49989",
"url": "https://www.suse.com/security/cve/CVE-2024-49989"
},
{
"category": "external",
"summary": "SUSE Bug 1232483 for CVE-2024-49989",
"url": "https://bugzilla.suse.com/1232483"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49989"
},
{
"cve": "CVE-2024-49991",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49991"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer\n\nPass pointer reference to amdgpu_bo_unref to clear the correct pointer,\notherwise amdgpu_bo_unref clear the local variable, the original pointer\nnot set to NULL, this could cause use-after-free bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49991",
"url": "https://www.suse.com/security/cve/CVE-2024-49991"
},
{
"category": "external",
"summary": "SUSE Bug 1232282 for CVE-2024-49991",
"url": "https://bugzilla.suse.com/1232282"
},
{
"category": "external",
"summary": "SUSE Bug 1232284 for CVE-2024-49991",
"url": "https://bugzilla.suse.com/1232284"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-49991"
},
{
"cve": "CVE-2024-49993",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49993"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49993",
"url": "https://www.suse.com/security/cve/CVE-2024-49993"
},
{
"category": "external",
"summary": "SUSE Bug 1232316 for CVE-2024-49993",
"url": "https://bugzilla.suse.com/1232316"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49993"
},
{
"cve": "CVE-2024-49995",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49995"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49995",
"url": "https://www.suse.com/security/cve/CVE-2024-49995"
},
{
"category": "external",
"summary": "SUSE Bug 1232432 for CVE-2024-49995",
"url": "https://bugzilla.suse.com/1232432"
},
{
"category": "external",
"summary": "SUSE Bug 1232433 for CVE-2024-49995",
"url": "https://bugzilla.suse.com/1232433"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49995"
},
{
"cve": "CVE-2024-49996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49996"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix buffer overflow when parsing NFS reparse points\n\nReparseDataLength is sum of the InodeType size and DataBuffer size.\nSo to get DataBuffer size it is needed to subtract InodeType\u0027s size from\nReparseDataLength.\n\nFunction cifs_strndup_from_utf16() is currentlly accessing buf-\u003eDataBuffer\nat position after the end of the buffer because it does not subtract\nInodeType size from the length. Fix this problem and correctly subtract\nvariable len.\n\nMember InodeType is present only when reparse buffer is large enough. Check\nfor ReparseDataLength before accessing InodeType to prevent another invalid\nmemory access.\n\nMajor and minor rdev values are present also only when reparse buffer is\nlarge enough. Check for reparse buffer size before calling reparse_mkdev().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49996",
"url": "https://www.suse.com/security/cve/CVE-2024-49996"
},
{
"category": "external",
"summary": "SUSE Bug 1232089 for CVE-2024-49996",
"url": "https://bugzilla.suse.com/1232089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49996"
},
{
"cve": "CVE-2024-50000",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50000"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()\n\nIn mlx5e_tir_builder_alloc() kvzalloc() may return NULL\nwhich is dereferenced on the next line in a reference\nto the modify field.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50000",
"url": "https://www.suse.com/security/cve/CVE-2024-50000"
},
{
"category": "external",
"summary": "SUSE Bug 1232085 for CVE-2024-50000",
"url": "https://bugzilla.suse.com/1232085"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50000"
},
{
"cve": "CVE-2024-50001",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50001"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix error path in multi-packet WQE transmit\n\nRemove the erroneous unmap in case no DMA mapping was established\n\nThe multi-packet WQE transmit code attempts to obtain a DMA mapping for\nthe skb. This could fail, e.g. under memory pressure, when the IOMMU\ndriver just can\u0027t allocate more memory for page tables. While the code\ntries to handle this in the path below the err_unmap label it erroneously\nunmaps one entry from the sq\u0027s FIFO list of active mappings. Since the\ncurrent map attempt failed this unmap is removing some random DMA mapping\nthat might still be required. If the PCI function now presents that IOVA,\nthe IOMMU may assumes a rogue DMA access and e.g. on s390 puts the PCI\nfunction in error state.\n\nThe erroneous behavior was seen in a stress-test environment that created\nmemory pressure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50001",
"url": "https://www.suse.com/security/cve/CVE-2024-50001"
},
{
"category": "external",
"summary": "SUSE Bug 1232084 for CVE-2024-50001",
"url": "https://bugzilla.suse.com/1232084"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50001"
},
{
"cve": "CVE-2024-50002",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50002"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstatic_call: Handle module init failure correctly in static_call_del_module()\n\nModule insertion invokes static_call_add_module() to initialize the static\ncalls in a module. static_call_add_module() invokes __static_call_init(),\nwhich allocates a struct static_call_mod to either encapsulate the built-in\nstatic call sites of the associated key into it so further modules can be\nadded or to append the module to the module chain.\n\nIf that allocation fails the function returns with an error code and the\nmodule core invokes static_call_del_module() to clean up eventually added\nstatic_call_mod entries.\n\nThis works correctly, when all keys used by the module were converted over\nto a module chain before the failure. If not then static_call_del_module()\ncauses a #GP as it blindly assumes that key::mods points to a valid struct\nstatic_call_mod.\n\nThe problem is that key::mods is not a individual struct member of struct\nstatic_call_key, it\u0027s part of a union to save space:\n\n union {\n /* bit 0: 0 = mods, 1 = sites */\n unsigned long type;\n struct static_call_mod *mods;\n struct static_call_site *sites;\n\t};\n\nkey::sites is a pointer to the list of built-in usage sites of the static\ncall. The type of the pointer is differentiated by bit 0. A mods pointer\nhas the bit clear, the sites pointer has the bit set.\n\nAs static_call_del_module() blidly assumes that the pointer is a valid\nstatic_call_mod type, it fails to check for this failure case and\ndereferences the pointer to the list of built-in call sites, which is\nobviously bogus.\n\nCure it by checking whether the key has a sites or a mods pointer.\n\nIf it\u0027s a sites pointer then the key is not to be touched. As the sites are\nwalked in the same order as in __static_call_init() the site walk can be\nterminated because all subsequent sites have not been touched by the init\ncode due to the error exit.\n\nIf it was converted before the allocation fail, then the inner loop which\nsearches for a module match will find nothing.\n\nA fail in the second allocation in __static_call_init() is harmless and\ndoes not require special treatment. The first allocation succeeded and\nconverted the key to a module chain. That first entry has mod::mod == NULL\nand mod::next == NULL, so the inner loop of static_call_del_module() will\nneither find a module match nor a module chain. The next site in the walk\nwas either already converted, but can\u0027t match the module, or it will exit\nthe outer loop because it has a static_call_site pointer and not a\nstatic_call_mod pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50002",
"url": "https://www.suse.com/security/cve/CVE-2024-50002"
},
{
"category": "external",
"summary": "SUSE Bug 1232083 for CVE-2024-50002",
"url": "https://bugzilla.suse.com/1232083"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50002"
},
{
"cve": "CVE-2024-50003",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50003"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix system hang while resume with TBT monitor\n\n[Why]\nConnected with a Thunderbolt monitor and do the suspend and the system\nmay hang while resume.\n\nThe TBT monitor HPD will be triggered during the resume procedure\nand call the drm_client_modeset_probe() while\nstruct drm_connector connector-\u003edev-\u003emaster is NULL.\n\nIt will mess up the pipe topology after resume.\n\n[How]\nSkip the TBT monitor HPD during the resume procedure because we\ncurrently will probe the connectors after resume by default.\n\n(cherry picked from commit 453f86a26945207a16b8f66aaed5962dc2b95b85)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50003",
"url": "https://www.suse.com/security/cve/CVE-2024-50003"
},
{
"category": "external",
"summary": "SUSE Bug 1232385 for CVE-2024-50003",
"url": "https://bugzilla.suse.com/1232385"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50003"
},
{
"cve": "CVE-2024-50004",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50004"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35\n\n[WHY \u0026 HOW]\nMismatch in DCN35 DML2 cause bw validation failed to acquire unexpected DPP pipe to cause\ngrey screen and system hang. Remove EnhancedPrefetchScheduleAccelerationFinal value override\nto match HW spec.\n\n(cherry picked from commit 9dad21f910fcea2bdcff4af46159101d7f9cd8ba)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50004",
"url": "https://www.suse.com/security/cve/CVE-2024-50004"
},
{
"category": "external",
"summary": "SUSE Bug 1232396 for CVE-2024-50004",
"url": "https://bugzilla.suse.com/1232396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50004"
},
{
"cve": "CVE-2024-50006",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50006"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix i_data_sem unlock order in ext4_ind_migrate()\n\nFuzzing reports a possible deadlock in jbd2_log_wait_commit.\n\nThis issue is triggered when an EXT4_IOC_MIGRATE ioctl is set to require\nsynchronous updates because the file descriptor is opened with O_SYNC.\nThis can lead to the jbd2_journal_stop() function calling\njbd2_might_wait_for_commit(), potentially causing a deadlock if the\nEXT4_IOC_MIGRATE call races with a write(2) system call.\n\nThis problem only arises when CONFIG_PROVE_LOCKING is enabled. In this\ncase, the jbd2_might_wait_for_commit macro locks jbd2_handle in the\njbd2_journal_stop function while i_data_sem is locked. This triggers\nlockdep because the jbd2_journal_start function might also lock the same\njbd2_handle simultaneously.\n\nFound by Linux Verification Center (linuxtesting.org) with syzkaller.\n\nRule: add",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50006",
"url": "https://www.suse.com/security/cve/CVE-2024-50006"
},
{
"category": "external",
"summary": "SUSE Bug 1232442 for CVE-2024-50006",
"url": "https://bugzilla.suse.com/1232442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50006"
},
{
"cve": "CVE-2024-50007",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50007"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: asihpi: Fix potential OOB array access\n\nASIHPI driver stores some values in the static array upon a response\nfrom the driver, and its index depends on the firmware. We shouldn\u0027t\ntrust it blindly.\n\nThis patch adds a sanity check of the array index to fit in the array\nsize.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50007",
"url": "https://www.suse.com/security/cve/CVE-2024-50007"
},
{
"category": "external",
"summary": "SUSE Bug 1232394 for CVE-2024-50007",
"url": "https://bugzilla.suse.com/1232394"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50007"
},
{
"cve": "CVE-2024-50008",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50008"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext()\n\nReplace one-element array with a flexible-array member in\n`struct host_cmd_ds_802_11_scan_ext`.\n\nWith this, fix the following warning:\n\nelo 16 17:51:58 surfacebook kernel: ------------[ cut here ]------------\nelo 16 17:51:58 surfacebook kernel: memcpy: detected field-spanning write (size 243) of single field \"ext_scan-\u003etlv_buffer\" at drivers/net/wireless/marvell/mwifiex/scan.c:2239 (size 1)\nelo 16 17:51:58 surfacebook kernel: WARNING: CPU: 0 PID: 498 at drivers/net/wireless/marvell/mwifiex/scan.c:2239 mwifiex_cmd_802_11_scan_ext+0x83/0x90 [mwifiex]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50008",
"url": "https://www.suse.com/security/cve/CVE-2024-50008"
},
{
"category": "external",
"summary": "SUSE Bug 1232317 for CVE-2024-50008",
"url": "https://bugzilla.suse.com/1232317"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50008"
},
{
"cve": "CVE-2024-50009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: amd-pstate: add check for cpufreq_cpu_get\u0027s return value\n\ncpufreq_cpu_get may return NULL. To avoid NULL-dereference check it\nand return in case of error.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50009",
"url": "https://www.suse.com/security/cve/CVE-2024-50009"
},
{
"category": "external",
"summary": "SUSE Bug 1232318 for CVE-2024-50009",
"url": "https://bugzilla.suse.com/1232318"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50009"
},
{
"cve": "CVE-2024-50012",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50012"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: Avoid a bad reference count on CPU node\n\nIn the parse_perf_domain function, if the call to\nof_parse_phandle_with_args returns an error, then the reference to the\nCPU device node that was acquired at the start of the function would not\nbe properly decremented.\n\nAddress this by declaring the variable with the __free(device_node)\ncleanup attribute.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50012",
"url": "https://www.suse.com/security/cve/CVE-2024-50012"
},
{
"category": "external",
"summary": "SUSE Bug 1232386 for CVE-2024-50012",
"url": "https://bugzilla.suse.com/1232386"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50012"
},
{
"cve": "CVE-2024-50013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50013"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix memory leak in exfat_load_bitmap()\n\nIf the first directory entry in the root directory is not a bitmap\ndirectory entry, \u0027bh\u0027 will not be released and reassigned, which\nwill cause a memory leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50013",
"url": "https://www.suse.com/security/cve/CVE-2024-50013"
},
{
"category": "external",
"summary": "SUSE Bug 1232080 for CVE-2024-50013",
"url": "https://bugzilla.suse.com/1232080"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50013"
},
{
"cve": "CVE-2024-50014",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50014"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix access to uninitialised lock in fc replay path\n\nThe following kernel trace can be triggered with fstest generic/629 when\nexecuted against a filesystem with fast-commit feature enabled:\n\nINFO: trying to register non-static key.\nThe code is fine but needs lockdep annotation, or maybe\nyou didn\u0027t initialize this object before use?\nturning off the locking correctness validator.\nCPU: 0 PID: 866 Comm: mount Not tainted 6.10.0+ #11\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-prebuilt.qemu.org 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x66/0x90\n register_lock_class+0x759/0x7d0\n __lock_acquire+0x85/0x2630\n ? __find_get_block+0xb4/0x380\n lock_acquire+0xd1/0x2d0\n ? __ext4_journal_get_write_access+0xd5/0x160\n _raw_spin_lock+0x33/0x40\n ? __ext4_journal_get_write_access+0xd5/0x160\n __ext4_journal_get_write_access+0xd5/0x160\n ext4_reserve_inode_write+0x61/0xb0\n __ext4_mark_inode_dirty+0x79/0x270\n ? ext4_ext_replay_set_iblocks+0x2f8/0x450\n ext4_ext_replay_set_iblocks+0x330/0x450\n ext4_fc_replay+0x14c8/0x1540\n ? jread+0x88/0x2e0\n ? rcu_is_watching+0x11/0x40\n do_one_pass+0x447/0xd00\n jbd2_journal_recover+0x139/0x1b0\n jbd2_journal_load+0x96/0x390\n ext4_load_and_init_journal+0x253/0xd40\n ext4_fill_super+0x2cc6/0x3180\n...\n\nIn the replay path there\u0027s an attempt to lock sbi-\u003es_bdev_wb_lock in\nfunction ext4_check_bdev_write_error(). Unfortunately, at this point this\nspinlock has not been initialized yet. Moving it\u0027s initialization to an\nearlier point in __ext4_fill_super() fixes this splat.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50014",
"url": "https://www.suse.com/security/cve/CVE-2024-50014"
},
{
"category": "external",
"summary": "SUSE Bug 1232446 for CVE-2024-50014",
"url": "https://bugzilla.suse.com/1232446"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50014"
},
{
"cve": "CVE-2024-50015",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50015"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: dax: fix overflowing extents beyond inode size when partially writing\n\nThe dax_iomap_rw() does two things in each iteration: map written blocks\nand copy user data to blocks. If the process is killed by user(See signal\nhandling in dax_iomap_iter()), the copied data will be returned and added\non inode size, which means that the length of written extents may exceed\nthe inode size, then fsck will fail. An example is given as:\n\ndd if=/dev/urandom of=file bs=4M count=1\n dax_iomap_rw\n iomap_iter // round 1\n ext4_iomap_begin\n ext4_iomap_alloc // allocate 0~2M extents(written flag)\n dax_iomap_iter // copy 2M data\n iomap_iter // round 2\n iomap_iter_advance\n iter-\u003epos += iter-\u003eprocessed // iter-\u003epos = 2M\n ext4_iomap_begin\n ext4_iomap_alloc // allocate 2~4M extents(written flag)\n dax_iomap_iter\n fatal_signal_pending\n done = iter-\u003epos - iocb-\u003eki_pos // done = 2M\n ext4_handle_inode_extension\n ext4_update_inode_size // inode size = 2M\n\nfsck reports: Inode 13, i_size is 2097152, should be 4194304. Fix?\n\nFix the problem by truncating extents if the written length is smaller\nthan expected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50015",
"url": "https://www.suse.com/security/cve/CVE-2024-50015"
},
{
"category": "external",
"summary": "SUSE Bug 1232079 for CVE-2024-50015",
"url": "https://bugzilla.suse.com/1232079"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50015"
},
{
"cve": "CVE-2024-50017",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50017"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm/ident_map: Use gbpages only where full GB page should be mapped.\n\nWhen ident_pud_init() uses only GB pages to create identity maps, large\nranges of addresses not actually requested can be included in the resulting\ntable; a 4K request will map a full GB. This can include a lot of extra\naddress space past that requested, including areas marked reserved by the\nBIOS. That allows processor speculation into reserved regions, that on UV\nsystems can cause system halts.\n\nOnly use GB pages when map creation requests include the full GB page of\nspace. Fall back to using smaller 2M pages when only portions of a GB page\nare included in the request.\n\nNo attempt is made to coalesce mapping requests. If a request requires a\nmap entry at the 2M (pmd) level, subsequent mapping requests within the\nsame 1G region will also be at the pmd level, even if adjacent or\noverlapping such requests could have been combined to map a full GB page.\nExisting usage starts with larger regions and then adds smaller regions, so\nthis should not have any great consequence.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50017",
"url": "https://www.suse.com/security/cve/CVE-2024-50017"
},
{
"category": "external",
"summary": "SUSE Bug 1232312 for CVE-2024-50017",
"url": "https://bugzilla.suse.com/1232312"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50017"
},
{
"cve": "CVE-2024-50019",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50019"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nkthread: unpark only parked kthread\n\nCalling into kthread unparking unconditionally is mostly harmless when\nthe kthread is already unparked. The wake up is then simply ignored\nbecause the target is not in TASK_PARKED state.\n\nHowever if the kthread is per CPU, the wake up is preceded by a call\nto kthread_bind() which expects the task to be inactive and in\nTASK_PARKED state, which obviously isn\u0027t the case if it is unparked.\n\nAs a result, calling kthread_stop() on an unparked per-cpu kthread\ntriggers such a warning:\n\n\tWARNING: CPU: 0 PID: 11 at kernel/kthread.c:525 __kthread_bind_mask kernel/kthread.c:525\n\t \u003cTASK\u003e\n\t kthread_stop+0x17a/0x630 kernel/kthread.c:707\n\t destroy_workqueue+0x136/0xc40 kernel/workqueue.c:5810\n\t wg_destruct+0x1e2/0x2e0 drivers/net/wireguard/device.c:257\n\t netdev_run_todo+0xe1a/0x1000 net/core/dev.c:10693\n\t default_device_exit_batch+0xa14/0xa90 net/core/dev.c:11769\n\t ops_exit_list net/core/net_namespace.c:178 [inline]\n\t cleanup_net+0x89d/0xcc0 net/core/net_namespace.c:640\n\t process_one_work kernel/workqueue.c:3231 [inline]\n\t process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312\n\t worker_thread+0x86d/0xd70 kernel/workqueue.c:3393\n\t kthread+0x2f0/0x390 kernel/kthread.c:389\n\t ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n\t ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\t \u003c/TASK\u003e\n\nFix this with skipping unecessary unparking while stopping a kthread.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50019",
"url": "https://www.suse.com/security/cve/CVE-2024-50019"
},
{
"category": "external",
"summary": "SUSE Bug 1231990 for CVE-2024-50019",
"url": "https://bugzilla.suse.com/1231990"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50019"
},
{
"cve": "CVE-2024-50020",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50020"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix improper handling of refcount in ice_sriov_set_msix_vec_count()\n\nThis patch addresses an issue with improper reference count handling in the\nice_sriov_set_msix_vec_count() function.\n\nFirst, the function calls ice_get_vf_by_id(), which increments the\nreference count of the vf pointer. If the subsequent call to\nice_get_vf_vsi() fails, the function currently returns an error without\ndecrementing the reference count of the vf pointer, leading to a reference\ncount leak. The correct behavior, as implemented in this patch, is to\ndecrement the reference count using ice_put_vf(vf) before returning an\nerror when vsi is NULL.\n\nSecond, the function calls ice_sriov_get_irqs(), which sets\nvf-\u003efirst_vector_idx. If this call returns a negative value, indicating an\nerror, the function returns an error without decrementing the reference\ncount of the vf pointer, resulting in another reference count leak. The\npatch addresses this by adding a call to ice_put_vf(vf) before returning\nan error when vf-\u003efirst_vector_idx \u003c 0.\n\nThis bug was identified by an experimental static analysis tool developed\nby our team. The tool specializes in analyzing reference count operations\nand identifying potential mismanagement of reference counts. In this case,\nthe tool flagged the missing decrement operation as a potential issue,\nleading to this patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50020",
"url": "https://www.suse.com/security/cve/CVE-2024-50020"
},
{
"category": "external",
"summary": "SUSE Bug 1231989 for CVE-2024-50020",
"url": "https://bugzilla.suse.com/1231989"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50020"
},
{
"cve": "CVE-2024-50021",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50021"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix improper handling of refcount in ice_dpll_init_rclk_pins()\n\nThis patch addresses a reference count handling issue in the\nice_dpll_init_rclk_pins() function. The function calls ice_dpll_get_pins(),\nwhich increments the reference count of the relevant resources. However,\nif the condition WARN_ON((!vsi || !vsi-\u003enetdev)) is met, the function\ncurrently returns an error without properly releasing the resources\nacquired by ice_dpll_get_pins(), leading to a reference count leak.\n\nTo resolve this, the check has been moved to the top of the function. This\nensures that the function verifies the state before any resources are\nacquired, avoiding the need for additional resource management in the\nerror path.\n\nThis bug was identified by an experimental static analysis tool developed\nby our team. The tool specializes in analyzing reference count operations\nand detecting potential issues where resources are not properly managed.\nIn this case, the tool flagged the missing release operation as a\npotential problem, which led to the development of this patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50021",
"url": "https://www.suse.com/security/cve/CVE-2024-50021"
},
{
"category": "external",
"summary": "SUSE Bug 1231957 for CVE-2024-50021",
"url": "https://bugzilla.suse.com/1231957"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50021"
},
{
"cve": "CVE-2024-50022",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50022"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndevice-dax: correct pgoff align in dax_set_mapping()\n\npgoff should be aligned using ALIGN_DOWN() instead of ALIGN(). Otherwise,\nvmf-\u003eaddress not aligned to fault_size will be aligned to the next\nalignment, that can result in memory failure getting the wrong address.\n\nIt\u0027s a subtle situation that only can be observed in\npage_mapped_in_vma() after the page is page fault handled by\ndev_dax_huge_fault. Generally, there is little chance to perform\npage_mapped_in_vma in dev-dax\u0027s page unless in specific error injection\nto the dax device to trigger an MCE - memory-failure. In that case,\npage_mapped_in_vma() will be triggered to determine which task is\naccessing the failure address and kill that task in the end.\n\n\nWe used self-developed dax device (which is 2M aligned mapping) , to\nperform error injection to random address. It turned out that error\ninjected to non-2M-aligned address was causing endless MCE until panic.\nBecause page_mapped_in_vma() kept resulting wrong address and the task\naccessing the failure address was never killed properly:\n\n\n[ 3783.719419] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3784.049006] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3784.049190] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3784.448042] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3784.448186] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3784.792026] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3784.792179] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3785.162502] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3785.162633] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3785.461116] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3785.461247] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3785.764730] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3785.764859] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3786.042128] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3786.042259] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3786.464293] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3786.464423] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3786.818090] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3786.818217] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3787.085297] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3787.085424] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n\nIt took us several weeks to pinpoint this problem, but we eventually\nused bpftrace to trace the page fault and mce address and successfully\nidentified the issue.\n\n\nJoao added:\n\n; Likely we never reproduce in production because we always pin\n: device-dax regions in the region align they provide (Qemu does\n: similarly with prealloc in hugetlb/file backed memory). I think this\n: bug requires that we touch *unpinned* device-dax regions unaligned to\n: the device-dax selected alignment (page size i.e. 4K/2M/1G)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50022",
"url": "https://www.suse.com/security/cve/CVE-2024-50022"
},
{
"category": "external",
"summary": "SUSE Bug 1231956 for CVE-2024-50022",
"url": "https://bugzilla.suse.com/1231956"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50022"
},
{
"cve": "CVE-2024-50023",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50023"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: Remove LED entry from LEDs list on unregister\n\nCommit c938ab4da0eb (\"net: phy: Manual remove LEDs to ensure correct\nordering\") correctly fixed a problem with using devm_ but missed\nremoving the LED entry from the LEDs list.\n\nThis cause kernel panic on specific scenario where the port for the PHY\nis torn down and up and the kmod for the PHY is removed.\n\nOn setting the port down the first time, the assosiacted LEDs are\ncorrectly unregistered. The associated kmod for the PHY is now removed.\nThe kmod is now added again and the port is now put up, the associated LED\nare registered again.\nOn putting the port down again for the second time after these step, the\nLED list now have 4 elements. With the first 2 already unregistered\npreviously and the 2 new one registered again.\n\nThis cause a kernel panic as the first 2 element should have been\nremoved.\n\nFix this by correctly removing the element when LED is unregistered.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50023",
"url": "https://www.suse.com/security/cve/CVE-2024-50023"
},
{
"category": "external",
"summary": "SUSE Bug 1231955 for CVE-2024-50023",
"url": "https://bugzilla.suse.com/1231955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50023"
},
{
"cve": "CVE-2024-50024",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50024"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix an unsafe loop on the list\n\nThe kernel may crash when deleting a genetlink family if there are still\nlisteners for that family:\n\nOops: Kernel access of bad area, sig: 11 [#1]\n ...\n NIP [c000000000c080bc] netlink_update_socket_mc+0x3c/0xc0\n LR [c000000000c0f764] __netlink_clear_multicast_users+0x74/0xc0\n Call Trace:\n__netlink_clear_multicast_users+0x74/0xc0\ngenl_unregister_family+0xd4/0x2d0\n\nChange the unsafe loop on the list to a safe one, because inside the\nloop there is an element removal from this list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50024",
"url": "https://www.suse.com/security/cve/CVE-2024-50024"
},
{
"category": "external",
"summary": "SUSE Bug 1231954 for CVE-2024-50024",
"url": "https://bugzilla.suse.com/1231954"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50024"
},
{
"cve": "CVE-2024-50025",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50025"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: fnic: Move flush_work initialization out of if block\n\nAfter commit 379a58caa199 (\"scsi: fnic: Move fnic_fnic_flush_tx() to a\nwork queue\"), it can happen that a work item is sent to an uninitialized\nwork queue. This may has the effect that the item being queued is never\nactually queued, and any further actions depending on it will not\nproceed.\n\nThe following warning is observed while the fnic driver is loaded:\n\nkernel: WARNING: CPU: 11 PID: 0 at ../kernel/workqueue.c:1524 __queue_work+0x373/0x410\nkernel: \u003cIRQ\u003e\nkernel: queue_work_on+0x3a/0x50\nkernel: fnic_wq_copy_cmpl_handler+0x54a/0x730 [fnic 62fbff0c42e7fb825c60a55cde2fb91facb2ed24]\nkernel: fnic_isr_msix_wq_copy+0x2d/0x60 [fnic 62fbff0c42e7fb825c60a55cde2fb91facb2ed24]\nkernel: __handle_irq_event_percpu+0x36/0x1a0\nkernel: handle_irq_event_percpu+0x30/0x70\nkernel: handle_irq_event+0x34/0x60\nkernel: handle_edge_irq+0x7e/0x1a0\nkernel: __common_interrupt+0x3b/0xb0\nkernel: common_interrupt+0x58/0xa0\nkernel: \u003c/IRQ\u003e\n\nIt has been observed that this may break the rediscovery of Fibre\nChannel devices after a temporary fabric failure.\n\nThis patch fixes it by moving the work queue initialization out of\nan if block in fnic_probe().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50025",
"url": "https://www.suse.com/security/cve/CVE-2024-50025"
},
{
"category": "external",
"summary": "SUSE Bug 1231953 for CVE-2024-50025",
"url": "https://bugzilla.suse.com/1231953"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50025"
},
{
"cve": "CVE-2024-50026",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50026"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: wd33c93: Don\u0027t use stale scsi_pointer value\n\nA regression was introduced with commit dbb2da557a6a (\"scsi: wd33c93:\nMove the SCSI pointer to private command data\") which results in an oops\nin wd33c93_intr(). That commit added the scsi_pointer variable and\ninitialized it from hostdata-\u003econnected. However, during selection,\nhostdata-\u003econnected is not yet valid. Fix this by getting the current\nscsi_pointer from hostdata-\u003eselecting.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50026",
"url": "https://www.suse.com/security/cve/CVE-2024-50026"
},
{
"category": "external",
"summary": "SUSE Bug 1231952 for CVE-2024-50026",
"url": "https://bugzilla.suse.com/1231952"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50026"
},
{
"cve": "CVE-2024-50027",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50027"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: core: Free tzp copy along with the thermal zone\n\nThe object pointed to by tz-\u003etzp may still be accessed after being\nfreed in thermal_zone_device_unregister(), so move the freeing of it\nto the point after the removal completion has been completed at which\nit cannot be accessed any more.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50027",
"url": "https://www.suse.com/security/cve/CVE-2024-50027"
},
{
"category": "external",
"summary": "SUSE Bug 1231951 for CVE-2024-50027",
"url": "https://bugzilla.suse.com/1231951"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50027"
},
{
"cve": "CVE-2024-50028",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50028"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: core: Reference count the zone in thermal_zone_get_by_id()\n\nThere are places in the thermal netlink code where nothing prevents\nthe thermal zone object from going away while being accessed after it\nhas been returned by thermal_zone_get_by_id().\n\nTo address this, make thermal_zone_get_by_id() get a reference on the\nthermal zone device object to be returned with the help of get_device(),\nunder thermal_list_lock, and adjust all of its callers to this change\nwith the help of the cleanup.h infrastructure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50028",
"url": "https://www.suse.com/security/cve/CVE-2024-50028"
},
{
"category": "external",
"summary": "SUSE Bug 1231950 for CVE-2024-50028",
"url": "https://bugzilla.suse.com/1231950"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50028"
},
{
"cve": "CVE-2024-50031",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50031"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Stop the active perfmon before being destroyed\n\nWhen running `kmscube` with one or more performance monitors enabled\nvia `GALLIUM_HUD`, the following kernel panic can occur:\n\n[ 55.008324] Unable to handle kernel paging request at virtual address 00000000052004a4\n[ 55.008368] Mem abort info:\n[ 55.008377] ESR = 0x0000000096000005\n[ 55.008387] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 55.008402] SET = 0, FnV = 0\n[ 55.008412] EA = 0, S1PTW = 0\n[ 55.008421] FSC = 0x05: level 1 translation fault\n[ 55.008434] Data abort info:\n[ 55.008442] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n[ 55.008455] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 55.008467] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 55.008481] user pgtable: 4k pages, 39-bit VAs, pgdp=00000001046c6000\n[ 55.008497] [00000000052004a4] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n[ 55.008525] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n[ 55.008542] Modules linked in: rfcomm [...] vc4 v3d snd_soc_hdmi_codec drm_display_helper\ngpu_sched drm_shmem_helper cec drm_dma_helper drm_kms_helper i2c_brcmstb\ndrm drm_panel_orientation_quirks snd_soc_core snd_compress snd_pcm_dmaengine snd_pcm snd_timer snd backlight\n[ 55.008799] CPU: 2 PID: 166 Comm: v3d_bin Tainted: G C 6.6.47+rpt-rpi-v8 #1 Debian 1:6.6.47-1+rpt1\n[ 55.008824] Hardware name: Raspberry Pi 4 Model B Rev 1.5 (DT)\n[ 55.008838] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 55.008855] pc : __mutex_lock.constprop.0+0x90/0x608\n[ 55.008879] lr : __mutex_lock.constprop.0+0x58/0x608\n[ 55.008895] sp : ffffffc080673cf0\n[ 55.008904] x29: ffffffc080673cf0 x28: 0000000000000000 x27: ffffff8106188a28\n[ 55.008926] x26: ffffff8101e78040 x25: ffffff8101baa6c0 x24: ffffffd9d989f148\n[ 55.008947] x23: ffffffda1c2a4008 x22: 0000000000000002 x21: ffffffc080673d38\n[ 55.008968] x20: ffffff8101238000 x19: ffffff8104f83188 x18: 0000000000000000\n[ 55.008988] x17: 0000000000000000 x16: ffffffda1bd04d18 x15: 00000055bb08bc90\n[ 55.009715] x14: 0000000000000000 x13: 0000000000000000 x12: ffffffda1bd4cbb0\n[ 55.010433] x11: 00000000fa83b2da x10: 0000000000001a40 x9 : ffffffda1bd04d04\n[ 55.011162] x8 : ffffff8102097b80 x7 : 0000000000000000 x6 : 00000000030a5857\n[ 55.011880] x5 : 00ffffffffffffff x4 : 0300000005200470 x3 : 0300000005200470\n[ 55.012598] x2 : ffffff8101238000 x1 : 0000000000000021 x0 : 0300000005200470\n[ 55.013292] Call trace:\n[ 55.013959] __mutex_lock.constprop.0+0x90/0x608\n[ 55.014646] __mutex_lock_slowpath+0x1c/0x30\n[ 55.015317] mutex_lock+0x50/0x68\n[ 55.015961] v3d_perfmon_stop+0x40/0xe0 [v3d]\n[ 55.016627] v3d_bin_job_run+0x10c/0x2d8 [v3d]\n[ 55.017282] drm_sched_main+0x178/0x3f8 [gpu_sched]\n[ 55.017921] kthread+0x11c/0x128\n[ 55.018554] ret_from_fork+0x10/0x20\n[ 55.019168] Code: f9400260 f1001c1f 54001ea9 927df000 (b9403401)\n[ 55.019776] ---[ end trace 0000000000000000 ]---\n[ 55.020411] note: v3d_bin[166] exited with preempt_count 1\n\nThis issue arises because, upon closing the file descriptor (which happens\nwhen we interrupt `kmscube`), the active performance monitor is not\nstopped. Although all perfmons are destroyed in `v3d_perfmon_close_file()`,\nthe active performance monitor\u0027s pointer (`v3d-\u003eactive_perfmon`) is still\nretained.\n\nIf `kmscube` is run again, the driver will attempt to stop the active\nperformance monitor using the stale pointer in `v3d-\u003eactive_perfmon`.\nHowever, this pointer is no longer valid because the previous process has\nalready terminated, and all performance monitors associated with it have\nbeen destroyed and freed.\n\nTo fix this, when the active performance monitor belongs to a given\nprocess, explicitly stop it before destroying and freeing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50031",
"url": "https://www.suse.com/security/cve/CVE-2024-50031"
},
{
"category": "external",
"summary": "SUSE Bug 1231947 for CVE-2024-50031",
"url": "https://bugzilla.suse.com/1231947"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50031"
},
{
"cve": "CVE-2024-50033",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50033"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nslip: make slhc_remember() more robust against malicious packets\n\nsyzbot found that slhc_remember() was missing checks against\nmalicious packets [1].\n\nslhc_remember() only checked the size of the packet was at least 20,\nwhich is not good enough.\n\nWe need to make sure the packet includes the IPv4 and TCP header\nthat are supposed to be carried.\n\nAdd iph and th pointers to make the code more readable.\n\n[1]\n\nBUG: KMSAN: uninit-value in slhc_remember+0x2e8/0x7b0 drivers/net/slip/slhc.c:666\n slhc_remember+0x2e8/0x7b0 drivers/net/slip/slhc.c:666\n ppp_receive_nonmp_frame+0xe45/0x35e0 drivers/net/ppp/ppp_generic.c:2455\n ppp_receive_frame drivers/net/ppp/ppp_generic.c:2372 [inline]\n ppp_do_recv+0x65f/0x40d0 drivers/net/ppp/ppp_generic.c:2212\n ppp_input+0x7dc/0xe60 drivers/net/ppp/ppp_generic.c:2327\n pppoe_rcv_core+0x1d3/0x720 drivers/net/ppp/pppoe.c:379\n sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1113\n __release_sock+0x1da/0x330 net/core/sock.c:3072\n release_sock+0x6b/0x250 net/core/sock.c:3626\n pppoe_sendmsg+0x2b8/0xb90 drivers/net/ppp/pppoe.c:903\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:744\n ____sys_sendmsg+0x903/0xb60 net/socket.c:2602\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656\n __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742\n __do_sys_sendmmsg net/socket.c:2771 [inline]\n __se_sys_sendmmsg net/socket.c:2768 [inline]\n __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768\n x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4091 [inline]\n slab_alloc_node mm/slub.c:4134 [inline]\n kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4186\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587\n __alloc_skb+0x363/0x7b0 net/core/skbuff.c:678\n alloc_skb include/linux/skbuff.h:1322 [inline]\n sock_wmalloc+0xfe/0x1a0 net/core/sock.c:2732\n pppoe_sendmsg+0x3a7/0xb90 drivers/net/ppp/pppoe.c:867\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:744\n ____sys_sendmsg+0x903/0xb60 net/socket.c:2602\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656\n __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742\n __do_sys_sendmmsg net/socket.c:2771 [inline]\n __se_sys_sendmmsg net/socket.c:2768 [inline]\n __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768\n x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 0 UID: 0 PID: 5460 Comm: syz.2.33 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50033",
"url": "https://www.suse.com/security/cve/CVE-2024-50033"
},
{
"category": "external",
"summary": "SUSE Bug 1231914 for CVE-2024-50033",
"url": "https://bugzilla.suse.com/1231914"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50033"
},
{
"cve": "CVE-2024-50035",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50035"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: fix ppp_async_encode() illegal access\n\nsyzbot reported an issue in ppp_async_encode() [1]\n\nIn this case, pppoe_sendmsg() is called with a zero size.\nThen ppp_async_encode() is called with an empty skb.\n\nBUG: KMSAN: uninit-value in ppp_async_encode drivers/net/ppp/ppp_async.c:545 [inline]\n BUG: KMSAN: uninit-value in ppp_async_push+0xb4f/0x2660 drivers/net/ppp/ppp_async.c:675\n ppp_async_encode drivers/net/ppp/ppp_async.c:545 [inline]\n ppp_async_push+0xb4f/0x2660 drivers/net/ppp/ppp_async.c:675\n ppp_async_send+0x130/0x1b0 drivers/net/ppp/ppp_async.c:634\n ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2280 [inline]\n ppp_input+0x1f1/0xe60 drivers/net/ppp/ppp_generic.c:2304\n pppoe_rcv_core+0x1d3/0x720 drivers/net/ppp/pppoe.c:379\n sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1113\n __release_sock+0x1da/0x330 net/core/sock.c:3072\n release_sock+0x6b/0x250 net/core/sock.c:3626\n pppoe_sendmsg+0x2b8/0xb90 drivers/net/ppp/pppoe.c:903\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:744\n ____sys_sendmsg+0x903/0xb60 net/socket.c:2602\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656\n __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742\n __do_sys_sendmmsg net/socket.c:2771 [inline]\n __se_sys_sendmmsg net/socket.c:2768 [inline]\n __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768\n x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4092 [inline]\n slab_alloc_node mm/slub.c:4135 [inline]\n kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4187\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587\n __alloc_skb+0x363/0x7b0 net/core/skbuff.c:678\n alloc_skb include/linux/skbuff.h:1322 [inline]\n sock_wmalloc+0xfe/0x1a0 net/core/sock.c:2732\n pppoe_sendmsg+0x3a7/0xb90 drivers/net/ppp/pppoe.c:867\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:744\n ____sys_sendmsg+0x903/0xb60 net/socket.c:2602\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656\n __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742\n __do_sys_sendmmsg net/socket.c:2771 [inline]\n __se_sys_sendmmsg net/socket.c:2768 [inline]\n __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768\n x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 1 UID: 0 PID: 5411 Comm: syz.1.14 Not tainted 6.12.0-rc1-syzkaller-00165-g360c1f1f24c6 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50035",
"url": "https://www.suse.com/security/cve/CVE-2024-50035"
},
{
"category": "external",
"summary": "SUSE Bug 1232392 for CVE-2024-50035",
"url": "https://bugzilla.suse.com/1232392"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50035"
},
{
"cve": "CVE-2024-50040",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50040"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nigb: Do not bring the device up after non-fatal error\n\nCommit 004d25060c78 (\"igb: Fix igb_down hung on surprise removal\")\nchanged igb_io_error_detected() to ignore non-fatal pcie errors in order\nto avoid hung task that can happen when igb_down() is called multiple\ntimes. This caused an issue when processing transient non-fatal errors.\nigb_io_resume(), which is called after igb_io_error_detected(), assumes\nthat device is brought down by igb_io_error_detected() if the interface\nis up. This resulted in panic with stacktrace below.\n\n[ T3256] igb 0000:09:00.0 haeth0: igb: haeth0 NIC Link is Down\n[ T292] pcieport 0000:00:1c.5: AER: Uncorrected (Non-Fatal) error received: 0000:09:00.0\n[ T292] igb 0000:09:00.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)\n[ T292] igb 0000:09:00.0: device [8086:1537] error status/mask=00004000/00000000\n[ T292] igb 0000:09:00.0: [14] CmpltTO [ 200.105524,009][ T292] igb 0000:09:00.0: AER: TLP Header: 00000000 00000000 00000000 00000000\n[ T292] pcieport 0000:00:1c.5: AER: broadcast error_detected message\n[ T292] igb 0000:09:00.0: Non-correctable non-fatal error reported.\n[ T292] pcieport 0000:00:1c.5: AER: broadcast mmio_enabled message\n[ T292] pcieport 0000:00:1c.5: AER: broadcast resume message\n[ T292] ------------[ cut here ]------------\n[ T292] kernel BUG at net/core/dev.c:6539!\n[ T292] invalid opcode: 0000 [#1] PREEMPT SMP\n[ T292] RIP: 0010:napi_enable+0x37/0x40\n[ T292] Call Trace:\n[ T292] \u003cTASK\u003e\n[ T292] ? die+0x33/0x90\n[ T292] ? do_trap+0xdc/0x110\n[ T292] ? napi_enable+0x37/0x40\n[ T292] ? do_error_trap+0x70/0xb0\n[ T292] ? napi_enable+0x37/0x40\n[ T292] ? napi_enable+0x37/0x40\n[ T292] ? exc_invalid_op+0x4e/0x70\n[ T292] ? napi_enable+0x37/0x40\n[ T292] ? asm_exc_invalid_op+0x16/0x20\n[ T292] ? napi_enable+0x37/0x40\n[ T292] igb_up+0x41/0x150\n[ T292] igb_io_resume+0x25/0x70\n[ T292] report_resume+0x54/0x70\n[ T292] ? report_frozen_detected+0x20/0x20\n[ T292] pci_walk_bus+0x6c/0x90\n[ T292] ? aer_print_port_info+0xa0/0xa0\n[ T292] pcie_do_recovery+0x22f/0x380\n[ T292] aer_process_err_devices+0x110/0x160\n[ T292] aer_isr+0x1c1/0x1e0\n[ T292] ? disable_irq_nosync+0x10/0x10\n[ T292] irq_thread_fn+0x1a/0x60\n[ T292] irq_thread+0xe3/0x1a0\n[ T292] ? irq_set_affinity_notifier+0x120/0x120\n[ T292] ? irq_affinity_notify+0x100/0x100\n[ T292] kthread+0xe2/0x110\n[ T292] ? kthread_complete_and_exit+0x20/0x20\n[ T292] ret_from_fork+0x2d/0x50\n[ T292] ? kthread_complete_and_exit+0x20/0x20\n[ T292] ret_from_fork_asm+0x11/0x20\n[ T292] \u003c/TASK\u003e\n\nTo fix this issue igb_io_resume() checks if the interface is running and\nthe device is not down this means igb_io_error_detected() did not bring\nthe device down and there is no need to bring it up.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50040",
"url": "https://www.suse.com/security/cve/CVE-2024-50040"
},
{
"category": "external",
"summary": "SUSE Bug 1231908 for CVE-2024-50040",
"url": "https://bugzilla.suse.com/1231908"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50040"
},
{
"cve": "CVE-2024-50041",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50041"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Fix macvlan leak by synchronizing access to mac_filter_hash\n\nThis patch addresses a macvlan leak issue in the i40e driver caused by\nconcurrent access to vsi-\u003emac_filter_hash. The leak occurs when multiple\nthreads attempt to modify the mac_filter_hash simultaneously, leading to\ninconsistent state and potential memory leaks.\n\nTo fix this, we now wrap the calls to i40e_del_mac_filter() and zeroing\nvf-\u003edefault_lan_addr.addr with spin_lock/unlock_bh(\u0026vsi-\u003emac_filter_hash_lock),\nensuring atomic operations and preventing concurrent access.\n\nAdditionally, we add lockdep_assert_held(\u0026vsi-\u003emac_filter_hash_lock) in\ni40e_add_mac_filter() to help catch similar issues in the future.\n\nReproduction steps:\n1. Spawn VFs and configure port vlan on them.\n2. Trigger concurrent macvlan operations (e.g., adding and deleting\n\tportvlan and/or mac filters).\n3. Observe the potential memory leak and inconsistent state in the\n\tmac_filter_hash.\n\nThis synchronization ensures the integrity of the mac_filter_hash and prevents\nthe described leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50041",
"url": "https://www.suse.com/security/cve/CVE-2024-50041"
},
{
"category": "external",
"summary": "SUSE Bug 1231907 for CVE-2024-50041",
"url": "https://bugzilla.suse.com/1231907"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50041"
},
{
"cve": "CVE-2024-50042",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50042"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix increasing MSI-X on VF\n\nIncreasing MSI-X value on a VF leads to invalid memory operations. This\nis caused by not reallocating some arrays.\n\nReproducer:\n modprobe ice\n echo 0 \u003e /sys/bus/pci/devices/$PF_PCI/sriov_drivers_autoprobe\n echo 1 \u003e /sys/bus/pci/devices/$PF_PCI/sriov_numvfs\n echo 17 \u003e /sys/bus/pci/devices/$VF0_PCI/sriov_vf_msix_count\n\nDefault MSI-X is 16, so 17 and above triggers this issue.\n\nKASAN reports:\n\n BUG: KASAN: slab-out-of-bounds in ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice]\n Read of size 8 at addr ffff8888b937d180 by task bash/28433\n (...)\n\n Call Trace:\n (...)\n ? ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice]\n kasan_report+0xed/0x120\n ? ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice]\n ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice]\n ice_vsi_cfg_def+0x3360/0x4770 [ice]\n ? mutex_unlock+0x83/0xd0\n ? __pfx_ice_vsi_cfg_def+0x10/0x10 [ice]\n ? __pfx_ice_remove_vsi_lkup_fltr+0x10/0x10 [ice]\n ice_vsi_cfg+0x7f/0x3b0 [ice]\n ice_vf_reconfig_vsi+0x114/0x210 [ice]\n ice_sriov_set_msix_vec_count+0x3d0/0x960 [ice]\n sriov_vf_msix_count_store+0x21c/0x300\n (...)\n\n Allocated by task 28201:\n (...)\n ice_vsi_cfg_def+0x1c8e/0x4770 [ice]\n ice_vsi_cfg+0x7f/0x3b0 [ice]\n ice_vsi_setup+0x179/0xa30 [ice]\n ice_sriov_configure+0xcaa/0x1520 [ice]\n sriov_numvfs_store+0x212/0x390\n (...)\n\nTo fix it, use ice_vsi_rebuild() instead of ice_vf_reconfig_vsi(). This\ncauses the required arrays to be reallocated taking the new queue count\ninto account (ice_vsi_realloc_stat_arrays()). Set req_txq and req_rxq\nbefore ice_vsi_rebuild(), so that realloc uses the newly set queue\ncount.\n\nAdditionally, ice_vsi_rebuild() does not remove VSI filters\n(ice_fltr_remove_all()), so ice_vf_init_host_cfg() is no longer\nnecessary.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50042",
"url": "https://www.suse.com/security/cve/CVE-2024-50042"
},
{
"category": "external",
"summary": "SUSE Bug 1231906 for CVE-2024-50042",
"url": "https://bugzilla.suse.com/1231906"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50042"
},
{
"cve": "CVE-2024-50044",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50044"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change\n\nrfcomm_sk_state_change attempts to use sock_lock so it must never be\ncalled with it locked but rfcomm_sock_ioctl always attempt to lock it\ncausing the following trace:\n\n======================================================\nWARNING: possible circular locking dependency detected\n6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted\n------------------------------------------------------\nsyz-executor386/5093 is trying to acquire lock:\nffff88807c396258 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1671 [inline]\nffff88807c396258 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sk_state_change+0x5b/0x310 net/bluetooth/rfcomm/sock.c:73\n\nbut task is already holding lock:\nffff88807badfd28 (\u0026d-\u003elock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x226/0x6a0 net/bluetooth/rfcomm/core.c:491",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50044",
"url": "https://www.suse.com/security/cve/CVE-2024-50044"
},
{
"category": "external",
"summary": "SUSE Bug 1231904 for CVE-2024-50044",
"url": "https://bugzilla.suse.com/1231904"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50044"
},
{
"cve": "CVE-2024-50045",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50045"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: br_netfilter: fix panic with metadata_dst skb\n\nFix a kernel panic in the br_netfilter module when sending untagged\ntraffic via a VxLAN device.\nThis happens during the check for fragmentation in br_nf_dev_queue_xmit.\n\nIt is dependent on:\n1) the br_netfilter module being loaded;\n2) net.bridge.bridge-nf-call-iptables set to 1;\n3) a bridge with a VxLAN (single-vxlan-device) netdevice as a bridge port;\n4) untagged frames with size higher than the VxLAN MTU forwarded/flooded\n\nWhen forwarding the untagged packet to the VxLAN bridge port, before\nthe netfilter hooks are called, br_handle_egress_vlan_tunnel is called and\nchanges the skb_dst to the tunnel dst. The tunnel_dst is a metadata type\nof dst, i.e., skb_valid_dst(skb) is false, and metadata-\u003edst.dev is NULL.\n\nThen in the br_netfilter hooks, in br_nf_dev_queue_xmit, there\u0027s a check\nfor frames that needs to be fragmented: frames with higher MTU than the\nVxLAN device end up calling br_nf_ip_fragment, which in turns call\nip_skb_dst_mtu.\n\nThe ip_dst_mtu tries to use the skb_dst(skb) as if it was a valid dst\nwith valid dst-\u003edev, thus the crash.\n\nThis case was never supported in the first place, so drop the packet\ninstead.\n\nPING 10.0.0.2 (10.0.0.2) from 0.0.0.0 h1-eth0: 2000(2028) bytes of data.\n[ 176.291791] Unable to handle kernel NULL pointer dereference at\nvirtual address 0000000000000110\n[ 176.292101] Mem abort info:\n[ 176.292184] ESR = 0x0000000096000004\n[ 176.292322] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 176.292530] SET = 0, FnV = 0\n[ 176.292709] EA = 0, S1PTW = 0\n[ 176.292862] FSC = 0x04: level 0 translation fault\n[ 176.293013] Data abort info:\n[ 176.293104] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[ 176.293488] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 176.293787] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 176.293995] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000043ef5000\n[ 176.294166] [0000000000000110] pgd=0000000000000000,\np4d=0000000000000000\n[ 176.294827] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 176.295252] Modules linked in: vxlan ip6_udp_tunnel udp_tunnel veth\nbr_netfilter bridge stp llc ipv6 crct10dif_ce\n[ 176.295923] CPU: 0 PID: 188 Comm: ping Not tainted\n6.8.0-rc3-g5b3fbd61b9d1 #2\n[ 176.296314] Hardware name: linux,dummy-virt (DT)\n[ 176.296535] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS\nBTYPE=--)\n[ 176.296808] pc : br_nf_dev_queue_xmit+0x390/0x4ec [br_netfilter]\n[ 176.297382] lr : br_nf_dev_queue_xmit+0x2ac/0x4ec [br_netfilter]\n[ 176.297636] sp : ffff800080003630\n[ 176.297743] x29: ffff800080003630 x28: 0000000000000008 x27:\nffff6828c49ad9f8\n[ 176.298093] x26: ffff6828c49ad000 x25: 0000000000000000 x24:\n00000000000003e8\n[ 176.298430] x23: 0000000000000000 x22: ffff6828c4960b40 x21:\nffff6828c3b16d28\n[ 176.298652] x20: ffff6828c3167048 x19: ffff6828c3b16d00 x18:\n0000000000000014\n[ 176.298926] x17: ffffb0476322f000 x16: ffffb7e164023730 x15:\n0000000095744632\n[ 176.299296] x14: ffff6828c3f1c880 x13: 0000000000000002 x12:\nffffb7e137926a70\n[ 176.299574] x11: 0000000000000001 x10: ffff6828c3f1c898 x9 :\n0000000000000000\n[ 176.300049] x8 : ffff6828c49bf070 x7 : 0008460f18d5f20e x6 :\nf20e0100bebafeca\n[ 176.300302] x5 : ffff6828c7f918fe x4 : ffff6828c49bf070 x3 :\n0000000000000000\n[ 176.300586] x2 : 0000000000000000 x1 : ffff6828c3c7ad00 x0 :\nffff6828c7f918f0\n[ 176.300889] Call trace:\n[ 176.301123] br_nf_dev_queue_xmit+0x390/0x4ec [br_netfilter]\n[ 176.301411] br_nf_post_routing+0x2a8/0x3e4 [br_netfilter]\n[ 176.301703] nf_hook_slow+0x48/0x124\n[ 176.302060] br_forward_finish+0xc8/0xe8 [bridge]\n[ 176.302371] br_nf_hook_thresh+0x124/0x134 [br_netfilter]\n[ 176.302605] br_nf_forward_finish+0x118/0x22c [br_netfilter]\n[ 176.302824] br_nf_forward_ip.part.0+0x264/0x290 [br_netfilter]\n[ 176.303136] br_nf_forward+0x2b8/0x4e0 [br_netfilter]\n[ 176.303359] nf_hook_slow+0x48/0x124\n[ 176.303\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50045",
"url": "https://www.suse.com/security/cve/CVE-2024-50045"
},
{
"category": "external",
"summary": "SUSE Bug 1231903 for CVE-2024-50045",
"url": "https://bugzilla.suse.com/1231903"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50045"
},
{
"cve": "CVE-2024-50046",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50046"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies()\n\nOn the node of an NFS client, some files saved in the mountpoint of the\nNFS server were copied to another location of the same NFS server.\nAccidentally, the nfs42_complete_copies() got a NULL-pointer dereference\ncrash with the following syslog:\n\n[232064.838881] NFSv4: state recovery failed for open file nfs/pvc-12b5200d-cd0f-46a3-b9f0-af8f4fe0ef64.qcow2, error = -116\n[232064.839360] NFSv4: state recovery failed for open file nfs/pvc-12b5200d-cd0f-46a3-b9f0-af8f4fe0ef64.qcow2, error = -116\n[232066.588183] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000058\n[232066.588586] Mem abort info:\n[232066.588701] ESR = 0x0000000096000007\n[232066.588862] EC = 0x25: DABT (current EL), IL = 32 bits\n[232066.589084] SET = 0, FnV = 0\n[232066.589216] EA = 0, S1PTW = 0\n[232066.589340] FSC = 0x07: level 3 translation fault\n[232066.589559] Data abort info:\n[232066.589683] ISV = 0, ISS = 0x00000007\n[232066.589842] CM = 0, WnR = 0\n[232066.589967] user pgtable: 64k pages, 48-bit VAs, pgdp=00002000956ff400\n[232066.590231] [0000000000000058] pgd=08001100ae100003, p4d=08001100ae100003, pud=08001100ae100003, pmd=08001100b3c00003, pte=0000000000000000\n[232066.590757] Internal error: Oops: 96000007 [#1] SMP\n[232066.590958] Modules linked in: rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs ocfs2_dlmfs ocfs2_stack_o2cb ocfs2_dlm vhost_net vhost vhost_iotlb tap tun ipt_rpfilter xt_multiport ip_set_hash_ip ip_set_hash_net xfrm_interface xfrm6_tunnel tunnel4 tunnel6 esp4 ah4 wireguard libcurve25519_generic veth xt_addrtype xt_set nf_conntrack_netlink ip_set_hash_ipportnet ip_set_hash_ipportip ip_set_bitmap_port ip_set_hash_ipport dummy ip_set ip_vs_sh ip_vs_wrr ip_vs_rr ip_vs iptable_filter sch_ingress nfnetlink_cttimeout vport_gre ip_gre ip_tunnel gre vport_geneve geneve vport_vxlan vxlan ip6_udp_tunnel udp_tunnel openvswitch nf_conncount dm_round_robin dm_service_time dm_multipath xt_nat xt_MASQUERADE nft_chain_nat nf_nat xt_mark xt_conntrack xt_comment nft_compat nft_counter nf_tables nfnetlink ocfs2 ocfs2_nodemanager ocfs2_stackglue iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ipmi_ssif nbd overlay 8021q garp mrp bonding tls rfkill sunrpc ext4 mbcache jbd2\n[232066.591052] vfat fat cas_cache cas_disk ses enclosure scsi_transport_sas sg acpi_ipmi ipmi_si ipmi_devintf ipmi_msghandler ip_tables vfio_pci vfio_pci_core vfio_virqfd vfio_iommu_type1 vfio dm_mirror dm_region_hash dm_log dm_mod nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 br_netfilter bridge stp llc fuse xfs libcrc32c ast drm_vram_helper qla2xxx drm_kms_helper syscopyarea crct10dif_ce sysfillrect ghash_ce sysimgblt sha2_ce fb_sys_fops cec sha256_arm64 sha1_ce drm_ttm_helper ttm nvme_fc igb sbsa_gwdt nvme_fabrics drm nvme_core i2c_algo_bit i40e scsi_transport_fc megaraid_sas aes_neon_bs\n[232066.596953] CPU: 6 PID: 4124696 Comm: 10.253.166.125- Kdump: loaded Not tainted 5.15.131-9.cl9_ocfs2.aarch64 #1\n[232066.597356] Hardware name: Great Wall .\\x93\\x8e...RF6260 V5/GWMSSE2GL1T, BIOS T656FBE_V3.0.18 2024-01-06\n[232066.597721] pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[232066.598034] pc : nfs4_reclaim_open_state+0x220/0x800 [nfsv4]\n[232066.598327] lr : nfs4_reclaim_open_state+0x12c/0x800 [nfsv4]\n[232066.598595] sp : ffff8000f568fc70\n[232066.598731] x29: ffff8000f568fc70 x28: 0000000000001000 x27: ffff21003db33000\n[232066.599030] x26: ffff800005521ae0 x25: ffff0100f98fa3f0 x24: 0000000000000001\n[232066.599319] x23: ffff800009920008 x22: ffff21003db33040 x21: ffff21003db33050\n[232066.599628] x20: ffff410172fe9e40 x19: ffff410172fe9e00 x18: 0000000000000000\n[232066.599914] x17: 0000000000000000 x16: 0000000000000004 x15: 0000000000000000\n[232066.600195] x14: 0000000000000000 x13: ffff800008e685a8 x12: 00000000eac0c6e6\n[232066.600498] x11: 00000000000000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50046",
"url": "https://www.suse.com/security/cve/CVE-2024-50046"
},
{
"category": "external",
"summary": "SUSE Bug 1231902 for CVE-2024-50046",
"url": "https://bugzilla.suse.com/1231902"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50046"
},
{
"cve": "CVE-2024-50047",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50047"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix UAF in async decryption\n\nDoing an async decryption (large read) crashes with a\nslab-use-after-free way down in the crypto API.\n\nReproducer:\n # mount.cifs -o ...,seal,esize=1 //srv/share /mnt\n # dd if=/mnt/largefile of=/dev/null\n ...\n [ 194.196391] ==================================================================\n [ 194.196844] BUG: KASAN: slab-use-after-free in gf128mul_4k_lle+0xc1/0x110\n [ 194.197269] Read of size 8 at addr ffff888112bd0448 by task kworker/u77:2/899\n [ 194.197707]\n [ 194.197818] CPU: 12 UID: 0 PID: 899 Comm: kworker/u77:2 Not tainted 6.11.0-lku-00028-gfca3ca14a17a-dirty #43\n [ 194.198400] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.2-3-gd478f380-prebuilt.qemu.org 04/01/2014\n [ 194.199046] Workqueue: smb3decryptd smb2_decrypt_offload [cifs]\n [ 194.200032] Call Trace:\n [ 194.200191] \u003cTASK\u003e\n [ 194.200327] dump_stack_lvl+0x4e/0x70\n [ 194.200558] ? gf128mul_4k_lle+0xc1/0x110\n [ 194.200809] print_report+0x174/0x505\n [ 194.201040] ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n [ 194.201352] ? srso_return_thunk+0x5/0x5f\n [ 194.201604] ? __virt_addr_valid+0xdf/0x1c0\n [ 194.201868] ? gf128mul_4k_lle+0xc1/0x110\n [ 194.202128] kasan_report+0xc8/0x150\n [ 194.202361] ? gf128mul_4k_lle+0xc1/0x110\n [ 194.202616] gf128mul_4k_lle+0xc1/0x110\n [ 194.202863] ghash_update+0x184/0x210\n [ 194.203103] shash_ahash_update+0x184/0x2a0\n [ 194.203377] ? __pfx_shash_ahash_update+0x10/0x10\n [ 194.203651] ? srso_return_thunk+0x5/0x5f\n [ 194.203877] ? crypto_gcm_init_common+0x1ba/0x340\n [ 194.204142] gcm_hash_assoc_remain_continue+0x10a/0x140\n [ 194.204434] crypt_message+0xec1/0x10a0 [cifs]\n [ 194.206489] ? __pfx_crypt_message+0x10/0x10 [cifs]\n [ 194.208507] ? srso_return_thunk+0x5/0x5f\n [ 194.209205] ? srso_return_thunk+0x5/0x5f\n [ 194.209925] ? srso_return_thunk+0x5/0x5f\n [ 194.210443] ? srso_return_thunk+0x5/0x5f\n [ 194.211037] decrypt_raw_data+0x15f/0x250 [cifs]\n [ 194.212906] ? __pfx_decrypt_raw_data+0x10/0x10 [cifs]\n [ 194.214670] ? srso_return_thunk+0x5/0x5f\n [ 194.215193] smb2_decrypt_offload+0x12a/0x6c0 [cifs]\n\nThis is because TFM is being used in parallel.\n\nFix this by allocating a new AEAD TFM for async decryption, but keep\nthe existing one for synchronous READ cases (similar to what is done\nin smb3_calc_signature()).\n\nAlso remove the calls to aead_request_set_callback() and\ncrypto_wait_req() since it\u0027s always going to be a synchronous operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50047",
"url": "https://www.suse.com/security/cve/CVE-2024-50047"
},
{
"category": "external",
"summary": "SUSE Bug 1232418 for CVE-2024-50047",
"url": "https://bugzilla.suse.com/1232418"
},
{
"category": "external",
"summary": "SUSE Bug 1232576 for CVE-2024-50047",
"url": "https://bugzilla.suse.com/1232576"
},
{
"category": "external",
"summary": "SUSE Bug 1232638 for CVE-2024-50047",
"url": "https://bugzilla.suse.com/1232638"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-50047"
},
{
"cve": "CVE-2024-50048",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50048"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbcon: Fix a NULL pointer dereference issue in fbcon_putcs\n\nsyzbot has found a NULL pointer dereference bug in fbcon.\nHere is the simplified C reproducer:\n\nstruct param {\n\tuint8_t type;\n\tstruct tiocl_selection ts;\n};\n\nint main()\n{\n\tstruct fb_con2fbmap con2fb;\n\tstruct param param;\n\n\tint fd = open(\"/dev/fb1\", 0, 0);\n\n\tcon2fb.console = 0x19;\n\tcon2fb.framebuffer = 0;\n\tioctl(fd, FBIOPUT_CON2FBMAP, \u0026con2fb);\n\n\tparam.type = 2;\n\tparam.ts.xs = 0; param.ts.ys = 0;\n\tparam.ts.xe = 0; param.ts.ye = 0;\n\tparam.ts.sel_mode = 0;\n\n\tint fd1 = open(\"/dev/tty1\", O_RDWR, 0);\n\tioctl(fd1, TIOCLINUX, \u0026param);\n\n\tcon2fb.console = 1;\n\tcon2fb.framebuffer = 0;\n\tioctl(fd, FBIOPUT_CON2FBMAP, \u0026con2fb);\n\n\treturn 0;\n}\n\nAfter calling ioctl(fd1, TIOCLINUX, \u0026param), the subsequent ioctl(fd, FBIOPUT_CON2FBMAP, \u0026con2fb)\ncauses the kernel to follow a different execution path:\n\n set_con2fb_map\n -\u003e con2fb_init_display\n -\u003e fbcon_set_disp\n -\u003e redraw_screen\n -\u003e hide_cursor\n -\u003e clear_selection\n -\u003e highlight\n -\u003e invert_screen\n -\u003e do_update_region\n -\u003e fbcon_putcs\n -\u003e ops-\u003eputcs\n\nSince ops-\u003eputcs is a NULL pointer, this leads to a kernel panic.\nTo prevent this, we need to call set_blitting_type() within set_con2fb_map()\nto properly initialize ops-\u003eputcs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50048",
"url": "https://www.suse.com/security/cve/CVE-2024-50048"
},
{
"category": "external",
"summary": "SUSE Bug 1232310 for CVE-2024-50048",
"url": "https://bugzilla.suse.com/1232310"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50048"
},
{
"cve": "CVE-2024-50049",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50049"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check null pointer before dereferencing se\n\n[WHAT \u0026 HOW]\nse is null checked previously in the same function, indicating\nit might be null; therefore, it must be checked when used again.\n\nThis fixes 1 FORWARD_NULL issue reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50049",
"url": "https://www.suse.com/security/cve/CVE-2024-50049"
},
{
"category": "external",
"summary": "SUSE Bug 1232309 for CVE-2024-50049",
"url": "https://bugzilla.suse.com/1232309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50049"
},
{
"cve": "CVE-2024-50055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50055"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: bus: Fix double free in driver API bus_register()\n\nFor bus_register(), any error which happens after kset_register() will\ncause that @priv are freed twice, fixed by setting @priv with NULL after\nthe first free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50055",
"url": "https://www.suse.com/security/cve/CVE-2024-50055"
},
{
"category": "external",
"summary": "SUSE Bug 1232329 for CVE-2024-50055",
"url": "https://bugzilla.suse.com/1232329"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50055"
},
{
"cve": "CVE-2024-50058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: protect uart_port_dtr_rts() in uart_shutdown() too\n\nCommit af224ca2df29 (serial: core: Prevent unsafe uart port access, part\n3) added few uport == NULL checks. It added one to uart_shutdown(), so\nthe commit assumes, uport can be NULL in there. But right after that\nprotection, there is an unprotected \"uart_port_dtr_rts(uport, false);\"\ncall. That is invoked only if HUPCL is set, so I assume that is the\nreason why we do not see lots of these reports.\n\nOr it cannot be NULL at this point at all for some reason :P.\n\nUntil the above is investigated, stay on the safe side and move this\ndereference to the if too.\n\nI got this inconsistency from Coverity under CID 1585130. Thanks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50058",
"url": "https://www.suse.com/security/cve/CVE-2024-50058"
},
{
"category": "external",
"summary": "SUSE Bug 1232285 for CVE-2024-50058",
"url": "https://bugzilla.suse.com/1232285"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50058"
},
{
"cve": "CVE-2024-50059",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50059"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition\n\nIn the switchtec_ntb_add function, it can call switchtec_ntb_init_sndev\nfunction, then \u0026sndev-\u003echeck_link_status_work is bound with\ncheck_link_status_work. switchtec_ntb_link_notification may be called\nto start the work.\n\nIf we remove the module which will call switchtec_ntb_remove to make\ncleanup, it will free sndev through kfree(sndev), while the work\nmentioned above will be used. The sequence of operations that may lead\nto a UAF bug is as follows:\n\nCPU0 CPU1\n\n | check_link_status_work\nswitchtec_ntb_remove |\nkfree(sndev); |\n | if (sndev-\u003elink_force_down)\n | // use sndev\n\nFix it by ensuring that the work is canceled before proceeding with\nthe cleanup in switchtec_ntb_remove.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50059",
"url": "https://www.suse.com/security/cve/CVE-2024-50059"
},
{
"category": "external",
"summary": "SUSE Bug 1232345 for CVE-2024-50059",
"url": "https://bugzilla.suse.com/1232345"
},
{
"category": "external",
"summary": "SUSE Bug 1232348 for CVE-2024-50059",
"url": "https://bugzilla.suse.com/1232348"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-50059"
},
{
"cve": "CVE-2024-50060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50060"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: check if we need to reschedule during overflow flush\n\nIn terms of normal application usage, this list will always be empty.\nAnd if an application does overflow a bit, it\u0027ll have a few entries.\nHowever, nothing obviously prevents syzbot from running a test case\nthat generates a ton of overflow entries, and then flushing them can\ntake quite a while.\n\nCheck for needing to reschedule while flushing, and drop our locks and\ndo so if necessary. There\u0027s no state to maintain here as overflows\nalways prune from head-of-list, hence it\u0027s fine to drop and reacquire\nthe locks at the end of the loop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50060",
"url": "https://www.suse.com/security/cve/CVE-2024-50060"
},
{
"category": "external",
"summary": "SUSE Bug 1232417 for CVE-2024-50060",
"url": "https://bugzilla.suse.com/1232417"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50060"
},
{
"cve": "CVE-2024-50061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50061"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition\n\nIn the cdns_i3c_master_probe function, \u0026master-\u003ehj_work is bound with\ncdns_i3c_master_hj. And cdns_i3c_master_interrupt can call\ncnds_i3c_master_demux_ibis function to start the work.\n\nIf we remove the module which will call cdns_i3c_master_remove to\nmake cleanup, it will free master-\u003ebase through i3c_master_unregister\nwhile the work mentioned above will be used. The sequence of operations\nthat may lead to a UAF bug is as follows:\n\nCPU0 CPU1\n\n | cdns_i3c_master_hj\ncdns_i3c_master_remove |\ni3c_master_unregister(\u0026master-\u003ebase) |\ndevice_unregister(\u0026master-\u003edev) |\ndevice_release |\n//free master-\u003ebase |\n | i3c_master_do_daa(\u0026master-\u003ebase)\n | //use master-\u003ebase\n\nFix it by ensuring that the work is canceled before proceeding with\nthe cleanup in cdns_i3c_master_remove.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50061",
"url": "https://www.suse.com/security/cve/CVE-2024-50061"
},
{
"category": "external",
"summary": "SUSE Bug 1232263 for CVE-2024-50061",
"url": "https://bugzilla.suse.com/1232263"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50061"
},
{
"cve": "CVE-2024-50062",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50062"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rtrs-srv: Avoid null pointer deref during path establishment\n\nFor RTRS path establishment, RTRS client initiates and completes con_num\nof connections. After establishing all its connections, the information\nis exchanged between the client and server through the info_req message.\nDuring this exchange, it is essential that all connections have been\nestablished, and the state of the RTRS srv path is CONNECTED.\n\nSo add these sanity checks, to make sure we detect and abort process in\nerror scenarios to avoid null pointer deref.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50062",
"url": "https://www.suse.com/security/cve/CVE-2024-50062"
},
{
"category": "external",
"summary": "SUSE Bug 1232232 for CVE-2024-50062",
"url": "https://bugzilla.suse.com/1232232"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50062"
},
{
"cve": "CVE-2024-50063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50063"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Prevent tail call between progs attached to different hooks\n\nbpf progs can be attached to kernel functions, and the attached functions\ncan take different parameters or return different return values. If\nprog attached to one kernel function tail calls prog attached to another\nkernel function, the ctx access or return value verification could be\nbypassed.\n\nFor example, if prog1 is attached to func1 which takes only 1 parameter\nand prog2 is attached to func2 which takes two parameters. Since verifier\nassumes the bpf ctx passed to prog2 is constructed based on func2\u0027s\nprototype, verifier allows prog2 to access the second parameter from\nthe bpf ctx passed to it. The problem is that verifier does not prevent\nprog1 from passing its bpf ctx to prog2 via tail call. In this case,\nthe bpf ctx passed to prog2 is constructed from func1 instead of func2,\nthat is, the assumption for ctx access verification is bypassed.\n\nAnother example, if BPF LSM prog1 is attached to hook file_alloc_security,\nand BPF LSM prog2 is attached to hook bpf_lsm_audit_rule_known. Verifier\nknows the return value rules for these two hooks, e.g. it is legal for\nbpf_lsm_audit_rule_known to return positive number 1, and it is illegal\nfor file_alloc_security to return positive number. So verifier allows\nprog2 to return positive number 1, but does not allow prog1 to return\npositive number. The problem is that verifier does not prevent prog1\nfrom calling prog2 via tail call. In this case, prog2\u0027s return value 1\nwill be used as the return value for prog1\u0027s hook file_alloc_security.\nThat is, the return value rule is bypassed.\n\nThis patch adds restriction for tail call to prevent such bypasses.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50063",
"url": "https://www.suse.com/security/cve/CVE-2024-50063"
},
{
"category": "external",
"summary": "SUSE Bug 1232435 for CVE-2024-50063",
"url": "https://bugzilla.suse.com/1232435"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50063"
},
{
"cve": "CVE-2024-50064",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50064"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nzram: free secondary algorithms names\n\nWe need to kfree() secondary algorithms names when reset zram device that\nhad multi-streams, otherwise we leak memory.\n\n[senozhatsky@chromium.org: kfree(NULL) is legal]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50064",
"url": "https://www.suse.com/security/cve/CVE-2024-50064"
},
{
"category": "external",
"summary": "SUSE Bug 1231901 for CVE-2024-50064",
"url": "https://bugzilla.suse.com/1231901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50064"
},
{
"cve": "CVE-2024-50067",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50067"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nuprobe: avoid out-of-bounds memory access of fetching args\n\nUprobe needs to fetch args into a percpu buffer, and then copy to ring\nbuffer to avoid non-atomic context problem.\n\nSometimes user-space strings, arrays can be very large, but the size of\npercpu buffer is only page size. And store_trace_args() won\u0027t check\nwhether these data exceeds a single page or not, caused out-of-bounds\nmemory access.\n\nIt could be reproduced by following steps:\n1. build kernel with CONFIG_KASAN enabled\n2. save follow program as test.c\n\n```\n\\#include \u003cstdio.h\u003e\n\\#include \u003cstdlib.h\u003e\n\\#include \u003cstring.h\u003e\n\n// If string length large than MAX_STRING_SIZE, the fetch_store_strlen()\n// will return 0, cause __get_data_size() return shorter size, and\n// store_trace_args() will not trigger out-of-bounds access.\n// So make string length less than 4096.\n\\#define STRLEN 4093\n\nvoid generate_string(char *str, int n)\n{\n int i;\n for (i = 0; i \u003c n; ++i)\n {\n char c = i % 26 + \u0027a\u0027;\n str[i] = c;\n }\n str[n-1] = \u0027\\0\u0027;\n}\n\nvoid print_string(char *str)\n{\n printf(\"%s\\n\", str);\n}\n\nint main()\n{\n char tmp[STRLEN];\n\n generate_string(tmp, STRLEN);\n print_string(tmp);\n\n return 0;\n}\n```\n3. compile program\n`gcc -o test test.c`\n\n4. get the offset of `print_string()`\n```\nobjdump -t test | grep -w print_string\n0000000000401199 g F .text 000000000000001b print_string\n```\n\n5. configure uprobe with offset 0x1199\n```\noff=0x1199\n\ncd /sys/kernel/debug/tracing/\necho \"p /root/test:${off} arg1=+0(%di):ustring arg2=\\$comm arg3=+0(%di):ustring\"\n \u003e uprobe_events\necho 1 \u003e events/uprobes/enable\necho 1 \u003e tracing_on\n```\n\n6. run `test`, and kasan will report error.\n==================================================================\nBUG: KASAN: use-after-free in strncpy_from_user+0x1d6/0x1f0\nWrite of size 8 at addr ffff88812311c004 by task test/499CPU: 0 UID: 0 PID: 499 Comm: test Not tainted 6.12.0-rc3+ #18\nHardware name: Red Hat KVM, BIOS 1.16.0-4.al8 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x55/0x70\n print_address_description.constprop.0+0x27/0x310\n kasan_report+0x10f/0x120\n ? strncpy_from_user+0x1d6/0x1f0\n strncpy_from_user+0x1d6/0x1f0\n ? rmqueue.constprop.0+0x70d/0x2ad0\n process_fetch_insn+0xb26/0x1470\n ? __pfx_process_fetch_insn+0x10/0x10\n ? _raw_spin_lock+0x85/0xe0\n ? __pfx__raw_spin_lock+0x10/0x10\n ? __pte_offset_map+0x1f/0x2d0\n ? unwind_next_frame+0xc5f/0x1f80\n ? arch_stack_walk+0x68/0xf0\n ? is_bpf_text_address+0x23/0x30\n ? kernel_text_address.part.0+0xbb/0xd0\n ? __kernel_text_address+0x66/0xb0\n ? unwind_get_return_address+0x5e/0xa0\n ? __pfx_stack_trace_consume_entry+0x10/0x10\n ? arch_stack_walk+0xa2/0xf0\n ? _raw_spin_lock_irqsave+0x8b/0xf0\n ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n ? depot_alloc_stack+0x4c/0x1f0\n ? _raw_spin_unlock_irqrestore+0xe/0x30\n ? stack_depot_save_flags+0x35d/0x4f0\n ? kasan_save_stack+0x34/0x50\n ? kasan_save_stack+0x24/0x50\n ? mutex_lock+0x91/0xe0\n ? __pfx_mutex_lock+0x10/0x10\n prepare_uprobe_buffer.part.0+0x2cd/0x500\n uprobe_dispatcher+0x2c3/0x6a0\n ? __pfx_uprobe_dispatcher+0x10/0x10\n ? __kasan_slab_alloc+0x4d/0x90\n handler_chain+0xdd/0x3e0\n handle_swbp+0x26e/0x3d0\n ? __pfx_handle_swbp+0x10/0x10\n ? uprobe_pre_sstep_notifier+0x151/0x1b0\n irqentry_exit_to_user_mode+0xe2/0x1b0\n asm_exc_int3+0x39/0x40\nRIP: 0033:0x401199\nCode: 01 c2 0f b6 45 fb 88 02 83 45 fc 01 8b 45 fc 3b 45 e4 7c b7 8b 45 e4 48 98 48 8d 50 ff 48 8b 45 e8 48 01 d0 ce\nRSP: 002b:00007ffdf00576a8 EFLAGS: 00000206\nRAX: 00007ffdf00576b0 RBX: 0000000000000000 RCX: 0000000000000ff2\nRDX: 0000000000000ffc RSI: 0000000000000ffd RDI: 00007ffdf00576b0\nRBP: 00007ffdf00586b0 R08: 00007feb2f9c0d20 R09: 00007feb2f9c0d20\nR10: 0000000000000001 R11: 0000000000000202 R12: 0000000000401040\nR13: 00007ffdf0058780 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\nThis commit enforces the buffer\u0027s maxlen less than a page-size to avoid\nstore_trace_args() out-of-memory access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50067",
"url": "https://www.suse.com/security/cve/CVE-2024-50067"
},
{
"category": "external",
"summary": "SUSE Bug 1232416 for CVE-2024-50067",
"url": "https://bugzilla.suse.com/1232416"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50067"
},
{
"cve": "CVE-2024-50069",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50069"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: apple: check devm_kasprintf() returned value\n\ndevm_kasprintf() can return a NULL pointer on failure but this returned\nvalue is not checked. Fix this lack and check the returned value.\n\nFound by code review.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50069",
"url": "https://www.suse.com/security/cve/CVE-2024-50069"
},
{
"category": "external",
"summary": "SUSE Bug 1232511 for CVE-2024-50069",
"url": "https://bugzilla.suse.com/1232511"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50069"
},
{
"cve": "CVE-2024-50073",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50073"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: Fix use-after-free in gsm_cleanup_mux\n\nBUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0\ndrivers/tty/n_gsm.c:3160 [n_gsm]\nRead of size 8 at addr ffff88815fe99c00 by task poc/3379\nCPU: 0 UID: 0 PID: 3379 Comm: poc Not tainted 6.11.0+ #56\nHardware name: VMware, Inc. VMware Virtual Platform/440BX\nDesktop Reference Platform, BIOS 6.00 11/12/2020\nCall Trace:\n \u003cTASK\u003e\n gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n __pfx_gsm_cleanup_mux+0x10/0x10 drivers/tty/n_gsm.c:3124 [n_gsm]\n __pfx_sched_clock_cpu+0x10/0x10 kernel/sched/clock.c:389\n update_load_avg+0x1c1/0x27b0 kernel/sched/fair.c:4500\n __pfx_min_vruntime_cb_rotate+0x10/0x10 kernel/sched/fair.c:846\n __rb_insert_augmented+0x492/0xbf0 lib/rbtree.c:161\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n _raw_spin_lock_irqsave+0x92/0xf0 arch/x86/include/asm/atomic.h:107\n __pfx_gsmld_ioctl+0x10/0x10 drivers/tty/n_gsm.c:3822 [n_gsm]\n ktime_get+0x5e/0x140 kernel/time/timekeeping.c:195\n ldsem_down_read+0x94/0x4e0 arch/x86/include/asm/atomic64_64.h:79\n __pfx_ldsem_down_read+0x10/0x10 drivers/tty/tty_ldsem.c:338\n __pfx_do_vfs_ioctl+0x10/0x10 fs/ioctl.c:805\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\nAllocated by task 65:\n gsm_data_alloc.constprop.0+0x27/0x190 drivers/tty/n_gsm.c:926 [n_gsm]\n gsm_send+0x2c/0x580 drivers/tty/n_gsm.c:819 [n_gsm]\n gsm1_receive+0x547/0xad0 drivers/tty/n_gsm.c:3038 [n_gsm]\n gsmld_receive_buf+0x176/0x280 drivers/tty/n_gsm.c:3609 [n_gsm]\n tty_ldisc_receive_buf+0x101/0x1e0 drivers/tty/tty_buffer.c:391\n tty_port_default_receive_buf+0x61/0xa0 drivers/tty/tty_port.c:39\n flush_to_ldisc+0x1b0/0x750 drivers/tty/tty_buffer.c:445\n process_scheduled_works+0x2b0/0x10d0 kernel/workqueue.c:3229\n worker_thread+0x3dc/0x950 kernel/workqueue.c:3391\n kthread+0x2a3/0x370 kernel/kthread.c:389\n ret_from_fork+0x2d/0x70 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:257\n\nFreed by task 3367:\n kfree+0x126/0x420 mm/slub.c:4580\n gsm_cleanup_mux+0x36c/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\n[Analysis]\ngsm_msg on the tx_ctrl_list or tx_data_list of gsm_mux\ncan be freed by multi threads through ioctl,which leads\nto the occurrence of uaf. Protect it by gsm tx lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50073",
"url": "https://www.suse.com/security/cve/CVE-2024-50073"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50073",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232520 for CVE-2024-50073",
"url": "https://bugzilla.suse.com/1232520"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-50073"
},
{
"cve": "CVE-2024-50074",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50074"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nparport: Proper fix for array out-of-bounds access\n\nThe recent fix for array out-of-bounds accesses replaced sprintf()\ncalls blindly with snprintf(). However, since snprintf() returns the\nwould-be-printed size, not the actually output size, the length\ncalculation can still go over the given limit.\n\nUse scnprintf() instead of snprintf(), which returns the actually\noutput letters, for addressing the potential out-of-bounds access\nproperly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50074",
"url": "https://www.suse.com/security/cve/CVE-2024-50074"
},
{
"category": "external",
"summary": "SUSE Bug 1232507 for CVE-2024-50074",
"url": "https://bugzilla.suse.com/1232507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50074"
},
{
"cve": "CVE-2024-50075",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50075"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: tegra: fix checked USB2 port number\n\nIf USB virtualizatoin is enabled, USB2 ports are shared between all\nVirtual Functions. The USB2 port number owned by an USB2 root hub in\na Virtual Function may be less than total USB2 phy number supported\nby the Tegra XUSB controller.\n\nUsing total USB2 phy number as port number to check all PORTSC values\nwould cause invalid memory access.\n\n[ 116.923438] Unable to handle kernel paging request at virtual address 006c622f7665642f\n...\n[ 117.213640] Call trace:\n[ 117.216783] tegra_xusb_enter_elpg+0x23c/0x658\n[ 117.222021] tegra_xusb_runtime_suspend+0x40/0x68\n[ 117.227260] pm_generic_runtime_suspend+0x30/0x50\n[ 117.232847] __rpm_callback+0x84/0x3c0\n[ 117.237038] rpm_suspend+0x2dc/0x740\n[ 117.241229] pm_runtime_work+0xa0/0xb8\n[ 117.245769] process_scheduled_works+0x24c/0x478\n[ 117.251007] worker_thread+0x23c/0x328\n[ 117.255547] kthread+0x104/0x1b0\n[ 117.259389] ret_from_fork+0x10/0x20\n[ 117.263582] Code: 54000222 f9461ae8 f8747908 b4ffff48 (f9400100)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50075",
"url": "https://www.suse.com/security/cve/CVE-2024-50075"
},
{
"category": "external",
"summary": "SUSE Bug 1232506 for CVE-2024-50075",
"url": "https://bugzilla.suse.com/1232506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50075"
},
{
"cve": "CVE-2024-50076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50076"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvt: prevent kernel-infoleak in con_font_get()\n\nfont.data may not initialize all memory spaces depending on the implementation\nof vc-\u003evc_sw-\u003econ_font_get. This may cause info-leak, so to prevent this, it\nis safest to modify it to initialize the allocated memory space to 0, and it\ngenerally does not affect the overall performance of the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50076",
"url": "https://www.suse.com/security/cve/CVE-2024-50076"
},
{
"category": "external",
"summary": "SUSE Bug 1232505 for CVE-2024-50076",
"url": "https://bugzilla.suse.com/1232505"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50076"
},
{
"cve": "CVE-2024-50077",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50077"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: ISO: Fix multiple init when debugfs is disabled\n\nIf bt_debugfs is not created successfully, which happens if either\nCONFIG_DEBUG_FS or CONFIG_DEBUG_FS_ALLOW_ALL is unset, then iso_init()\nreturns early and does not set iso_inited to true. This means that a\nsubsequent call to iso_init() will result in duplicate calls to\nproto_register(), bt_sock_register(), etc.\n\nWith CONFIG_LIST_HARDENED and CONFIG_BUG_ON_DATA_CORRUPTION enabled, the\nduplicate call to proto_register() triggers this BUG():\n\n list_add double add: new=ffffffffc0b280d0, prev=ffffffffbab56250,\n next=ffffffffc0b280d0.\n ------------[ cut here ]------------\n kernel BUG at lib/list_debug.c:35!\n Oops: invalid opcode: 0000 [#1] PREEMPT SMP PTI\n CPU: 2 PID: 887 Comm: bluetoothd Not tainted 6.10.11-1-ao-desktop #1\n RIP: 0010:__list_add_valid_or_report+0x9a/0xa0\n ...\n __list_add_valid_or_report+0x9a/0xa0\n proto_register+0x2b5/0x340\n iso_init+0x23/0x150 [bluetooth]\n set_iso_socket_func+0x68/0x1b0 [bluetooth]\n kmem_cache_free+0x308/0x330\n hci_sock_sendmsg+0x990/0x9e0 [bluetooth]\n __sock_sendmsg+0x7b/0x80\n sock_write_iter+0x9a/0x110\n do_iter_readv_writev+0x11d/0x220\n vfs_writev+0x180/0x3e0\n do_writev+0xca/0x100\n ...\n\nThis change removes the early return. The check for iso_debugfs being\nNULL was unnecessary, it is always NULL when iso_inited is false.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50077",
"url": "https://www.suse.com/security/cve/CVE-2024-50077"
},
{
"category": "external",
"summary": "SUSE Bug 1232504 for CVE-2024-50077",
"url": "https://bugzilla.suse.com/1232504"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50077"
},
{
"cve": "CVE-2024-50078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50078"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Call iso_exit() on module unload\n\nIf iso_init() has been called, iso_exit() must be called on module\nunload. Without that, the struct proto that iso_init() registered with\nproto_register() becomes invalid, which could cause unpredictable\nproblems later. In my case, with CONFIG_LIST_HARDENED and\nCONFIG_BUG_ON_DATA_CORRUPTION enabled, loading the module again usually\ntriggers this BUG():\n\n list_add corruption. next-\u003eprev should be prev (ffffffffb5355fd0),\n but was 0000000000000068. (next=ffffffffc0a010d0).\n ------------[ cut here ]------------\n kernel BUG at lib/list_debug.c:29!\n Oops: invalid opcode: 0000 [#1] PREEMPT SMP PTI\n CPU: 1 PID: 4159 Comm: modprobe Not tainted 6.10.11-4+bt2-ao-desktop #1\n RIP: 0010:__list_add_valid_or_report+0x61/0xa0\n ...\n __list_add_valid_or_report+0x61/0xa0\n proto_register+0x299/0x320\n hci_sock_init+0x16/0xc0 [bluetooth]\n bt_init+0x68/0xd0 [bluetooth]\n __pfx_bt_init+0x10/0x10 [bluetooth]\n do_one_initcall+0x80/0x2f0\n do_init_module+0x8b/0x230\n __do_sys_init_module+0x15f/0x190\n do_syscall_64+0x68/0x110\n ...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50078",
"url": "https://www.suse.com/security/cve/CVE-2024-50078"
},
{
"category": "external",
"summary": "SUSE Bug 1232503 for CVE-2024-50078",
"url": "https://bugzilla.suse.com/1232503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50078"
},
{
"cve": "CVE-2024-50080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50080"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nublk: don\u0027t allow user copy for unprivileged device\n\nUBLK_F_USER_COPY requires userspace to call write() on ublk char\ndevice for filling request buffer, and unprivileged device can\u0027t\nbe trusted.\n\nSo don\u0027t allow user copy for unprivileged device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50080",
"url": "https://www.suse.com/security/cve/CVE-2024-50080"
},
{
"category": "external",
"summary": "SUSE Bug 1232502 for CVE-2024-50080",
"url": "https://bugzilla.suse.com/1232502"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50080"
},
{
"cve": "CVE-2024-50081",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50081"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-mq: setup queue -\u003etag_set before initializing hctx\n\nCommit 7b815817aa58 (\"blk-mq: add helper for checking if one CPU is mapped to specified hctx\")\nneeds to check queue mapping via tag set in hctx\u0027s cpuhp handler.\n\nHowever, q-\u003etag_set may not be setup yet when the cpuhp handler is\nenabled, then kernel oops is triggered.\n\nFix the issue by setup queue tag_set before initializing hctx.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50081",
"url": "https://www.suse.com/security/cve/CVE-2024-50081"
},
{
"category": "external",
"summary": "SUSE Bug 1232501 for CVE-2024-50081",
"url": "https://bugzilla.suse.com/1232501"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50081"
},
{
"cve": "CVE-2024-50082",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50082"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race\n\nWe\u0027re seeing crashes from rq_qos_wake_function that look like this:\n\n BUG: unable to handle page fault for address: ffffafe180a40084\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 100000067 P4D 100000067 PUD 10027c067 PMD 10115d067 PTE 0\n Oops: Oops: 0002 [#1] PREEMPT SMP PTI\n CPU: 17 UID: 0 PID: 0 Comm: swapper/17 Not tainted 6.12.0-rc3-00013-geca631b8fe80 #11\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\n RIP: 0010:_raw_spin_lock_irqsave+0x1d/0x40\n Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 9c 41 5c fa 65 ff 05 62 97 30 4c 31 c0 ba 01 00 00 00 \u003cf0\u003e 0f b1 17 75 0a 4c 89 e0 41 5c c3 cc cc cc cc 89 c6 e8 2c 0b 00\n RSP: 0018:ffffafe180580ca0 EFLAGS: 00010046\n RAX: 0000000000000000 RBX: ffffafe180a3f7a8 RCX: 0000000000000011\n RDX: 0000000000000001 RSI: 0000000000000003 RDI: ffffafe180a40084\n RBP: 0000000000000000 R08: 00000000001e7240 R09: 0000000000000011\n R10: 0000000000000028 R11: 0000000000000888 R12: 0000000000000002\n R13: ffffafe180a40084 R14: 0000000000000000 R15: 0000000000000003\n FS: 0000000000000000(0000) GS:ffff9aaf1f280000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: ffffafe180a40084 CR3: 000000010e428002 CR4: 0000000000770ef0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cIRQ\u003e\n try_to_wake_up+0x5a/0x6a0\n rq_qos_wake_function+0x71/0x80\n __wake_up_common+0x75/0xa0\n __wake_up+0x36/0x60\n scale_up.part.0+0x50/0x110\n wb_timer_fn+0x227/0x450\n ...\n\nSo rq_qos_wake_function() calls wake_up_process(data-\u003etask), which calls\ntry_to_wake_up(), which faults in raw_spin_lock_irqsave(\u0026p-\u003epi_lock).\n\np comes from data-\u003etask, and data comes from the waitqueue entry, which\nis stored on the waiter\u0027s stack in rq_qos_wait(). Analyzing the core\ndump with drgn, I found that the waiter had already woken up and moved\non to a completely unrelated code path, clobbering what was previously\ndata-\u003etask. Meanwhile, the waker was passing the clobbered garbage in\ndata-\u003etask to wake_up_process(), leading to the crash.\n\nWhat\u0027s happening is that in between rq_qos_wake_function() deleting the\nwaitqueue entry and calling wake_up_process(), rq_qos_wait() is finding\nthat it already got a token and returning. The race looks like this:\n\nrq_qos_wait() rq_qos_wake_function()\n==============================================================\nprepare_to_wait_exclusive()\n data-\u003egot_token = true;\n list_del_init(\u0026curr-\u003eentry);\nif (data.got_token)\n break;\nfinish_wait(\u0026rqw-\u003ewait, \u0026data.wq);\n ^- returns immediately because\n list_empty_careful(\u0026wq_entry-\u003eentry)\n is true\n... return, go do something else ...\n wake_up_process(data-\u003etask)\n (NO LONGER VALID!)-^\n\nNormally, finish_wait() is supposed to synchronize against the waker.\nBut, as noted above, it is returning immediately because the waitqueue\nentry has already been removed from the waitqueue.\n\nThe bug is that rq_qos_wake_function() is accessing the waitqueue entry\nAFTER deleting it. Note that autoremove_wake_function() wakes the waiter\nand THEN deletes the waitqueue entry, which is the proper order.\n\nFix it by swapping the order. We also need to use\nlist_del_init_careful() to match the list_empty_careful() in\nfinish_wait().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50082",
"url": "https://www.suse.com/security/cve/CVE-2024-50082"
},
{
"category": "external",
"summary": "SUSE Bug 1232500 for CVE-2024-50082",
"url": "https://bugzilla.suse.com/1232500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50082"
},
{
"cve": "CVE-2024-50084",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50084"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test()\n\nCommit a3c1e45156ad (\"net: microchip: vcap: Fix use-after-free error in\nkunit test\") fixed the use-after-free error, but introduced below\nmemory leaks by removing necessary vcap_free_rule(), add it to fix it.\n\n\tunreferenced object 0xffffff80ca58b700 (size 192):\n\t comm \"kunit_try_catch\", pid 1215, jiffies 4294898264\n\t hex dump (first 32 bytes):\n\t 00 12 7a 00 05 00 00 00 0a 00 00 00 64 00 00 00 ..z.........d...\n\t 00 00 00 00 00 00 00 00 00 04 0b cc 80 ff ff ff ................\n\t backtrace (crc 9c09c3fe):\n\t [\u003c0000000052a0be73\u003e] kmemleak_alloc+0x34/0x40\n\t [\u003c0000000043605459\u003e] __kmalloc_cache_noprof+0x26c/0x2f4\n\t [\u003c0000000040a01b8d\u003e] vcap_alloc_rule+0x3cc/0x9c4\n\t [\u003c000000003fe86110\u003e] vcap_api_encode_rule_test+0x1ac/0x16b0\n\t [\u003c00000000b3595fc4\u003e] kunit_try_run_case+0x13c/0x3ac\n\t [\u003c0000000010f5d2bf\u003e] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t [\u003c00000000c5d82c9a\u003e] kthread+0x2e8/0x374\n\t [\u003c00000000f4287308\u003e] ret_from_fork+0x10/0x20\n\tunreferenced object 0xffffff80cc0b0400 (size 64):\n\t comm \"kunit_try_catch\", pid 1215, jiffies 4294898265\n\t hex dump (first 32 bytes):\n\t 80 04 0b cc 80 ff ff ff 18 b7 58 ca 80 ff ff ff ..........X.....\n\t 39 00 00 00 02 00 00 00 06 05 04 03 02 01 ff ff 9...............\n\t backtrace (crc daf014e9):\n\t [\u003c0000000052a0be73\u003e] kmemleak_alloc+0x34/0x40\n\t [\u003c0000000043605459\u003e] __kmalloc_cache_noprof+0x26c/0x2f4\n\t [\u003c000000000ff63fd4\u003e] vcap_rule_add_key+0x2cc/0x528\n\t [\u003c00000000dfdb1e81\u003e] vcap_api_encode_rule_test+0x224/0x16b0\n\t [\u003c00000000b3595fc4\u003e] kunit_try_run_case+0x13c/0x3ac\n\t [\u003c0000000010f5d2bf\u003e] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t [\u003c00000000c5d82c9a\u003e] kthread+0x2e8/0x374\n\t [\u003c00000000f4287308\u003e] ret_from_fork+0x10/0x20\n\tunreferenced object 0xffffff80cc0b0700 (size 64):\n\t comm \"kunit_try_catch\", pid 1215, jiffies 4294898265\n\t hex dump (first 32 bytes):\n\t 80 07 0b cc 80 ff ff ff 28 b7 58 ca 80 ff ff ff ........(.X.....\n\t 3c 00 00 00 00 00 00 00 01 2f 03 b3 ec ff ff ff \u003c......../......\n\t backtrace (crc 8d877792):\n\t [\u003c0000000052a0be73\u003e] kmemleak_alloc+0x34/0x40\n\t [\u003c0000000043605459\u003e] __kmalloc_cache_noprof+0x26c/0x2f4\n\t [\u003c000000006eadfab7\u003e] vcap_rule_add_action+0x2d0/0x52c\n\t [\u003c00000000323475d1\u003e] vcap_api_encode_rule_test+0x4d4/0x16b0\n\t [\u003c00000000b3595fc4\u003e] kunit_try_run_case+0x13c/0x3ac\n\t [\u003c0000000010f5d2bf\u003e] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t [\u003c00000000c5d82c9a\u003e] kthread+0x2e8/0x374\n\t [\u003c00000000f4287308\u003e] ret_from_fork+0x10/0x20\n\tunreferenced object 0xffffff80cc0b0900 (size 64):\n\t comm \"kunit_try_catch\", pid 1215, jiffies 4294898266\n\t hex dump (first 32 bytes):\n\t 80 09 0b cc 80 ff ff ff 80 06 0b cc 80 ff ff ff ................\n\t 7d 00 00 00 01 00 00 00 00 00 00 00 ff 00 00 00 }...............\n\t backtrace (crc 34181e56):\n\t [\u003c0000000052a0be73\u003e] kmemleak_alloc+0x34/0x40\n\t [\u003c0000000043605459\u003e] __kmalloc_cache_noprof+0x26c/0x2f4\n\t [\u003c000000000ff63fd4\u003e] vcap_rule_add_key+0x2cc/0x528\n\t [\u003c00000000991e3564\u003e] vcap_val_rule+0xcf0/0x13e8\n\t [\u003c00000000fc9868e5\u003e] vcap_api_encode_rule_test+0x678/0x16b0\n\t [\u003c00000000b3595fc4\u003e] kunit_try_run_case+0x13c/0x3ac\n\t [\u003c0000000010f5d2bf\u003e] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t [\u003c00000000c5d82c9a\u003e] kthread+0x2e8/0x374\n\t [\u003c00000000f4287308\u003e] ret_from_fork+0x10/0x20\n\tunreferenced object 0xffffff80cc0b0980 (size 64):\n\t comm \"kunit_try_catch\", pid 1215, jiffies 4294898266\n\t hex dump (first 32 bytes):\n\t 18 b7 58 ca 80 ff ff ff 00 09 0b cc 80 ff ff ff ..X.............\n\t 67 00 00 00 00 00 00 00 01 01 74 88 c0 ff ff ff g.........t.....\n\t backtrace (crc 275fd9be):\n\t [\u003c0000000052a0be73\u003e] kmemleak_alloc+0x34/0x40\n\t [\u003c0000000043605459\u003e] __kmalloc_cache_noprof+0x26c/0x2f4\n\t [\u003c000000000ff63fd4\u003e] vcap_rule_add_key+0x2cc/0x528\n\t [\u003c000000001396a1a2\u003e] test_add_de\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50084",
"url": "https://www.suse.com/security/cve/CVE-2024-50084"
},
{
"category": "external",
"summary": "SUSE Bug 1232494 for CVE-2024-50084",
"url": "https://bugzilla.suse.com/1232494"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50084"
},
{
"cve": "CVE-2024-50087",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50087"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix uninitialized pointer free on read_alloc_one_name() error\n\nThe function read_alloc_one_name() does not initialize the name field of\nthe passed fscrypt_str struct if kmalloc fails to allocate the\ncorresponding buffer. Thus, it is not guaranteed that\nfscrypt_str.name is initialized when freeing it.\n\nThis is a follow-up to the linked patch that fixes the remaining\ninstances of the bug introduced by commit e43eec81c516 (\"btrfs: use\nstruct qstr instead of name and namelen pairs\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50087",
"url": "https://www.suse.com/security/cve/CVE-2024-50087"
},
{
"category": "external",
"summary": "SUSE Bug 1232499 for CVE-2024-50087",
"url": "https://bugzilla.suse.com/1232499"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50087"
},
{
"cve": "CVE-2024-50088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50088"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix uninitialized pointer free in add_inode_ref()\n\nThe add_inode_ref() function does not initialize the \"name\" struct when\nit is declared. If any of the following calls to \"read_one_inode()\nreturns NULL,\n\n\tdir = read_one_inode(root, parent_objectid);\n\tif (!dir) {\n\t\tret = -ENOENT;\n\t\tgoto out;\n\t}\n\n\tinode = read_one_inode(root, inode_objectid);\n\tif (!inode) {\n\t\tret = -EIO;\n\t\tgoto out;\n\t}\n\nthen \"name.name\" would be freed on \"out\" before being initialized.\n\nout:\n\t...\n\tkfree(name.name);\n\nThis issue was reported by Coverity with CID 1526744.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50088",
"url": "https://www.suse.com/security/cve/CVE-2024-50088"
},
{
"category": "external",
"summary": "SUSE Bug 1232498 for CVE-2024-50088",
"url": "https://bugzilla.suse.com/1232498"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50088"
},
{
"cve": "CVE-2024-50089",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50089"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50089",
"url": "https://www.suse.com/security/cve/CVE-2024-50089"
},
{
"category": "external",
"summary": "SUSE Bug 1232860 for CVE-2024-50089",
"url": "https://bugzilla.suse.com/1232860"
},
{
"category": "external",
"summary": "SUSE Bug 1233250 for CVE-2024-50089",
"url": "https://bugzilla.suse.com/1233250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-50089"
},
{
"cve": "CVE-2024-50093",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50093"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: intel: int340x: processor: Fix warning during module unload\n\nThe processor_thermal driver uses pcim_device_enable() to enable a PCI\ndevice, which means the device will be automatically disabled on driver\ndetach. Thus there is no need to call pci_disable_device() again on it.\n\nWith recent PCI device resource management improvements, e.g. commit\nf748a07a0b64 (\"PCI: Remove legacy pcim_release()\"), this problem is\nexposed and triggers the warining below.\n\n [ 224.010735] proc_thermal_pci 0000:00:04.0: disabling already-disabled device\n [ 224.010747] WARNING: CPU: 8 PID: 4442 at drivers/pci/pci.c:2250 pci_disable_device+0xe5/0x100\n ...\n [ 224.010844] Call Trace:\n [ 224.010845] \u003cTASK\u003e\n [ 224.010847] ? show_regs+0x6d/0x80\n [ 224.010851] ? __warn+0x8c/0x140\n [ 224.010854] ? pci_disable_device+0xe5/0x100\n [ 224.010856] ? report_bug+0x1c9/0x1e0\n [ 224.010859] ? handle_bug+0x46/0x80\n [ 224.010862] ? exc_invalid_op+0x1d/0x80\n [ 224.010863] ? asm_exc_invalid_op+0x1f/0x30\n [ 224.010867] ? pci_disable_device+0xe5/0x100\n [ 224.010869] ? pci_disable_device+0xe5/0x100\n [ 224.010871] ? kfree+0x21a/0x2b0\n [ 224.010873] pcim_disable_device+0x20/0x30\n [ 224.010875] devm_action_release+0x16/0x20\n [ 224.010878] release_nodes+0x47/0xc0\n [ 224.010880] devres_release_all+0x9f/0xe0\n [ 224.010883] device_unbind_cleanup+0x12/0x80\n [ 224.010885] device_release_driver_internal+0x1ca/0x210\n [ 224.010887] driver_detach+0x4e/0xa0\n [ 224.010889] bus_remove_driver+0x6f/0xf0\n [ 224.010890] driver_unregister+0x35/0x60\n [ 224.010892] pci_unregister_driver+0x44/0x90\n [ 224.010894] proc_thermal_pci_driver_exit+0x14/0x5f0 [processor_thermal_device_pci]\n ...\n [ 224.010921] ---[ end trace 0000000000000000 ]---\n\nRemove the excess pci_disable_device() calls.\n\n[ rjw: Subject and changelog edits ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50093",
"url": "https://www.suse.com/security/cve/CVE-2024-50093"
},
{
"category": "external",
"summary": "SUSE Bug 1232877 for CVE-2024-50093",
"url": "https://bugzilla.suse.com/1232877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50093"
},
{
"cve": "CVE-2024-50095",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50095"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mad: Improve handling of timed out WRs of mad agent\n\nCurrent timeout handler of mad agent acquires/releases mad_agent_priv\nlock for every timed out WRs. This causes heavy locking contention\nwhen higher no. of WRs are to be handled inside timeout handler.\n\nThis leads to softlockup with below trace in some use cases where\nrdma-cm path is used to establish connection between peer nodes\n\nTrace:\n-----\n BUG: soft lockup - CPU#4 stuck for 26s! [kworker/u128:3:19767]\n CPU: 4 PID: 19767 Comm: kworker/u128:3 Kdump: loaded Tainted: G OE\n ------- --- 5.14.0-427.13.1.el9_4.x86_64 #1\n Hardware name: Dell Inc. PowerEdge R740/01YM03, BIOS 2.4.8 11/26/2019\n Workqueue: ib_mad1 timeout_sends [ib_core]\n RIP: 0010:__do_softirq+0x78/0x2ac\n RSP: 0018:ffffb253449e4f98 EFLAGS: 00000246\n RAX: 00000000ffffffff RBX: 0000000000000000 RCX: 000000000000001f\n RDX: 000000000000001d RSI: 000000003d1879ab RDI: fff363b66fd3a86b\n RBP: ffffb253604cbcd8 R08: 0000009065635f3b R09: 0000000000000000\n R10: 0000000000000040 R11: ffffb253449e4ff8 R12: 0000000000000000\n R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000040\n FS: 0000000000000000(0000) GS:ffff8caa1fc80000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fd9ec9db900 CR3: 0000000891934006 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cIRQ\u003e\n ? show_trace_log_lvl+0x1c4/0x2df\n ? show_trace_log_lvl+0x1c4/0x2df\n ? __irq_exit_rcu+0xa1/0xc0\n ? watchdog_timer_fn+0x1b2/0x210\n ? __pfx_watchdog_timer_fn+0x10/0x10\n ? __hrtimer_run_queues+0x127/0x2c0\n ? hrtimer_interrupt+0xfc/0x210\n ? __sysvec_apic_timer_interrupt+0x5c/0x110\n ? sysvec_apic_timer_interrupt+0x37/0x90\n ? asm_sysvec_apic_timer_interrupt+0x16/0x20\n ? __do_softirq+0x78/0x2ac\n ? __do_softirq+0x60/0x2ac\n __irq_exit_rcu+0xa1/0xc0\n sysvec_call_function_single+0x72/0x90\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_sysvec_call_function_single+0x16/0x20\n RIP: 0010:_raw_spin_unlock_irq+0x14/0x30\n RSP: 0018:ffffb253604cbd88 EFLAGS: 00000247\n RAX: 000000000001960d RBX: 0000000000000002 RCX: ffff8cad2a064800\n RDX: 000000008020001b RSI: 0000000000000001 RDI: ffff8cad5d39f66c\n RBP: ffff8cad5d39f600 R08: 0000000000000001 R09: 0000000000000000\n R10: ffff8caa443e0c00 R11: ffffb253604cbcd8 R12: ffff8cacb8682538\n R13: 0000000000000005 R14: ffffb253604cbd90 R15: ffff8cad5d39f66c\n cm_process_send_error+0x122/0x1d0 [ib_cm]\n timeout_sends+0x1dd/0x270 [ib_core]\n process_one_work+0x1e2/0x3b0\n ? __pfx_worker_thread+0x10/0x10\n worker_thread+0x50/0x3a0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xdd/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x29/0x50\n \u003c/TASK\u003e\n\nSimplified timeout handler by creating local list of timed out WRs\nand invoke send handler post creating the list. The new method acquires/\nreleases lock once to fetch the list and hence helps to reduce locking\ncontetiong when processing higher no. of WRs",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50095",
"url": "https://www.suse.com/security/cve/CVE-2024-50095"
},
{
"category": "external",
"summary": "SUSE Bug 1232873 for CVE-2024-50095",
"url": "https://bugzilla.suse.com/1232873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50095"
},
{
"cve": "CVE-2024-50096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50096"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error\n\nThe `nouveau_dmem_copy_one` function ensures that the copy push command is\nsent to the device firmware but does not track whether it was executed\nsuccessfully.\n\nIn the case of a copy error (e.g., firmware or hardware failure), the\ncopy push command will be sent via the firmware channel, and\n`nouveau_dmem_copy_one` will likely report success, leading to the\n`migrate_to_ram` function returning a dirty HIGH_USER page to the user.\n\nThis can result in a security vulnerability, as a HIGH_USER page that may\ncontain sensitive or corrupted data could be returned to the user.\n\nTo prevent this vulnerability, we allocate a zero page. Thus, in case of\nan error, a non-dirty (zero) page will be returned to the user.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50096",
"url": "https://www.suse.com/security/cve/CVE-2024-50096"
},
{
"category": "external",
"summary": "SUSE Bug 1232870 for CVE-2024-50096",
"url": "https://bugzilla.suse.com/1232870"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50096"
},
{
"cve": "CVE-2024-50098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50098"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down\n\nThere is a history of deadlock if reboot is performed at the beginning\nof booting. SDEV_QUIESCE was set for all LU\u0027s scsi_devices by UFS\nshutdown, and at that time the audio driver was waiting on\nblk_mq_submit_bio() holding a mutex_lock while reading the fw binary.\nAfter that, a deadlock issue occurred while audio driver shutdown was\nwaiting for mutex_unlock of blk_mq_submit_bio(). To solve this, set\nSDEV_OFFLINE for all LUs except WLUN, so that any I/O that comes down\nafter a UFS shutdown will return an error.\n\n[ 31.907781]I[0: swapper/0: 0] 1 130705007 1651079834 11289729804 0 D( 2) 3 ffffff882e208000 * init [device_shutdown]\n[ 31.907793]I[0: swapper/0: 0] Mutex: 0xffffff8849a2b8b0: owner[0xffffff882e28cb00 kworker/6:0 :49]\n[ 31.907806]I[0: swapper/0: 0] Call trace:\n[ 31.907810]I[0: swapper/0: 0] __switch_to+0x174/0x338\n[ 31.907819]I[0: swapper/0: 0] __schedule+0x5ec/0x9cc\n[ 31.907826]I[0: swapper/0: 0] schedule+0x7c/0xe8\n[ 31.907834]I[0: swapper/0: 0] schedule_preempt_disabled+0x24/0x40\n[ 31.907842]I[0: swapper/0: 0] __mutex_lock+0x408/0xdac\n[ 31.907849]I[0: swapper/0: 0] __mutex_lock_slowpath+0x14/0x24\n[ 31.907858]I[0: swapper/0: 0] mutex_lock+0x40/0xec\n[ 31.907866]I[0: swapper/0: 0] device_shutdown+0x108/0x280\n[ 31.907875]I[0: swapper/0: 0] kernel_restart+0x4c/0x11c\n[ 31.907883]I[0: swapper/0: 0] __arm64_sys_reboot+0x15c/0x280\n[ 31.907890]I[0: swapper/0: 0] invoke_syscall+0x70/0x158\n[ 31.907899]I[0: swapper/0: 0] el0_svc_common+0xb4/0xf4\n[ 31.907909]I[0: swapper/0: 0] do_el0_svc+0x2c/0xb0\n[ 31.907918]I[0: swapper/0: 0] el0_svc+0x34/0xe0\n[ 31.907928]I[0: swapper/0: 0] el0t_64_sync_handler+0x68/0xb4\n[ 31.907937]I[0: swapper/0: 0] el0t_64_sync+0x1a0/0x1a4\n\n[ 31.908774]I[0: swapper/0: 0] 49 0 11960702 11236868007 0 D( 2) 6 ffffff882e28cb00 * kworker/6:0 [__bio_queue_enter]\n[ 31.908783]I[0: swapper/0: 0] Call trace:\n[ 31.908788]I[0: swapper/0: 0] __switch_to+0x174/0x338\n[ 31.908796]I[0: swapper/0: 0] __schedule+0x5ec/0x9cc\n[ 31.908803]I[0: swapper/0: 0] schedule+0x7c/0xe8\n[ 31.908811]I[0: swapper/0: 0] __bio_queue_enter+0xb8/0x178\n[ 31.908818]I[0: swapper/0: 0] blk_mq_submit_bio+0x194/0x67c\n[ 31.908827]I[0: swapper/0: 0] __submit_bio+0xb8/0x19c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50098",
"url": "https://www.suse.com/security/cve/CVE-2024-50098"
},
{
"category": "external",
"summary": "SUSE Bug 1232881 for CVE-2024-50098",
"url": "https://bugzilla.suse.com/1232881"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50098"
},
{
"cve": "CVE-2024-50099",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50099"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: probes: Remove broken LDR (literal) uprobe support\n\nThe simulate_ldr_literal() and simulate_ldrsw_literal() functions are\nunsafe to use for uprobes. Both functions were originally written for\nuse with kprobes, and access memory with plain C accesses. When uprobes\nwas added, these were reused unmodified even though they cannot safely\naccess user memory.\n\nThere are three key problems:\n\n1) The plain C accesses do not have corresponding extable entries, and\n thus if they encounter a fault the kernel will treat these as\n unintentional accesses to user memory, resulting in a BUG() which\n will kill the kernel thread, and likely lead to further issues (e.g.\n lockup or panic()).\n\n2) The plain C accesses are subject to HW PAN and SW PAN, and so when\n either is in use, any attempt to simulate an access to user memory\n will fault. Thus neither simulate_ldr_literal() nor\n simulate_ldrsw_literal() can do anything useful when simulating a\n user instruction on any system with HW PAN or SW PAN.\n\n3) The plain C accesses are privileged, as they run in kernel context,\n and in practice can access a small range of kernel virtual addresses.\n The instructions they simulate have a range of +/-1MiB, and since the\n simulated instructions must itself be a user instructions in the\n TTBR0 address range, these can address the final 1MiB of the TTBR1\n acddress range by wrapping downwards from an address in the first\n 1MiB of the TTBR0 address range.\n\n In contemporary kernels the last 8MiB of TTBR1 address range is\n reserved, and accesses to this will always fault, meaning this is no\n worse than (1).\n\n Historically, it was theoretically possible for the linear map or\n vmemmap to spill into the final 8MiB of the TTBR1 address range, but\n in practice this is extremely unlikely to occur as this would\n require either:\n\n * Having enough physical memory to fill the entire linear map all the\n way to the final 1MiB of the TTBR1 address range.\n\n * Getting unlucky with KASLR randomization of the linear map such\n that the populated region happens to overlap with the last 1MiB of\n the TTBR address range.\n\n ... and in either case if we were to spill into the final page there\n would be larger problems as the final page would alias with error\n pointers.\n\nPractically speaking, (1) and (2) are the big issues. Given there have\nbeen no reports of problems since the broken code was introduced, it\nappears that no-one is relying on probing these instructions with\nuprobes.\n\nAvoid these issues by not allowing uprobes on LDR (literal) and LDRSW\n(literal), limiting the use of simulate_ldr_literal() and\nsimulate_ldrsw_literal() to kprobes. Attempts to place uprobes on LDR\n(literal) and LDRSW (literal) will be rejected as\narm_probe_decode_insn() will return INSN_REJECTED. In future we can\nconsider introducing working uprobes support for these instructions, but\nthis will require more significant work.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50099",
"url": "https://www.suse.com/security/cve/CVE-2024-50099"
},
{
"category": "external",
"summary": "SUSE Bug 1232887 for CVE-2024-50099",
"url": "https://bugzilla.suse.com/1232887"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50099"
},
{
"cve": "CVE-2024-50100",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50100"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: dummy-hcd: Fix \"task hung\" problem\n\nThe syzbot fuzzer has been encountering \"task hung\" problems ever\nsince the dummy-hcd driver was changed to use hrtimers instead of\nregular timers. It turns out that the problems are caused by a subtle\ndifference between the timer_pending() and hrtimer_active() APIs.\n\nThe changeover blindly replaced the first by the second. However,\ntimer_pending() returns True when the timer is queued but not when its\ncallback is running, whereas hrtimer_active() returns True when the\nhrtimer is queued _or_ its callback is running. This difference\noccasionally caused dummy_urb_enqueue() to think that the callback\nroutine had not yet started when in fact it was almost finished. As a\nresult the hrtimer was not restarted, which made it impossible for the\ndriver to dequeue later the URB that was just enqueued. This caused\nusb_kill_urb() to hang, and things got worse from there.\n\nSince hrtimers have no API for telling when they are queued and the\ncallback isn\u0027t running, the driver must keep track of this for itself.\nThat\u0027s what this patch does, adding a new \"timer_pending\" flag and\nsetting or clearing it at the appropriate times.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50100",
"url": "https://www.suse.com/security/cve/CVE-2024-50100"
},
{
"category": "external",
"summary": "SUSE Bug 1232876 for CVE-2024-50100",
"url": "https://bugzilla.suse.com/1232876"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50100"
},
{
"cve": "CVE-2024-50101",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50101"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices\n\nPreviously, the domain_context_clear() function incorrectly called\npci_for_each_dma_alias() to set up context entries for non-PCI devices.\nThis could lead to kernel hangs or other unexpected behavior.\n\nAdd a check to only call pci_for_each_dma_alias() for PCI devices. For\nnon-PCI devices, domain_context_clear_one() is called directly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50101",
"url": "https://www.suse.com/security/cve/CVE-2024-50101"
},
{
"category": "external",
"summary": "SUSE Bug 1232869 for CVE-2024-50101",
"url": "https://bugzilla.suse.com/1232869"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50101"
},
{
"cve": "CVE-2024-50102",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50102"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86: fix user address masking non-canonical speculation issue\n\nIt turns out that AMD has a \"Meltdown Lite(tm)\" issue with non-canonical\naccesses in kernel space. And so using just the high bit to decide\nwhether an access is in user space or kernel space ends up with the good\nold \"leak speculative data\" if you have the right gadget using the\nresult:\n\n CVE-2020-12965 \"Transient Execution of Non-Canonical Accesses\"\n\nNow, the kernel surrounds the access with a STAC/CLAC pair, and those\ninstructions end up serializing execution on older Zen architectures,\nwhich closes the speculation window.\n\nBut that was true only up until Zen 5, which renames the AC bit [1].\nThat improves performance of STAC/CLAC a lot, but also means that the\nspeculation window is now open.\n\nNote that this affects not just the new address masking, but also the\nregular valid_user_address() check used by access_ok(), and the asm\nversion of the sign bit check in the get_user() helpers.\n\nIt does not affect put_user() or clear_user() variants, since there\u0027s no\nspeculative result to be used in a gadget for those operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50102",
"url": "https://www.suse.com/security/cve/CVE-2024-50102"
},
{
"category": "external",
"summary": "SUSE Bug 1232880 for CVE-2024-50102",
"url": "https://bugzilla.suse.com/1232880"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50102"
},
{
"cve": "CVE-2024-50103",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50103"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe()\n\nA devm_kzalloc() in asoc_qcom_lpass_cpu_platform_probe() could\npossibly return NULL pointer. NULL Pointer Dereference may be\ntriggerred without addtional check.\nAdd a NULL check for the returned pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50103",
"url": "https://www.suse.com/security/cve/CVE-2024-50103"
},
{
"category": "external",
"summary": "SUSE Bug 1232878 for CVE-2024-50103",
"url": "https://bugzilla.suse.com/1232878"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50103"
},
{
"cve": "CVE-2024-50108",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50108"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Disable PSR-SU on Parade 08-01 TCON too\n\nStuart Hayhurst has found that both at bootup and fullscreen VA-API video\nis leading to black screens for around 1 second and kernel WARNING [1] traces\nwhen calling dmub_psr_enable() with Parade 08-01 TCON.\n\nThese symptoms all go away with PSR-SU disabled for this TCON, so disable\nit for now while DMUB traces [2] from the failure can be analyzed and the failure\nstate properly root caused.\n\n(cherry picked from commit afb634a6823d8d9db23c5fb04f79c5549349628b)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50108",
"url": "https://www.suse.com/security/cve/CVE-2024-50108"
},
{
"category": "external",
"summary": "SUSE Bug 1232884 for CVE-2024-50108",
"url": "https://bugzilla.suse.com/1232884"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50108"
},
{
"cve": "CVE-2024-50110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50110"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: fix one more kernel-infoleak in algo dumping\n\nDuring fuzz testing, the following issue was discovered:\n\nBUG: KMSAN: kernel-infoleak in _copy_to_iter+0x598/0x2a30\n _copy_to_iter+0x598/0x2a30\n __skb_datagram_iter+0x168/0x1060\n skb_copy_datagram_iter+0x5b/0x220\n netlink_recvmsg+0x362/0x1700\n sock_recvmsg+0x2dc/0x390\n __sys_recvfrom+0x381/0x6d0\n __x64_sys_recvfrom+0x130/0x200\n x64_sys_call+0x32c8/0x3cc0\n do_syscall_64+0xd8/0x1c0\n entry_SYSCALL_64_after_hwframe+0x79/0x81\n\nUninit was stored to memory at:\n copy_to_user_state_extra+0xcc1/0x1e00\n dump_one_state+0x28c/0x5f0\n xfrm_state_walk+0x548/0x11e0\n xfrm_dump_sa+0x1e0/0x840\n netlink_dump+0x943/0x1c40\n __netlink_dump_start+0x746/0xdb0\n xfrm_user_rcv_msg+0x429/0xc00\n netlink_rcv_skb+0x613/0x780\n xfrm_netlink_rcv+0x77/0xc0\n netlink_unicast+0xe90/0x1280\n netlink_sendmsg+0x126d/0x1490\n __sock_sendmsg+0x332/0x3d0\n ____sys_sendmsg+0x863/0xc30\n ___sys_sendmsg+0x285/0x3e0\n __x64_sys_sendmsg+0x2d6/0x560\n x64_sys_call+0x1316/0x3cc0\n do_syscall_64+0xd8/0x1c0\n entry_SYSCALL_64_after_hwframe+0x79/0x81\n\nUninit was created at:\n __kmalloc+0x571/0xd30\n attach_auth+0x106/0x3e0\n xfrm_add_sa+0x2aa0/0x4230\n xfrm_user_rcv_msg+0x832/0xc00\n netlink_rcv_skb+0x613/0x780\n xfrm_netlink_rcv+0x77/0xc0\n netlink_unicast+0xe90/0x1280\n netlink_sendmsg+0x126d/0x1490\n __sock_sendmsg+0x332/0x3d0\n ____sys_sendmsg+0x863/0xc30\n ___sys_sendmsg+0x285/0x3e0\n __x64_sys_sendmsg+0x2d6/0x560\n x64_sys_call+0x1316/0x3cc0\n do_syscall_64+0xd8/0x1c0\n entry_SYSCALL_64_after_hwframe+0x79/0x81\n\nBytes 328-379 of 732 are uninitialized\nMemory access of size 732 starts at ffff88800e18e000\nData copied to user address 00007ff30f48aff0\n\nCPU: 2 PID: 18167 Comm: syz-executor.0 Not tainted 6.8.11 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n\nFixes copying of xfrm algorithms where some random\ndata of the structure fields can end up in userspace.\nPadding in structures may be filled with random (possibly sensitve)\ndata and should never be given directly to user-space.\n\nA similar issue was resolved in the commit\n8222d5910dae (\"xfrm: Zero padding when dumping algos and encap\")\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50110",
"url": "https://www.suse.com/security/cve/CVE-2024-50110"
},
{
"category": "external",
"summary": "SUSE Bug 1232885 for CVE-2024-50110",
"url": "https://bugzilla.suse.com/1232885"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50110"
},
{
"cve": "CVE-2024-50115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50115"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory\n\nIgnore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits\n4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn\u0027t\nenforce 32-byte alignment of nCR3.\n\nIn the absolute worst case scenario, failure to ignore bits 4:0 can result\nin an out-of-bounds read, e.g. if the target page is at the end of a\nmemslot, and the VMM isn\u0027t using guard pages.\n\nPer the APM:\n\n The CR3 register points to the base address of the page-directory-pointer\n table. The page-directory-pointer table is aligned on a 32-byte boundary,\n with the low 5 address bits 4:0 assumed to be 0.\n\nAnd the SDM\u0027s much more explicit:\n\n 4:0 Ignored\n\nNote, KVM gets this right when loading PDPTRs, it\u0027s only the nSVM flow\nthat is broken.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50115",
"url": "https://www.suse.com/security/cve/CVE-2024-50115"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232919 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "external",
"summary": "SUSE Bug 1233019 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1233019"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-50115"
},
{
"cve": "CVE-2024-50116",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50116"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix kernel bug due to missing clearing of buffer delay flag\n\nSyzbot reported that after nilfs2 reads a corrupted file system image\nand degrades to read-only, the BUG_ON check for the buffer delay flag\nin submit_bh_wbc() may fail, causing a kernel bug.\n\nThis is because the buffer delay flag is not cleared when clearing the\nbuffer state flags to discard a page/folio or a buffer head. So, fix\nthis.\n\nThis became necessary when the use of nilfs2\u0027s own page clear routine\nwas expanded. This state inconsistency does not occur if the buffer\nis written normally by log writing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50116",
"url": "https://www.suse.com/security/cve/CVE-2024-50116"
},
{
"category": "external",
"summary": "SUSE Bug 1232892 for CVE-2024-50116",
"url": "https://bugzilla.suse.com/1232892"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50116"
},
{
"cve": "CVE-2024-50117",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50117"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd: Guard against bad data for ATIF ACPI method\n\nIf a BIOS provides bad data in response to an ATIF method call\nthis causes a NULL pointer dereference in the caller.\n\n```\n? show_regs (arch/x86/kernel/dumpstack.c:478 (discriminator 1))\n? __die (arch/x86/kernel/dumpstack.c:423 arch/x86/kernel/dumpstack.c:434)\n? page_fault_oops (arch/x86/mm/fault.c:544 (discriminator 2) arch/x86/mm/fault.c:705 (discriminator 2))\n? do_user_addr_fault (arch/x86/mm/fault.c:440 (discriminator 1) arch/x86/mm/fault.c:1232 (discriminator 1))\n? acpi_ut_update_object_reference (drivers/acpi/acpica/utdelete.c:642)\n? exc_page_fault (arch/x86/mm/fault.c:1542)\n? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:623)\n? amdgpu_atif_query_backlight_caps.constprop.0 (drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c:387 (discriminator 2)) amdgpu\n? amdgpu_atif_query_backlight_caps.constprop.0 (drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c:386 (discriminator 1)) amdgpu\n```\n\nIt has been encountered on at least one system, so guard for it.\n\n(cherry picked from commit c9b7c809b89f24e9372a4e7f02d64c950b07fdee)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50117",
"url": "https://www.suse.com/security/cve/CVE-2024-50117"
},
{
"category": "external",
"summary": "SUSE Bug 1232897 for CVE-2024-50117",
"url": "https://bugzilla.suse.com/1232897"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50117"
},
{
"cve": "CVE-2024-50121",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50121"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net\n\nIn the normal case, when we excute `echo 0 \u003e /proc/fs/nfsd/threads`, the\nfunction `nfs4_state_destroy_net` in `nfs4_state_shutdown_net` will\nrelease all resources related to the hashed `nfs4_client`. If the\n`nfsd_client_shrinker` is running concurrently, the `expire_client`\nfunction will first unhash this client and then destroy it. This can\nlead to the following warning. Additionally, numerous use-after-free\nerrors may occur as well.\n\nnfsd_client_shrinker echo 0 \u003e /proc/fs/nfsd/threads\n\nexpire_client nfsd_shutdown_net\n unhash_client ...\n nfs4_state_shutdown_net\n /* won\u0027t wait shrinker exit */\n /* cancel_work(\u0026nn-\u003enfsd_shrinker_work)\n * nfsd_file for this /* won\u0027t destroy unhashed client1 */\n * client1 still alive nfs4_state_destroy_net\n */\n\n nfsd_file_cache_shutdown\n /* trigger warning */\n kmem_cache_destroy(nfsd_file_slab)\n kmem_cache_destroy(nfsd_file_mark_slab)\n /* release nfsd_file and mark */\n __destroy_client\n\n====================================================================\nBUG nfsd_file (Not tainted): Objects remaining in nfsd_file on\n__kmem_cache_shutdown()\n--------------------------------------------------------------------\nCPU: 4 UID: 0 PID: 764 Comm: sh Not tainted 6.12.0-rc3+ #1\n\n dump_stack_lvl+0x53/0x70\n slab_err+0xb0/0xf0\n __kmem_cache_shutdown+0x15c/0x310\n kmem_cache_destroy+0x66/0x160\n nfsd_file_cache_shutdown+0xac/0x210 [nfsd]\n nfsd_destroy_serv+0x251/0x2a0 [nfsd]\n nfsd_svc+0x125/0x1e0 [nfsd]\n write_threads+0x16a/0x2a0 [nfsd]\n nfsctl_transaction_write+0x74/0xa0 [nfsd]\n vfs_write+0x1a5/0x6d0\n ksys_write+0xc1/0x160\n do_syscall_64+0x5f/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n====================================================================\nBUG nfsd_file_mark (Tainted: G B W ): Objects remaining\nnfsd_file_mark on __kmem_cache_shutdown()\n--------------------------------------------------------------------\n\n dump_stack_lvl+0x53/0x70\n slab_err+0xb0/0xf0\n __kmem_cache_shutdown+0x15c/0x310\n kmem_cache_destroy+0x66/0x160\n nfsd_file_cache_shutdown+0xc8/0x210 [nfsd]\n nfsd_destroy_serv+0x251/0x2a0 [nfsd]\n nfsd_svc+0x125/0x1e0 [nfsd]\n write_threads+0x16a/0x2a0 [nfsd]\n nfsctl_transaction_write+0x74/0xa0 [nfsd]\n vfs_write+0x1a5/0x6d0\n ksys_write+0xc1/0x160\n do_syscall_64+0x5f/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nTo resolve this issue, cancel `nfsd_shrinker_work` using synchronous\nmode in nfs4_state_shutdown_net.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50121",
"url": "https://www.suse.com/security/cve/CVE-2024-50121"
},
{
"category": "external",
"summary": "SUSE Bug 1232925 for CVE-2024-50121",
"url": "https://bugzilla.suse.com/1232925"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50121"
},
{
"cve": "CVE-2024-50124",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50124"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: ISO: Fix UAF on iso_sock_timeout\n\nconn-\u003esk maybe have been unlinked/freed while waiting for iso_conn_lock\nso this checks if the conn-\u003esk is still valid by checking if it part of\niso_sk_list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50124",
"url": "https://www.suse.com/security/cve/CVE-2024-50124"
},
{
"category": "external",
"summary": "SUSE Bug 1232926 for CVE-2024-50124",
"url": "https://bugzilla.suse.com/1232926"
},
{
"category": "external",
"summary": "SUSE Bug 1232927 for CVE-2024-50124",
"url": "https://bugzilla.suse.com/1232927"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-50124"
},
{
"cve": "CVE-2024-50125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50125"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: SCO: Fix UAF on sco_sock_timeout\n\nconn-\u003esk maybe have been unlinked/freed while waiting for sco_conn_lock\nso this checks if the conn-\u003esk is still valid by checking if it part of\nsco_sk_list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50125",
"url": "https://www.suse.com/security/cve/CVE-2024-50125"
},
{
"category": "external",
"summary": "SUSE Bug 1232928 for CVE-2024-50125",
"url": "https://bugzilla.suse.com/1232928"
},
{
"category": "external",
"summary": "SUSE Bug 1232929 for CVE-2024-50125",
"url": "https://bugzilla.suse.com/1232929"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-50125"
},
{
"cve": "CVE-2024-50127",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50127"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix use-after-free in taprio_change()\n\nIn \u0027taprio_change()\u0027, \u0027admin\u0027 pointer may become dangling due to sched\nswitch / removal caused by \u0027advance_sched()\u0027, and critical section\nprotected by \u0027q-\u003ecurrent_entry_lock\u0027 is too small to prevent from such\na scenario (which causes use-after-free detected by KASAN). Fix this\nby prefer \u0027rcu_replace_pointer()\u0027 over \u0027rcu_assign_pointer()\u0027 to update\n\u0027admin\u0027 immediately before an attempt to schedule freeing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50127",
"url": "https://www.suse.com/security/cve/CVE-2024-50127"
},
{
"category": "external",
"summary": "SUSE Bug 1232907 for CVE-2024-50127",
"url": "https://bugzilla.suse.com/1232907"
},
{
"category": "external",
"summary": "SUSE Bug 1232908 for CVE-2024-50127",
"url": "https://bugzilla.suse.com/1232908"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-50127"
},
{
"cve": "CVE-2024-50128",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50128"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: wwan: fix global oob in wwan_rtnl_policy\n\nThe variable wwan_rtnl_link_ops assign a *bigger* maxtype which leads to\na global out-of-bounds read when parsing the netlink attributes. Exactly\nsame bug cause as the oob fixed in commit b33fb5b801c6 (\"net: qualcomm:\nrmnet: fix global oob in rmnet_policy\").\n\n==================================================================\nBUG: KASAN: global-out-of-bounds in validate_nla lib/nlattr.c:388 [inline]\nBUG: KASAN: global-out-of-bounds in __nla_validate_parse+0x19d7/0x29a0 lib/nlattr.c:603\nRead of size 1 at addr ffffffff8b09cb60 by task syz.1.66276/323862\n\nCPU: 0 PID: 323862 Comm: syz.1.66276 Not tainted 6.1.70 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x177/0x231 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:284 [inline]\n print_report+0x14f/0x750 mm/kasan/report.c:395\n kasan_report+0x139/0x170 mm/kasan/report.c:495\n validate_nla lib/nlattr.c:388 [inline]\n __nla_validate_parse+0x19d7/0x29a0 lib/nlattr.c:603\n __nla_parse+0x3c/0x50 lib/nlattr.c:700\n nla_parse_nested_deprecated include/net/netlink.h:1269 [inline]\n __rtnl_newlink net/core/rtnetlink.c:3514 [inline]\n rtnl_newlink+0x7bc/0x1fd0 net/core/rtnetlink.c:3623\n rtnetlink_rcv_msg+0x794/0xef0 net/core/rtnetlink.c:6122\n netlink_rcv_skb+0x1de/0x420 net/netlink/af_netlink.c:2508\n netlink_unicast_kernel net/netlink/af_netlink.c:1326 [inline]\n netlink_unicast+0x74b/0x8c0 net/netlink/af_netlink.c:1352\n netlink_sendmsg+0x882/0xb90 net/netlink/af_netlink.c:1874\n sock_sendmsg_nosec net/socket.c:716 [inline]\n __sock_sendmsg net/socket.c:728 [inline]\n ____sys_sendmsg+0x5cc/0x8f0 net/socket.c:2499\n ___sys_sendmsg+0x21c/0x290 net/socket.c:2553\n __sys_sendmsg net/socket.c:2582 [inline]\n __do_sys_sendmsg net/socket.c:2591 [inline]\n __se_sys_sendmsg+0x19e/0x270 net/socket.c:2589\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x45/0x90 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7f67b19a24ad\nRSP: 002b:00007f67b17febb8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f67b1b45f80 RCX: 00007f67b19a24ad\nRDX: 0000000000000000 RSI: 0000000020005e40 RDI: 0000000000000004\nRBP: 00007f67b1a1e01d R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007ffd2513764f R14: 00007ffd251376e0 R15: 00007f67b17fed40\n \u003c/TASK\u003e\n\nThe buggy address belongs to the variable:\n wwan_rtnl_policy+0x20/0x40\n\nThe buggy address belongs to the physical page:\npage:ffffea00002c2700 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xb09c\nflags: 0xfff00000001000(reserved|node=0|zone=1|lastcpupid=0x7ff)\nraw: 00fff00000001000 ffffea00002c2708 ffffea00002c2708 0000000000000000\nraw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner info is not present (never set?)\n\nMemory state around the buggy address:\n ffffffff8b09ca00: 05 f9 f9 f9 05 f9 f9 f9 00 01 f9 f9 00 01 f9 f9\n ffffffff8b09ca80: 00 00 00 05 f9 f9 f9 f9 00 00 03 f9 f9 f9 f9 f9\n\u003effffffff8b09cb00: 00 00 00 00 05 f9 f9 f9 00 00 00 00 f9 f9 f9 f9\n ^\n ffffffff8b09cb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n==================================================================\n\nAccording to the comment of `nla_parse_nested_deprecated`, use correct size\n`IFLA_WWAN_MAX` here to fix this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50128",
"url": "https://www.suse.com/security/cve/CVE-2024-50128"
},
{
"category": "external",
"summary": "SUSE Bug 1232905 for CVE-2024-50128",
"url": "https://bugzilla.suse.com/1232905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50128"
},
{
"cve": "CVE-2024-50130",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50130"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: bpf: must hold reference on net namespace\n\nBUG: KASAN: slab-use-after-free in __nf_unregister_net_hook+0x640/0x6b0\nRead of size 8 at addr ffff8880106fe400 by task repro/72=\nbpf_nf_link_release+0xda/0x1e0\nbpf_link_free+0x139/0x2d0\nbpf_link_release+0x68/0x80\n__fput+0x414/0xb60\n\nEric says:\n It seems that bpf was able to defer the __nf_unregister_net_hook()\n after exit()/close() time.\n Perhaps a netns reference is missing, because the netns has been\n dismantled/freed already.\n bpf_nf_link_attach() does :\n link-\u003enet = net;\n But I do not see a reference being taken on net.\n\nAdd such a reference and release it after hook unreg.\nNote that I was unable to get syzbot reproducer to work, so I\ndo not know if this resolves this splat.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50130",
"url": "https://www.suse.com/security/cve/CVE-2024-50130"
},
{
"category": "external",
"summary": "SUSE Bug 1232894 for CVE-2024-50130",
"url": "https://bugzilla.suse.com/1232894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50130"
},
{
"cve": "CVE-2024-50131",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50131"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Consider the NULL character when validating the event length\n\nstrlen() returns a string length excluding the null byte. If the string\nlength equals to the maximum buffer length, the buffer will have no\nspace for the NULL terminating character.\n\nThis commit checks this condition and returns failure for it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50131",
"url": "https://www.suse.com/security/cve/CVE-2024-50131"
},
{
"category": "external",
"summary": "SUSE Bug 1232896 for CVE-2024-50131",
"url": "https://bugzilla.suse.com/1232896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50131"
},
{
"cve": "CVE-2024-50134",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50134"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA\n\nReplace the fake VLA at end of the vbva_mouse_pointer_shape shape with\na real VLA to fix a \"memcpy: detected field-spanning write error\" warning:\n\n[ 13.319813] memcpy: detected field-spanning write (size 16896) of single field \"p-\u003edata\" at drivers/gpu/drm/vboxvideo/hgsmi_base.c:154 (size 4)\n[ 13.319841] WARNING: CPU: 0 PID: 1105 at drivers/gpu/drm/vboxvideo/hgsmi_base.c:154 hgsmi_update_pointer_shape+0x192/0x1c0 [vboxvideo]\n[ 13.320038] Call Trace:\n[ 13.320173] hgsmi_update_pointer_shape [vboxvideo]\n[ 13.320184] vbox_cursor_atomic_update [vboxvideo]\n\nNote as mentioned in the added comment it seems the original length\ncalculation for the allocated and send hgsmi buffer is 4 bytes too large.\nChanging this is not the goal of this patch, so this behavior is kept.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50134",
"url": "https://www.suse.com/security/cve/CVE-2024-50134"
},
{
"category": "external",
"summary": "SUSE Bug 1232890 for CVE-2024-50134",
"url": "https://bugzilla.suse.com/1232890"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50134"
},
{
"cve": "CVE-2024-50135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50135"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: fix race condition between reset and nvme_dev_disable()\n\nnvme_dev_disable() modifies the dev-\u003eonline_queues field, therefore\nnvme_pci_update_nr_queues() should avoid racing against it, otherwise\nwe could end up passing invalid values to blk_mq_update_nr_hw_queues().\n\n WARNING: CPU: 39 PID: 61303 at drivers/pci/msi/api.c:347\n pci_irq_get_affinity+0x187/0x210\n Workqueue: nvme-reset-wq nvme_reset_work [nvme]\n RIP: 0010:pci_irq_get_affinity+0x187/0x210\n Call Trace:\n \u003cTASK\u003e\n ? blk_mq_pci_map_queues+0x87/0x3c0\n ? pci_irq_get_affinity+0x187/0x210\n blk_mq_pci_map_queues+0x87/0x3c0\n nvme_pci_map_queues+0x189/0x460 [nvme]\n blk_mq_update_nr_hw_queues+0x2a/0x40\n nvme_reset_work+0x1be/0x2a0 [nvme]\n\nFix the bug by locking the shutdown_lock mutex before using\ndev-\u003eonline_queues. Give up if nvme_dev_disable() is running or if\nit has been executed already.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50135",
"url": "https://www.suse.com/security/cve/CVE-2024-50135"
},
{
"category": "external",
"summary": "SUSE Bug 1232888 for CVE-2024-50135",
"url": "https://bugzilla.suse.com/1232888"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50135"
},
{
"cve": "CVE-2024-50136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50136"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Unregister notifier on eswitch init failure\n\nIt otherwise remains registered and a subsequent attempt at eswitch\nenabling might trigger warnings of the sort:\n\n[ 682.589148] ------------[ cut here ]------------\n[ 682.590204] notifier callback eswitch_vport_event [mlx5_core] already registered\n[ 682.590256] WARNING: CPU: 13 PID: 2660 at kernel/notifier.c:31 notifier_chain_register+0x3e/0x90\n[...snipped]\n[ 682.610052] Call Trace:\n[ 682.610369] \u003cTASK\u003e\n[ 682.610663] ? __warn+0x7c/0x110\n[ 682.611050] ? notifier_chain_register+0x3e/0x90\n[ 682.611556] ? report_bug+0x148/0x170\n[ 682.611977] ? handle_bug+0x36/0x70\n[ 682.612384] ? exc_invalid_op+0x13/0x60\n[ 682.612817] ? asm_exc_invalid_op+0x16/0x20\n[ 682.613284] ? notifier_chain_register+0x3e/0x90\n[ 682.613789] atomic_notifier_chain_register+0x25/0x40\n[ 682.614322] mlx5_eswitch_enable_locked+0x1d4/0x3b0 [mlx5_core]\n[ 682.614965] mlx5_eswitch_enable+0xc9/0x100 [mlx5_core]\n[ 682.615551] mlx5_device_enable_sriov+0x25/0x340 [mlx5_core]\n[ 682.616170] mlx5_core_sriov_configure+0x50/0x170 [mlx5_core]\n[ 682.616789] sriov_numvfs_store+0xb0/0x1b0\n[ 682.617248] kernfs_fop_write_iter+0x117/0x1a0\n[ 682.617734] vfs_write+0x231/0x3f0\n[ 682.618138] ksys_write+0x63/0xe0\n[ 682.618536] do_syscall_64+0x4c/0x100\n[ 682.618958] entry_SYSCALL_64_after_hwframe+0x4b/0x53",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50136",
"url": "https://www.suse.com/security/cve/CVE-2024-50136"
},
{
"category": "external",
"summary": "SUSE Bug 1232914 for CVE-2024-50136",
"url": "https://bugzilla.suse.com/1232914"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50136"
},
{
"cve": "CVE-2024-50138",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50138"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Use raw_spinlock_t in ringbuf\n\nThe function __bpf_ringbuf_reserve is invoked from a tracepoint, which\ndisables preemption. Using spinlock_t in this context can lead to a\n\"sleep in atomic\" warning in the RT variant. This issue is illustrated\nin the example below:\n\nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\nin_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 556208, name: test_progs\npreempt_count: 1, expected: 0\nRCU nest depth: 1, expected: 1\nINFO: lockdep is turned off.\nPreemption disabled at:\n[\u003cffffd33a5c88ea44\u003e] migrate_enable+0xc0/0x39c\nCPU: 7 PID: 556208 Comm: test_progs Tainted: G\nHardware name: Qualcomm SA8775P Ride (DT)\nCall trace:\n dump_backtrace+0xac/0x130\n show_stack+0x1c/0x30\n dump_stack_lvl+0xac/0xe8\n dump_stack+0x18/0x30\n __might_resched+0x3bc/0x4fc\n rt_spin_lock+0x8c/0x1a4\n __bpf_ringbuf_reserve+0xc4/0x254\n bpf_ringbuf_reserve_dynptr+0x5c/0xdc\n bpf_prog_ac3d15160d62622a_test_read_write+0x104/0x238\n trace_call_bpf+0x238/0x774\n perf_call_bpf_enter.isra.0+0x104/0x194\n perf_syscall_enter+0x2f8/0x510\n trace_sys_enter+0x39c/0x564\n syscall_trace_enter+0x220/0x3c0\n do_el0_svc+0x138/0x1dc\n el0_svc+0x54/0x130\n el0t_64_sync_handler+0x134/0x150\n el0t_64_sync+0x17c/0x180\n\nSwitch the spinlock to raw_spinlock_t to avoid this error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50138",
"url": "https://www.suse.com/security/cve/CVE-2024-50138"
},
{
"category": "external",
"summary": "SUSE Bug 1232935 for CVE-2024-50138",
"url": "https://bugzilla.suse.com/1232935"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50138"
},
{
"cve": "CVE-2024-50139",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50139"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Fix shift-out-of-bounds bug\n\nFix a shift-out-of-bounds bug reported by UBSAN when running\nVM with MTE enabled host kernel.\n\nUBSAN: shift-out-of-bounds in arch/arm64/kvm/sys_regs.c:1988:14\nshift exponent 33 is too large for 32-bit type \u0027int\u0027\nCPU: 26 UID: 0 PID: 7629 Comm: qemu-kvm Not tainted 6.12.0-rc2 #34\nHardware name: IEI NF5280R7/Mitchell MB, BIOS 00.00. 2024-10-12 09:28:54 10/14/2024\nCall trace:\n dump_backtrace+0xa0/0x128\n show_stack+0x20/0x38\n dump_stack_lvl+0x74/0x90\n dump_stack+0x18/0x28\n __ubsan_handle_shift_out_of_bounds+0xf8/0x1e0\n reset_clidr+0x10c/0x1c8\n kvm_reset_sys_regs+0x50/0x1c8\n kvm_reset_vcpu+0xec/0x2b0\n __kvm_vcpu_set_target+0x84/0x158\n kvm_vcpu_set_target+0x138/0x168\n kvm_arch_vcpu_ioctl_vcpu_init+0x40/0x2b0\n kvm_arch_vcpu_ioctl+0x28c/0x4b8\n kvm_vcpu_ioctl+0x4bc/0x7a8\n __arm64_sys_ioctl+0xb4/0x100\n invoke_syscall+0x70/0x100\n el0_svc_common.constprop.0+0x48/0xf0\n do_el0_svc+0x24/0x38\n el0_svc+0x3c/0x158\n el0t_64_sync_handler+0x120/0x130\n el0t_64_sync+0x194/0x198",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50139",
"url": "https://www.suse.com/security/cve/CVE-2024-50139"
},
{
"category": "external",
"summary": "SUSE Bug 1233062 for CVE-2024-50139",
"url": "https://bugzilla.suse.com/1233062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50139"
},
{
"cve": "CVE-2024-50141",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50141"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context\n\nPRMT needs to find the correct type of block to translate the PA-VA\nmapping for EFI runtime services.\n\nThe issue arises because the PRMT is finding a block of type\nEFI_CONVENTIONAL_MEMORY, which is not appropriate for runtime services\nas described in Section 2.2.2 (Runtime Services) of the UEFI\nSpecification [1]. Since the PRM handler is a type of runtime service,\nthis causes an exception when the PRM handler is called.\n\n [Firmware Bug]: Unable to handle paging request in EFI runtime service\n WARNING: CPU: 22 PID: 4330 at drivers/firmware/efi/runtime-wrappers.c:341\n __efi_queue_work+0x11c/0x170\n Call trace:\n\nLet PRMT find a block with EFI_MEMORY_RUNTIME for PRM handler and PRM\ncontext.\n\nIf no suitable block is found, a warning message will be printed, but\nthe procedure continues to manage the next PRM handler.\n\nHowever, if the PRM handler is actually called without proper allocation,\nit would result in a failure during error handling.\n\nBy using the correct memory types for runtime services, ensure that the\nPRM handler and the context are properly mapped in the virtual address\nspace during runtime, preventing the paging request error.\n\nThe issue is really that only memory that has been remapped for runtime\nby the firmware can be used by the PRM handler, and so the region needs\nto have the EFI_MEMORY_RUNTIME attribute.\n\n[ rjw: Subject and changelog edits ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50141",
"url": "https://www.suse.com/security/cve/CVE-2024-50141"
},
{
"category": "external",
"summary": "SUSE Bug 1233065 for CVE-2024-50141",
"url": "https://bugzilla.suse.com/1233065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50141"
},
{
"cve": "CVE-2024-50145",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50145"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteon_ep: Add SKB allocation failures handling in __octep_oq_process_rx()\n\nbuild_skb() returns NULL in case of a memory allocation failure so handle\nit inside __octep_oq_process_rx() to avoid NULL pointer dereference.\n\n__octep_oq_process_rx() is called during NAPI polling by the driver. If\nskb allocation fails, keep on pulling packets out of the Rx DMA queue: we\nshouldn\u0027t break the polling immediately and thus falsely indicate to the\noctep_napi_poll() that the Rx pressure is going down. As there is no\nassociated skb in this case, don\u0027t process the packets and don\u0027t push them\nup the network stack - they are skipped.\n\nHelper function is implemented to unmmap/flush all the fragment buffers\nused by the dropped packet. \u0027alloc_failures\u0027 counter is incremented to\nmark the skb allocation error in driver statistics.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50145",
"url": "https://www.suse.com/security/cve/CVE-2024-50145"
},
{
"category": "external",
"summary": "SUSE Bug 1233044 for CVE-2024-50145",
"url": "https://bugzilla.suse.com/1233044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50145"
},
{
"cve": "CVE-2024-50146",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50146"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Don\u0027t call cleanup on profile rollback failure\n\nWhen profile rollback fails in mlx5e_netdev_change_profile, the netdev\nprofile var is left set to NULL. Avoid a crash when unloading the driver\nby not calling profile-\u003ecleanup in such a case.\n\nThis was encountered while testing, with the original trigger that\nthe wq rescuer thread creation got interrupted (presumably due to\nCtrl+C-ing modprobe), which gets converted to ENOMEM (-12) by\nmlx5e_priv_init, the profile rollback also fails for the same reason\n(signal still active) so the profile is left as NULL, leading to a crash\nlater in _mlx5e_remove.\n\n [ 732.473932] mlx5_core 0000:08:00.1: E-Switch: Unload vfs: mode(OFFLOADS), nvfs(2), necvfs(0), active vports(2)\n [ 734.525513] workqueue: Failed to create a rescuer kthread for wq \"mlx5e\": -EINTR\n [ 734.557372] mlx5_core 0000:08:00.1: mlx5e_netdev_init_profile:6235:(pid 6086): mlx5e_priv_init failed, err=-12\n [ 734.559187] mlx5_core 0000:08:00.1 eth3: mlx5e_netdev_change_profile: new profile init failed, -12\n [ 734.560153] workqueue: Failed to create a rescuer kthread for wq \"mlx5e\": -EINTR\n [ 734.589378] mlx5_core 0000:08:00.1: mlx5e_netdev_init_profile:6235:(pid 6086): mlx5e_priv_init failed, err=-12\n [ 734.591136] mlx5_core 0000:08:00.1 eth3: mlx5e_netdev_change_profile: failed to rollback to orig profile, -12\n [ 745.537492] BUG: kernel NULL pointer dereference, address: 0000000000000008\n [ 745.538222] #PF: supervisor read access in kernel mode\n\u003csnipped\u003e\n [ 745.551290] Call Trace:\n [ 745.551590] \u003cTASK\u003e\n [ 745.551866] ? __die+0x20/0x60\n [ 745.552218] ? page_fault_oops+0x150/0x400\n [ 745.555307] ? exc_page_fault+0x79/0x240\n [ 745.555729] ? asm_exc_page_fault+0x22/0x30\n [ 745.556166] ? mlx5e_remove+0x6b/0xb0 [mlx5_core]\n [ 745.556698] auxiliary_bus_remove+0x18/0x30\n [ 745.557134] device_release_driver_internal+0x1df/0x240\n [ 745.557654] bus_remove_device+0xd7/0x140\n [ 745.558075] device_del+0x15b/0x3c0\n [ 745.558456] mlx5_rescan_drivers_locked.part.0+0xb1/0x2f0 [mlx5_core]\n [ 745.559112] mlx5_unregister_device+0x34/0x50 [mlx5_core]\n [ 745.559686] mlx5_uninit_one+0x46/0xf0 [mlx5_core]\n [ 745.560203] remove_one+0x4e/0xd0 [mlx5_core]\n [ 745.560694] pci_device_remove+0x39/0xa0\n [ 745.561112] device_release_driver_internal+0x1df/0x240\n [ 745.561631] driver_detach+0x47/0x90\n [ 745.562022] bus_remove_driver+0x84/0x100\n [ 745.562444] pci_unregister_driver+0x3b/0x90\n [ 745.562890] mlx5_cleanup+0xc/0x1b [mlx5_core]\n [ 745.563415] __x64_sys_delete_module+0x14d/0x2f0\n [ 745.563886] ? kmem_cache_free+0x1b0/0x460\n [ 745.564313] ? lockdep_hardirqs_on_prepare+0xe2/0x190\n [ 745.564825] do_syscall_64+0x6d/0x140\n [ 745.565223] entry_SYSCALL_64_after_hwframe+0x4b/0x53\n [ 745.565725] RIP: 0033:0x7f1579b1288b",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50146",
"url": "https://www.suse.com/security/cve/CVE-2024-50146"
},
{
"category": "external",
"summary": "SUSE Bug 1233056 for CVE-2024-50146",
"url": "https://bugzilla.suse.com/1233056"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50146"
},
{
"cve": "CVE-2024-50147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50147"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix command bitmask initialization\n\nCommand bitmask have a dedicated bit for MANAGE_PAGES command, this bit\nisn\u0027t Initialize during command bitmask Initialization, only during\nMANAGE_PAGES.\n\nIn addition, mlx5_cmd_trigger_completions() is trying to trigger\ncompletion for MANAGE_PAGES command as well.\n\nHence, in case health error occurred before any MANAGE_PAGES command\nhave been invoke (for example, during mlx5_enable_hca()),\nmlx5_cmd_trigger_completions() will try to trigger completion for\nMANAGE_PAGES command, which will result in null-ptr-deref error.[1]\n\nFix it by Initialize command bitmask correctly.\n\nWhile at it, re-write the code for better understanding.\n\n[1]\nBUG: KASAN: null-ptr-deref in mlx5_cmd_trigger_completions+0x1db/0x600 [mlx5_core]\nWrite of size 4 at addr 0000000000000214 by task kworker/u96:2/12078\nCPU: 10 PID: 12078 Comm: kworker/u96:2 Not tainted 6.9.0-rc2_for_upstream_debug_2024_04_07_19_01 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nWorkqueue: mlx5_health0000:08:00.0 mlx5_fw_fatal_reporter_err_work [mlx5_core]\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x7e/0xc0\n kasan_report+0xb9/0xf0\n kasan_check_range+0xec/0x190\n mlx5_cmd_trigger_completions+0x1db/0x600 [mlx5_core]\n mlx5_cmd_flush+0x94/0x240 [mlx5_core]\n enter_error_state+0x6c/0xd0 [mlx5_core]\n mlx5_fw_fatal_reporter_err_work+0xf3/0x480 [mlx5_core]\n process_one_work+0x787/0x1490\n ? lockdep_hardirqs_on_prepare+0x400/0x400\n ? pwq_dec_nr_in_flight+0xda0/0xda0\n ? assign_work+0x168/0x240\n worker_thread+0x586/0xd30\n ? rescuer_thread+0xae0/0xae0\n kthread+0x2df/0x3b0\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x2d/0x70\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50147",
"url": "https://www.suse.com/security/cve/CVE-2024-50147"
},
{
"category": "external",
"summary": "SUSE Bug 1233067 for CVE-2024-50147",
"url": "https://bugzilla.suse.com/1233067"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50147"
},
{
"cve": "CVE-2024-50148",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50148"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: bnep: fix wild-memory-access in proto_unregister\n\nThere\u0027s issue as follows:\n KASAN: maybe wild-memory-access in range [0xdead...108-0xdead...10f]\n CPU: 3 UID: 0 PID: 2805 Comm: rmmod Tainted: G W\n RIP: 0010:proto_unregister+0xee/0x400\n Call Trace:\n \u003cTASK\u003e\n __do_sys_delete_module+0x318/0x580\n do_syscall_64+0xc1/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nAs bnep_init() ignore bnep_sock_init()\u0027s return value, and bnep_sock_init()\nwill cleanup all resource. Then when remove bnep module will call\nbnep_sock_cleanup() to cleanup sock\u0027s resource.\nTo solve above issue just return bnep_sock_init()\u0027s return value in\nbnep_exit().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50148",
"url": "https://www.suse.com/security/cve/CVE-2024-50148"
},
{
"category": "external",
"summary": "SUSE Bug 1233063 for CVE-2024-50148",
"url": "https://bugzilla.suse.com/1233063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50148"
},
{
"cve": "CVE-2024-50150",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50150"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: altmode should keep reference to parent\n\nThe altmode device release refers to its parent device, but without keeping\na reference to it.\n\nWhen registering the altmode, get a reference to the parent and put it in\nthe release function.\n\nBefore this fix, when using CONFIG_DEBUG_KOBJECT_RELEASE, we see issues\nlike this:\n\n[ 43.572860] kobject: \u0027port0.0\u0027 (ffff8880057ba008): kobject_release, parent 0000000000000000 (delayed 3000)\n[ 43.573532] kobject: \u0027port0.1\u0027 (ffff8880057bd008): kobject_release, parent 0000000000000000 (delayed 1000)\n[ 43.574407] kobject: \u0027port0\u0027 (ffff8880057b9008): kobject_release, parent 0000000000000000 (delayed 3000)\n[ 43.575059] kobject: \u0027port1.0\u0027 (ffff8880057ca008): kobject_release, parent 0000000000000000 (delayed 4000)\n[ 43.575908] kobject: \u0027port1.1\u0027 (ffff8880057c9008): kobject_release, parent 0000000000000000 (delayed 4000)\n[ 43.576908] kobject: \u0027typec\u0027 (ffff8880062dbc00): kobject_release, parent 0000000000000000 (delayed 4000)\n[ 43.577769] kobject: \u0027port1\u0027 (ffff8880057bf008): kobject_release, parent 0000000000000000 (delayed 3000)\n[ 46.612867] ==================================================================\n[ 46.613402] BUG: KASAN: slab-use-after-free in typec_altmode_release+0x38/0x129\n[ 46.614003] Read of size 8 at addr ffff8880057b9118 by task kworker/2:1/48\n[ 46.614538]\n[ 46.614668] CPU: 2 UID: 0 PID: 48 Comm: kworker/2:1 Not tainted 6.12.0-rc1-00138-gedbae730ad31 #535\n[ 46.615391] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[ 46.616042] Workqueue: events kobject_delayed_cleanup\n[ 46.616446] Call Trace:\n[ 46.616648] \u003cTASK\u003e\n[ 46.616820] dump_stack_lvl+0x5b/0x7c\n[ 46.617112] ? typec_altmode_release+0x38/0x129\n[ 46.617470] print_report+0x14c/0x49e\n[ 46.617769] ? rcu_read_unlock_sched+0x56/0x69\n[ 46.618117] ? __virt_addr_valid+0x19a/0x1ab\n[ 46.618456] ? kmem_cache_debug_flags+0xc/0x1d\n[ 46.618807] ? typec_altmode_release+0x38/0x129\n[ 46.619161] kasan_report+0x8d/0xb4\n[ 46.619447] ? typec_altmode_release+0x38/0x129\n[ 46.619809] ? process_scheduled_works+0x3cb/0x85f\n[ 46.620185] typec_altmode_release+0x38/0x129\n[ 46.620537] ? process_scheduled_works+0x3cb/0x85f\n[ 46.620907] device_release+0xaf/0xf2\n[ 46.621206] kobject_delayed_cleanup+0x13b/0x17a\n[ 46.621584] process_scheduled_works+0x4f6/0x85f\n[ 46.621955] ? __pfx_process_scheduled_works+0x10/0x10\n[ 46.622353] ? hlock_class+0x31/0x9a\n[ 46.622647] ? lock_acquired+0x361/0x3c3\n[ 46.622956] ? move_linked_works+0x46/0x7d\n[ 46.623277] worker_thread+0x1ce/0x291\n[ 46.623582] ? __kthread_parkme+0xc8/0xdf\n[ 46.623900] ? __pfx_worker_thread+0x10/0x10\n[ 46.624236] kthread+0x17e/0x190\n[ 46.624501] ? kthread+0xfb/0x190\n[ 46.624756] ? __pfx_kthread+0x10/0x10\n[ 46.625015] ret_from_fork+0x20/0x40\n[ 46.625268] ? __pfx_kthread+0x10/0x10\n[ 46.625532] ret_from_fork_asm+0x1a/0x30\n[ 46.625805] \u003c/TASK\u003e\n[ 46.625953]\n[ 46.626056] Allocated by task 678:\n[ 46.626287] kasan_save_stack+0x24/0x44\n[ 46.626555] kasan_save_track+0x14/0x2d\n[ 46.626811] __kasan_kmalloc+0x3f/0x4d\n[ 46.627049] __kmalloc_noprof+0x1bf/0x1f0\n[ 46.627362] typec_register_port+0x23/0x491\n[ 46.627698] cros_typec_probe+0x634/0xbb6\n[ 46.628026] platform_probe+0x47/0x8c\n[ 46.628311] really_probe+0x20a/0x47d\n[ 46.628605] device_driver_attach+0x39/0x72\n[ 46.628940] bind_store+0x87/0xd7\n[ 46.629213] kernfs_fop_write_iter+0x1aa/0x218\n[ 46.629574] vfs_write+0x1d6/0x29b\n[ 46.629856] ksys_write+0xcd/0x13b\n[ 46.630128] do_syscall_64+0xd4/0x139\n[ 46.630420] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 46.630820]\n[ 46.630946] Freed by task 48:\n[ 46.631182] kasan_save_stack+0x24/0x44\n[ 46.631493] kasan_save_track+0x14/0x2d\n[ 46.631799] kasan_save_free_info+0x3f/0x4d\n[ 46.632144] __kasan_slab_free+0x37/0x45\n[ 46.632474]\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50150",
"url": "https://www.suse.com/security/cve/CVE-2024-50150"
},
{
"category": "external",
"summary": "SUSE Bug 1233051 for CVE-2024-50150",
"url": "https://bugzilla.suse.com/1233051"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50150"
},
{
"cve": "CVE-2024-50153",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50153"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: core: Fix null-ptr-deref in target_alloc_device()\n\nThere is a null-ptr-deref issue reported by KASAN:\n\nBUG: KASAN: null-ptr-deref in target_alloc_device+0xbc4/0xbe0 [target_core_mod]\n...\n kasan_report+0xb9/0xf0\n target_alloc_device+0xbc4/0xbe0 [target_core_mod]\n core_dev_setup_virtual_lun0+0xef/0x1f0 [target_core_mod]\n target_core_init_configfs+0x205/0x420 [target_core_mod]\n do_one_initcall+0xdd/0x4e0\n...\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nIn target_alloc_device(), if allocing memory for dev queues fails, then\ndev will be freed by dev-\u003etransport-\u003efree_device(), but dev-\u003etransport\nis not initialized at that time, which will lead to a null pointer\nreference problem.\n\nFixing this bug by freeing dev with hba-\u003ebackend-\u003eops-\u003efree_device().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50153",
"url": "https://www.suse.com/security/cve/CVE-2024-50153"
},
{
"category": "external",
"summary": "SUSE Bug 1233061 for CVE-2024-50153",
"url": "https://bugzilla.suse.com/1233061"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50153"
},
{
"cve": "CVE-2024-50154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50154"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp/dccp: Don\u0027t use timer_pending() in reqsk_queue_unlink().\n\nMartin KaFai Lau reported use-after-free [0] in reqsk_timer_handler().\n\n \"\"\"\n We are seeing a use-after-free from a bpf prog attached to\n trace_tcp_retransmit_synack. The program passes the req-\u003esk to the\n bpf_sk_storage_get_tracing kernel helper which does check for null\n before using it.\n \"\"\"\n\nThe commit 83fccfc3940c (\"inet: fix potential deadlock in\nreqsk_queue_unlink()\") added timer_pending() in reqsk_queue_unlink() not\nto call del_timer_sync() from reqsk_timer_handler(), but it introduced a\nsmall race window.\n\nBefore the timer is called, expire_timers() calls detach_timer(timer, true)\nto clear timer-\u003eentry.pprev and marks it as not pending.\n\nIf reqsk_queue_unlink() checks timer_pending() just after expire_timers()\ncalls detach_timer(), TCP will miss del_timer_sync(); the reqsk timer will\ncontinue running and send multiple SYN+ACKs until it expires.\n\nThe reported UAF could happen if req-\u003esk is close()d earlier than the timer\nexpiration, which is 63s by default.\n\nThe scenario would be\n\n 1. inet_csk_complete_hashdance() calls inet_csk_reqsk_queue_drop(),\n but del_timer_sync() is missed\n\n 2. reqsk timer is executed and scheduled again\n\n 3. req-\u003esk is accept()ed and reqsk_put() decrements rsk_refcnt, but\n reqsk timer still has another one, and inet_csk_accept() does not\n clear req-\u003esk for non-TFO sockets\n\n 4. sk is close()d\n\n 5. reqsk timer is executed again, and BPF touches req-\u003esk\n\nLet\u0027s not use timer_pending() by passing the caller context to\n__inet_csk_reqsk_queue_drop().\n\nNote that reqsk timer is pinned, so the issue does not happen in most\nuse cases. [1]\n\n[0]\nBUG: KFENCE: use-after-free read in bpf_sk_storage_get_tracing+0x2e/0x1b0\n\nUse-after-free read at 0x00000000a891fb3a (in kfence-#1):\nbpf_sk_storage_get_tracing+0x2e/0x1b0\nbpf_prog_5ea3e95db6da0438_tcp_retransmit_synack+0x1d20/0x1dda\nbpf_trace_run2+0x4c/0xc0\ntcp_rtx_synack+0xf9/0x100\nreqsk_timer_handler+0xda/0x3d0\nrun_timer_softirq+0x292/0x8a0\nirq_exit_rcu+0xf5/0x320\nsysvec_apic_timer_interrupt+0x6d/0x80\nasm_sysvec_apic_timer_interrupt+0x16/0x20\nintel_idle_irq+0x5a/0xa0\ncpuidle_enter_state+0x94/0x273\ncpu_startup_entry+0x15e/0x260\nstart_secondary+0x8a/0x90\nsecondary_startup_64_no_verify+0xfa/0xfb\n\nkfence-#1: 0x00000000a72cc7b6-0x00000000d97616d9, size=2376, cache=TCPv6\n\nallocated by task 0 on cpu 9 at 260507.901592s:\nsk_prot_alloc+0x35/0x140\nsk_clone_lock+0x1f/0x3f0\ninet_csk_clone_lock+0x15/0x160\ntcp_create_openreq_child+0x1f/0x410\ntcp_v6_syn_recv_sock+0x1da/0x700\ntcp_check_req+0x1fb/0x510\ntcp_v6_rcv+0x98b/0x1420\nipv6_list_rcv+0x2258/0x26e0\nnapi_complete_done+0x5b1/0x2990\nmlx5e_napi_poll+0x2ae/0x8d0\nnet_rx_action+0x13e/0x590\nirq_exit_rcu+0xf5/0x320\ncommon_interrupt+0x80/0x90\nasm_common_interrupt+0x22/0x40\ncpuidle_enter_state+0xfb/0x273\ncpu_startup_entry+0x15e/0x260\nstart_secondary+0x8a/0x90\nsecondary_startup_64_no_verify+0xfa/0xfb\n\nfreed by task 0 on cpu 9 at 260507.927527s:\nrcu_core_si+0x4ff/0xf10\nirq_exit_rcu+0xf5/0x320\nsysvec_apic_timer_interrupt+0x6d/0x80\nasm_sysvec_apic_timer_interrupt+0x16/0x20\ncpuidle_enter_state+0xfb/0x273\ncpu_startup_entry+0x15e/0x260\nstart_secondary+0x8a/0x90\nsecondary_startup_64_no_verify+0xfa/0xfb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50154",
"url": "https://www.suse.com/security/cve/CVE-2024-50154"
},
{
"category": "external",
"summary": "SUSE Bug 1233070 for CVE-2024-50154",
"url": "https://bugzilla.suse.com/1233070"
},
{
"category": "external",
"summary": "SUSE Bug 1233072 for CVE-2024-50154",
"url": "https://bugzilla.suse.com/1233072"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-50154"
},
{
"cve": "CVE-2024-50155",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50155"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetdevsim: use cond_resched() in nsim_dev_trap_report_work()\n\nI am still seeing many syzbot reports hinting that syzbot\nmight fool nsim_dev_trap_report_work() with hundreds of ports [1]\n\nLets use cond_resched(), and system_unbound_wq\ninstead of implicit system_wq.\n\n[1]\nINFO: task syz-executor:20633 blocked for more than 143 seconds.\n Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:syz-executor state:D stack:25856 pid:20633 tgid:20633 ppid:1 flags:0x00004006\n...\nNMI backtrace for cpu 1\nCPU: 1 UID: 0 PID: 16760 Comm: kworker/1:0 Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: events nsim_dev_trap_report_work\n RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70 kernel/kcov.c:210\nCode: 89 fb e8 23 00 00 00 48 8b 3d 04 fb 9c 0c 48 89 de 5b e9 c3 c7 5d 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 \u003cf3\u003e 0f 1e fa 48 8b 04 24 65 48 8b 0c 25 c0 d7 03 00 65 8b 15 60 f0\nRSP: 0018:ffffc90000a187e8 EFLAGS: 00000246\nRAX: 0000000000000100 RBX: ffffc90000a188e0 RCX: ffff888027d3bc00\nRDX: ffff888027d3bc00 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffff88804a2e6000 R08: ffffffff8a4bc495 R09: ffffffff89da3577\nR10: 0000000000000004 R11: ffffffff8a4bc2b0 R12: dffffc0000000000\nR13: ffff88806573b503 R14: dffffc0000000000 R15: ffff8880663cca00\nFS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fc90a747f98 CR3: 000000000e734000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 000000000000002b DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cNMI\u003e\n \u003c/NMI\u003e\n \u003cTASK\u003e\n __local_bh_enable_ip+0x1bb/0x200 kernel/softirq.c:382\n spin_unlock_bh include/linux/spinlock.h:396 [inline]\n nsim_dev_trap_report drivers/net/netdevsim/dev.c:820 [inline]\n nsim_dev_trap_report_work+0x75d/0xaa0 drivers/net/netdevsim/dev.c:850\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50155",
"url": "https://www.suse.com/security/cve/CVE-2024-50155"
},
{
"category": "external",
"summary": "SUSE Bug 1233035 for CVE-2024-50155",
"url": "https://bugzilla.suse.com/1233035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50155"
},
{
"cve": "CVE-2024-50156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50156"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: Avoid NULL dereference in msm_disp_state_print_regs()\n\nIf the allocation in msm_disp_state_dump_regs() failed then\n`block-\u003estate` can be NULL. The msm_disp_state_print_regs() function\n_does_ have code to try to handle it with:\n\n if (*reg)\n dump_addr = *reg;\n\n...but since \"dump_addr\" is initialized to NULL the above is actually\na noop. The code then goes on to dereference `dump_addr`.\n\nMake the function print \"Registers not stored\" when it sees a NULL to\nsolve this. Since we\u0027re touching the code, fix\nmsm_disp_state_print_regs() not to pointlessly take a double-pointer\nand properly mark the pointer as `const`.\n\nPatchwork: https://patchwork.freedesktop.org/patch/619657/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50156",
"url": "https://www.suse.com/security/cve/CVE-2024-50156"
},
{
"category": "external",
"summary": "SUSE Bug 1233073 for CVE-2024-50156",
"url": "https://bugzilla.suse.com/1233073"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50156"
},
{
"cve": "CVE-2024-50157",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50157"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop\n\nDriver waits indefinitely for the fifo occupancy to go below a threshold\nas soon as the pacing interrupt is received. This can cause soft lockup on\none of the processors, if the rate of DB is very high.\n\nAdd a loop count for FPGA and exit the __wait_for_fifo_occupancy_below_th\nif the loop is taking more time. Pacing will be continuing until the\noccupancy is below the threshold. This is ensured by the checks in\nbnxt_re_pacing_timer_exp and further scheduling the work for pacing based\non the fifo occupancy.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50157",
"url": "https://www.suse.com/security/cve/CVE-2024-50157"
},
{
"category": "external",
"summary": "SUSE Bug 1233032 for CVE-2024-50157",
"url": "https://bugzilla.suse.com/1233032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50157"
},
{
"cve": "CVE-2024-50158",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50158"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Fix out of bound check\n\nDriver exports pacing stats only on GenP5 and P7 adapters. But while\nparsing the pacing stats, driver has a check for \"rdev-\u003edbr_pacing\". This\ncaused a trace when KASAN is enabled.\n\nBUG: KASAN: slab-out-of-bounds in bnxt_re_get_hw_stats+0x2b6a/0x2e00 [bnxt_re]\nWrite of size 8 at addr ffff8885942a6340 by task modprobe/4809",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50158",
"url": "https://www.suse.com/security/cve/CVE-2024-50158"
},
{
"category": "external",
"summary": "SUSE Bug 1233036 for CVE-2024-50158",
"url": "https://bugzilla.suse.com/1233036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50158"
},
{
"cve": "CVE-2024-50159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50159"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup()\n\nClang static checker(scan-build) throws below warning:\n | drivers/firmware/arm_scmi/driver.c:line 2915, column 2\n | Attempt to free released memory.\n\nWhen devm_add_action_or_reset() fails, scmi_debugfs_common_cleanup()\nwill run twice which causes double free of \u0027dbg-\u003ename\u0027.\n\nRemove the redundant scmi_debugfs_common_cleanup() to fix this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50159",
"url": "https://www.suse.com/security/cve/CVE-2024-50159"
},
{
"category": "external",
"summary": "SUSE Bug 1233041 for CVE-2024-50159",
"url": "https://bugzilla.suse.com/1233041"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50159"
},
{
"cve": "CVE-2024-50160",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50160"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda/cs8409: Fix possible NULL dereference\n\nIf snd_hda_gen_add_kctl fails to allocate memory and returns NULL, then\nNULL pointer dereference will occur in the next line.\n\nSince dolphin_fixups function is a hda_fixup function which is not supposed\nto return any errors, add simple check before dereference, ignore the fail.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50160",
"url": "https://www.suse.com/security/cve/CVE-2024-50160"
},
{
"category": "external",
"summary": "SUSE Bug 1233074 for CVE-2024-50160",
"url": "https://bugzilla.suse.com/1233074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50160"
},
{
"cve": "CVE-2024-50166",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50166"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfsl/fman: Fix refcount handling of fman-related devices\n\nIn mac_probe() there are multiple calls to of_find_device_by_node(),\nfman_bind() and fman_port_bind() which takes references to of_dev-\u003edev.\nNot all references taken by these calls are released later on error path\nin mac_probe() and in mac_remove() which lead to reference leaks.\n\nAdd references release.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50166",
"url": "https://www.suse.com/security/cve/CVE-2024-50166"
},
{
"category": "external",
"summary": "SUSE Bug 1233050 for CVE-2024-50166",
"url": "https://bugzilla.suse.com/1233050"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50166"
},
{
"cve": "CVE-2024-50167",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50167"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbe2net: fix potential memory leak in be_xmit()\n\nThe be_xmit() returns NETDEV_TX_OK without freeing skb\nin case of be_xmit_enqueue() fails, add dev_kfree_skb_any() to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50167",
"url": "https://www.suse.com/security/cve/CVE-2024-50167"
},
{
"category": "external",
"summary": "SUSE Bug 1233049 for CVE-2024-50167",
"url": "https://bugzilla.suse.com/1233049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50167"
},
{
"cve": "CVE-2024-50169",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50169"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Update rx_bytes on read_skb()\n\nMake sure virtio_transport_inc_rx_pkt() and virtio_transport_dec_rx_pkt()\ncalls are balanced (i.e. virtio_vsock_sock::rx_bytes doesn\u0027t lie) after\nvsock_transport::read_skb().\n\nWhile here, also inform the peer that we\u0027ve freed up space and it has more\ncredit.\n\nFailing to update rx_bytes after packet is dequeued leads to a warning on\nSOCK_STREAM recv():\n\n[ 233.396654] rx_queue is empty, but rx_bytes is non-zero\n[ 233.396702] WARNING: CPU: 11 PID: 40601 at net/vmw_vsock/virtio_transport_common.c:589",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50169",
"url": "https://www.suse.com/security/cve/CVE-2024-50169"
},
{
"category": "external",
"summary": "SUSE Bug 1233320 for CVE-2024-50169",
"url": "https://bugzilla.suse.com/1233320"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50169"
},
{
"cve": "CVE-2024-50171",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50171"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: systemport: fix potential memory leak in bcm_sysport_xmit()\n\nThe bcm_sysport_xmit() returns NETDEV_TX_OK without freeing skb\nin case of dma_map_single() fails, add dev_kfree_skb() to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50171",
"url": "https://www.suse.com/security/cve/CVE-2024-50171"
},
{
"category": "external",
"summary": "SUSE Bug 1233057 for CVE-2024-50171",
"url": "https://bugzilla.suse.com/1233057"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50171"
},
{
"cve": "CVE-2024-50172",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50172"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Fix a possible memory leak\n\nIn bnxt_re_setup_chip_ctx() when bnxt_qplib_map_db_bar() fails\ndriver is not freeing the memory allocated for \"rdev-\u003echip_ctx\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50172",
"url": "https://www.suse.com/security/cve/CVE-2024-50172"
},
{
"category": "external",
"summary": "SUSE Bug 1233029 for CVE-2024-50172",
"url": "https://bugzilla.suse.com/1233029"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50172"
},
{
"cve": "CVE-2024-50175",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50175"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: qcom: camss: Remove use_count guard in stop_streaming\n\nThe use_count check was introduced so that multiple concurrent Raw Data\nInterfaces RDIs could be driven by different virtual channels VCs on the\nCSIPHY input driving the video pipeline.\n\nThis is an invalid use of use_count though as use_count pertains to the\nnumber of times a video entity has been opened by user-space not the number\nof active streams.\n\nIf use_count and stream-on count don\u0027t agree then stop_streaming() will\nbreak as is currently the case and has become apparent when using CAMSS\nwith libcamera\u0027s released softisp 0.3.\n\nThe use of use_count like this is a bit hacky and right now breaks regular\nusage of CAMSS for a single stream case. Stopping qcam results in the splat\nbelow, and then it cannot be started again and any attempts to do so fails\nwith -EBUSY.\n\n[ 1265.509831] WARNING: CPU: 5 PID: 919 at drivers/media/common/videobuf2/videobuf2-core.c:2183 __vb2_queue_cancel+0x230/0x2c8 [videobuf2_common]\n...\n[ 1265.510630] Call trace:\n[ 1265.510636] __vb2_queue_cancel+0x230/0x2c8 [videobuf2_common]\n[ 1265.510648] vb2_core_streamoff+0x24/0xcc [videobuf2_common]\n[ 1265.510660] vb2_ioctl_streamoff+0x5c/0xa8 [videobuf2_v4l2]\n[ 1265.510673] v4l_streamoff+0x24/0x30 [videodev]\n[ 1265.510707] __video_do_ioctl+0x190/0x3f4 [videodev]\n[ 1265.510732] video_usercopy+0x304/0x8c4 [videodev]\n[ 1265.510757] video_ioctl2+0x18/0x34 [videodev]\n[ 1265.510782] v4l2_ioctl+0x40/0x60 [videodev]\n...\n[ 1265.510944] videobuf2_common: driver bug: stop_streaming operation is leaving buffer 0 in active state\n[ 1265.511175] videobuf2_common: driver bug: stop_streaming operation is leaving buffer 1 in active state\n[ 1265.511398] videobuf2_common: driver bug: stop_streaming operation is leaving buffer 2 in active st\n\nOne CAMSS specific way to handle multiple VCs on the same RDI might be:\n\n- Reference count each pipeline enable for CSIPHY, CSID, VFE and RDIx.\n- The video buffers are already associated with msm_vfeN_rdiX so\n release video buffers when told to do so by stop_streaming.\n- Only release the power-domains for the CSIPHY, CSID and VFE when\n their internal refcounts drop.\n\nEither way refusing to release video buffers based on use_count is\nerroneous and should be reverted. The silicon enabling code for selecting\nVCs is perfectly fine. Its a \"known missing feature\" that concurrent VCs\nwon\u0027t work with CAMSS right now.\n\nInitial testing with this code didn\u0027t show an error but, SoftISP and \"real\"\nusage with Google Hangouts breaks the upstream code pretty quickly, we need\nto do a partial revert and take another pass at VCs.\n\nThis commit partially reverts commit 89013969e232 (\"media: camss: sm8250:\nPipeline starting and stopping for multiple virtual channels\")",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50175",
"url": "https://www.suse.com/security/cve/CVE-2024-50175"
},
{
"category": "external",
"summary": "SUSE Bug 1233092 for CVE-2024-50175",
"url": "https://bugzilla.suse.com/1233092"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50175"
},
{
"cve": "CVE-2024-50176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50176"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: k3-r5: Fix error handling when power-up failed\n\nBy simply bailing out, the driver was violating its rule and internal\nassumptions that either both or no rproc should be initialized. E.g.,\nthis could cause the first core to be available but not the second one,\nleading to crashes on its shutdown later on while trying to dereference\nthat second instance.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50176",
"url": "https://www.suse.com/security/cve/CVE-2024-50176"
},
{
"category": "external",
"summary": "SUSE Bug 1233091 for CVE-2024-50176",
"url": "https://bugzilla.suse.com/1233091"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50176"
},
{
"cve": "CVE-2024-50177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50177"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix a UBSAN warning in DML2.1\n\nWhen programming phantom pipe, since cursor_width is explicity set to 0,\nthis causes calculation logic to trigger overflow for an unsigned int\ntriggering the kernel\u0027s UBSAN check as below:\n\n[ 40.962845] UBSAN: shift-out-of-bounds in /tmp/amd.EfpumTkO/amd/amdgpu/../display/dc/dml2/dml21/src/dml2_core/dml2_core_dcn4_calcs.c:3312:34\n[ 40.962849] shift exponent 4294967170 is too large for 32-bit type \u0027unsigned int\u0027\n[ 40.962852] CPU: 1 PID: 1670 Comm: gnome-shell Tainted: G W OE 6.5.0-41-generic #41~22.04.2-Ubuntu\n[ 40.962854] Hardware name: Gigabyte Technology Co., Ltd. X670E AORUS PRO X/X670E AORUS PRO X, BIOS F21 01/10/2024\n[ 40.962856] Call Trace:\n[ 40.962857] \u003cTASK\u003e\n[ 40.962860] dump_stack_lvl+0x48/0x70\n[ 40.962870] dump_stack+0x10/0x20\n[ 40.962872] __ubsan_handle_shift_out_of_bounds+0x1ac/0x360\n[ 40.962878] calculate_cursor_req_attributes.cold+0x1b/0x28 [amdgpu]\n[ 40.963099] dml_core_mode_support+0x6b91/0x16bc0 [amdgpu]\n[ 40.963327] ? srso_alias_return_thunk+0x5/0x7f\n[ 40.963331] ? CalculateWatermarksMALLUseAndDRAMSpeedChangeSupport+0x18b8/0x2790 [amdgpu]\n[ 40.963534] ? srso_alias_return_thunk+0x5/0x7f\n[ 40.963536] ? dml_core_mode_support+0xb3db/0x16bc0 [amdgpu]\n[ 40.963730] dml2_core_calcs_mode_support_ex+0x2c/0x90 [amdgpu]\n[ 40.963906] ? srso_alias_return_thunk+0x5/0x7f\n[ 40.963909] ? dml2_core_calcs_mode_support_ex+0x2c/0x90 [amdgpu]\n[ 40.964078] core_dcn4_mode_support+0x72/0xbf0 [amdgpu]\n[ 40.964247] dml2_top_optimization_perform_optimization_phase+0x1d3/0x2a0 [amdgpu]\n[ 40.964420] dml2_build_mode_programming+0x23d/0x750 [amdgpu]\n[ 40.964587] dml21_validate+0x274/0x770 [amdgpu]\n[ 40.964761] ? srso_alias_return_thunk+0x5/0x7f\n[ 40.964763] ? resource_append_dpp_pipes_for_plane_composition+0x27c/0x3b0 [amdgpu]\n[ 40.964942] dml2_validate+0x504/0x750 [amdgpu]\n[ 40.965117] ? dml21_copy+0x95/0xb0 [amdgpu]\n[ 40.965291] ? srso_alias_return_thunk+0x5/0x7f\n[ 40.965295] dcn401_validate_bandwidth+0x4e/0x70 [amdgpu]\n[ 40.965491] update_planes_and_stream_state+0x38d/0x5c0 [amdgpu]\n[ 40.965672] update_planes_and_stream_v3+0x52/0x1e0 [amdgpu]\n[ 40.965845] ? srso_alias_return_thunk+0x5/0x7f\n[ 40.965849] dc_update_planes_and_stream+0x71/0xb0 [amdgpu]\n\nFix this by adding a guard for checking cursor width before triggering\nthe size calculation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50177",
"url": "https://www.suse.com/security/cve/CVE-2024-50177"
},
{
"category": "external",
"summary": "SUSE Bug 1233115 for CVE-2024-50177",
"url": "https://bugzilla.suse.com/1233115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50177"
},
{
"cve": "CVE-2024-50179",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50179"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: remove the incorrect Fw reference check when dirtying pages\n\nWhen doing the direct-io reads it will also try to mark pages dirty,\nbut for the read path it won\u0027t hold the Fw caps and there is case\nwill it get the Fw reference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50179",
"url": "https://www.suse.com/security/cve/CVE-2024-50179"
},
{
"category": "external",
"summary": "SUSE Bug 1233123 for CVE-2024-50179",
"url": "https://bugzilla.suse.com/1233123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50179"
},
{
"cve": "CVE-2024-50180",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50180"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: sisfb: Fix strbuf array overflow\n\nThe values of the variables xres and yres are placed in strbuf.\nThese variables are obtained from strbuf1.\nThe strbuf1 array contains digit characters\nand a space if the array contains non-digit characters.\nThen, when executing sprintf(strbuf, \"%ux%ux8\", xres, yres);\nmore than 16 bytes will be written to strbuf.\nIt is suggested to increase the size of the strbuf array to 24.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50180",
"url": "https://www.suse.com/security/cve/CVE-2024-50180"
},
{
"category": "external",
"summary": "SUSE Bug 1233125 for CVE-2024-50180",
"url": "https://bugzilla.suse.com/1233125"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50180"
},
{
"cve": "CVE-2024-50181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50181"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50181",
"url": "https://www.suse.com/security/cve/CVE-2024-50181"
},
{
"category": "external",
"summary": "SUSE Bug 1233127 for CVE-2024-50181",
"url": "https://bugzilla.suse.com/1233127"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50181"
},
{
"cve": "CVE-2024-50182",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50182"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsecretmem: disable memfd_secret() if arch cannot set direct map\n\nReturn -ENOSYS from memfd_secret() syscall if !can_set_direct_map(). This\nis the case for example on some arm64 configurations, where marking 4k\nPTEs in the direct map not present can only be done if the direct map is\nset up at 4k granularity in the first place (as ARM\u0027s break-before-make\nsemantics do not easily allow breaking apart large/gigantic pages).\n\nMore precisely, on arm64 systems with !can_set_direct_map(),\nset_direct_map_invalid_noflush() is a no-op, however it returns success\n(0) instead of an error. This means that memfd_secret will seemingly\n\"work\" (e.g. syscall succeeds, you can mmap the fd and fault in pages),\nbut it does not actually achieve its goal of removing its memory from the\ndirect map.\n\nNote that with this patch, memfd_secret() will start erroring on systems\nwhere can_set_direct_map() returns false (arm64 with\nCONFIG_RODATA_FULL_DEFAULT_ENABLED=n, CONFIG_DEBUG_PAGEALLOC=n and\nCONFIG_KFENCE=n), but that still seems better than the current silent\nfailure. Since CONFIG_RODATA_FULL_DEFAULT_ENABLED defaults to \u0027y\u0027, most\narm64 systems actually have a working memfd_secret() and aren\u0027t be\naffected.\n\nFrom going through the iterations of the original memfd_secret patch\nseries, it seems that disabling the syscall in these scenarios was the\nintended behavior [1] (preferred over having\nset_direct_map_invalid_noflush return an error as that would result in\nSIGBUSes at page-fault time), however the check for it got dropped between\nv16 [2] and v17 [3], when secretmem moved away from CMA allocations.\n\n[1]: https://lore.kernel.org/lkml/20201124164930.GK8537@kernel.org/\n[2]: https://lore.kernel.org/lkml/20210121122723.3446-11-rppt@kernel.org/#t\n[3]: https://lore.kernel.org/lkml/20201125092208.12544-10-rppt@kernel.org/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50182",
"url": "https://www.suse.com/security/cve/CVE-2024-50182"
},
{
"category": "external",
"summary": "SUSE Bug 1233129 for CVE-2024-50182",
"url": "https://bugzilla.suse.com/1233129"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50182"
},
{
"cve": "CVE-2024-50183",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50183"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance\n\nDeleting an NPIV instance requires all fabric ndlps to be released before\nan NPIV\u0027s resources can be torn down. Failure to release fabric ndlps\nbeforehand opens kref imbalance race conditions. Fix by forcing the DA_ID\nto complete synchronously with usage of wait_queue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50183",
"url": "https://www.suse.com/security/cve/CVE-2024-50183"
},
{
"category": "external",
"summary": "SUSE Bug 1233130 for CVE-2024-50183",
"url": "https://bugzilla.suse.com/1233130"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50183"
},
{
"cve": "CVE-2024-50184",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50184"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_pmem: Check device status before requesting flush\n\nIf a pmem device is in a bad status, the driver side could wait for\nhost ack forever in virtio_pmem_flush(), causing the system to hang.\n\nSo add a status check in the beginning of virtio_pmem_flush() to return\nearly if the device is not activated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50184",
"url": "https://www.suse.com/security/cve/CVE-2024-50184"
},
{
"category": "external",
"summary": "SUSE Bug 1233135 for CVE-2024-50184",
"url": "https://bugzilla.suse.com/1233135"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50184"
},
{
"cve": "CVE-2024-50186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50186"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: explicitly clear the sk pointer, when pf-\u003ecreate fails\n\nWe have recently noticed the exact same KASAN splat as in commit\n6cd4a78d962b (\"net: do not leave a dangling sk pointer, when socket\ncreation fails\"). The problem is that commit did not fully address the\nproblem, as some pf-\u003ecreate implementations do not use sk_common_release\nin their error paths.\n\nFor example, we can use the same reproducer as in the above commit, but\nchanging ping to arping. arping uses AF_PACKET socket and if packet_create\nfails, it will just sk_free the allocated sk object.\n\nWhile we could chase all the pf-\u003ecreate implementations and make sure they\nNULL the freed sk object on error from the socket, we can\u0027t guarantee\nfuture protocols will not make the same mistake.\n\nSo it is easier to just explicitly NULL the sk pointer upon return from\npf-\u003ecreate in __sock_create. We do know that pf-\u003ecreate always releases the\nallocated sk object on error, so if the pointer is not NULL, it is\ndefinitely dangling.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50186",
"url": "https://www.suse.com/security/cve/CVE-2024-50186"
},
{
"category": "external",
"summary": "SUSE Bug 1233110 for CVE-2024-50186",
"url": "https://bugzilla.suse.com/1233110"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50186"
},
{
"cve": "CVE-2024-50187",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50187"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vc4: Stop the active perfmon before being destroyed\n\nUpon closing the file descriptor, the active performance monitor is not\nstopped. Although all perfmons are destroyed in `vc4_perfmon_close_file()`,\nthe active performance monitor\u0027s pointer (`vc4-\u003eactive_perfmon`) is still\nretained.\n\nIf we open a new file descriptor and submit a few jobs with performance\nmonitors, the driver will attempt to stop the active performance monitor\nusing the stale pointer in `vc4-\u003eactive_perfmon`. However, this pointer\nis no longer valid because the previous process has already terminated,\nand all performance monitors associated with it have been destroyed and\nfreed.\n\nTo fix this, when the active performance monitor belongs to a given\nprocess, explicitly stop it before destroying and freeing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50187",
"url": "https://www.suse.com/security/cve/CVE-2024-50187"
},
{
"category": "external",
"summary": "SUSE Bug 1233108 for CVE-2024-50187",
"url": "https://bugzilla.suse.com/1233108"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50187"
},
{
"cve": "CVE-2024-50188",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50188"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: dp83869: fix memory corruption when enabling fiber\n\nWhen configuring the fiber port, the DP83869 PHY driver incorrectly\ncalls linkmode_set_bit() with a bit mask (1 \u003c\u003c 10) rather than a bit\nnumber (10). This corrupts some other memory location -- in case of\narm64 the priv pointer in the same structure.\n\nSince the advertising flags are updated from supported at the end of the\nfunction the incorrect line isn\u0027t needed at all and can be removed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50188",
"url": "https://www.suse.com/security/cve/CVE-2024-50188"
},
{
"category": "external",
"summary": "SUSE Bug 1233107 for CVE-2024-50188",
"url": "https://bugzilla.suse.com/1233107"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50188"
},
{
"cve": "CVE-2024-50189",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50189"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: amd_sfh: Switch to device-managed dmam_alloc_coherent()\n\nUsing the device-managed version allows to simplify clean-up in probe()\nerror path.\n\nAdditionally, this device-managed ensures proper cleanup, which helps to\nresolve memory errors, page faults, btrfs going read-only, and btrfs\ndisk corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50189",
"url": "https://www.suse.com/security/cve/CVE-2024-50189"
},
{
"category": "external",
"summary": "SUSE Bug 1233105 for CVE-2024-50189",
"url": "https://bugzilla.suse.com/1233105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50189"
},
{
"cve": "CVE-2024-50192",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50192"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/gic-v4: Don\u0027t allow a VMOVP on a dying VPE\n\nKunkun Jiang reported that there is a small window of opportunity for\nuserspace to force a change of affinity for a VPE while the VPE has already\nbeen unmapped, but the corresponding doorbell interrupt still visible in\n/proc/irq/.\n\nPlug the race by checking the value of vmapp_count, which tracks whether\nthe VPE is mapped ot not, and returning an error in this case.\n\nThis involves making vmapp_count common to both GICv4.1 and its v4.0\nancestor.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50192",
"url": "https://www.suse.com/security/cve/CVE-2024-50192"
},
{
"category": "external",
"summary": "SUSE Bug 1233106 for CVE-2024-50192",
"url": "https://bugzilla.suse.com/1233106"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50192"
},
{
"cve": "CVE-2024-50194",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50194"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: probes: Fix uprobes for big-endian kernels\n\nThe arm64 uprobes code is broken for big-endian kernels as it doesn\u0027t\nconvert the in-memory instruction encoding (which is always\nlittle-endian) into the kernel\u0027s native endianness before analyzing and\nsimulating instructions. This may result in a few distinct problems:\n\n* The kernel may may erroneously reject probing an instruction which can\n safely be probed.\n\n* The kernel may erroneously erroneously permit stepping an\n instruction out-of-line when that instruction cannot be stepped\n out-of-line safely.\n\n* The kernel may erroneously simulate instruction incorrectly dur to\n interpretting the byte-swapped encoding.\n\nThe endianness mismatch isn\u0027t caught by the compiler or sparse because:\n\n* The arch_uprobe::{insn,ixol} fields are encoded as arrays of u8, so\n the compiler and sparse have no idea these contain a little-endian\n 32-bit value. The core uprobes code populates these with a memcpy()\n which similarly does not handle endianness.\n\n* While the uprobe_opcode_t type is an alias for __le32, both\n arch_uprobe_analyze_insn() and arch_uprobe_skip_sstep() cast from u8[]\n to the similarly-named probe_opcode_t, which is an alias for u32.\n Hence there is no endianness conversion warning.\n\nFix this by changing the arch_uprobe::{insn,ixol} fields to __le32 and\nadding the appropriate __le32_to_cpu() conversions prior to consuming\nthe instruction encoding. The core uprobes copies these fields as opaque\nranges of bytes, and so is unaffected by this change.\n\nAt the same time, remove MAX_UINSN_BYTES and consistently use\nAARCH64_INSN_SIZE for clarity.\n\nTested with the following:\n\n| #include \u003cstdio.h\u003e\n| #include \u003cstdbool.h\u003e\n|\n| #define noinline __attribute__((noinline))\n|\n| static noinline void *adrp_self(void)\n| {\n| void *addr;\n|\n| asm volatile(\n| \" adrp %x0, adrp_self\\n\"\n| \" add %x0, %x0, :lo12:adrp_self\\n\"\n| : \"=r\" (addr));\n| }\n|\n|\n| int main(int argc, char *argv)\n| {\n| void *ptr = adrp_self();\n| bool equal = (ptr == adrp_self);\n|\n| printf(\"adrp_self =\u003e %p\\n\"\n| \"adrp_self() =\u003e %p\\n\"\n| \"%s\\n\",\n| adrp_self, ptr, equal ? \"EQUAL\" : \"NOT EQUAL\");\n|\n| return 0;\n| }\n\n.... where the adrp_self() function was compiled to:\n\n| 00000000004007e0 \u003cadrp_self\u003e:\n| 4007e0: 90000000 adrp x0, 400000 \u003c__ehdr_start\u003e\n| 4007e4: 911f8000 add x0, x0, #0x7e0\n| 4007e8: d65f03c0 ret\n\nBefore this patch, the ADRP is not recognized, and is assumed to be\nsteppable, resulting in corruption of the result:\n\n| # ./adrp-self\n| adrp_self =\u003e 0x4007e0\n| adrp_self() =\u003e 0x4007e0\n| EQUAL\n| # echo \u0027p /root/adrp-self:0x007e0\u0027 \u003e /sys/kernel/tracing/uprobe_events\n| # echo 1 \u003e /sys/kernel/tracing/events/uprobes/enable\n| # ./adrp-self\n| adrp_self =\u003e 0x4007e0\n| adrp_self() =\u003e 0xffffffffff7e0\n| NOT EQUAL\n\nAfter this patch, the ADRP is correctly recognized and simulated:\n\n| # ./adrp-self\n| adrp_self =\u003e 0x4007e0\n| adrp_self() =\u003e 0x4007e0\n| EQUAL\n| #\n| # echo \u0027p /root/adrp-self:0x007e0\u0027 \u003e /sys/kernel/tracing/uprobe_events\n| # echo 1 \u003e /sys/kernel/tracing/events/uprobes/enable\n| # ./adrp-self\n| adrp_self =\u003e 0x4007e0\n| adrp_self() =\u003e 0x4007e0\n| EQUAL",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50194",
"url": "https://www.suse.com/security/cve/CVE-2024-50194"
},
{
"category": "external",
"summary": "SUSE Bug 1233111 for CVE-2024-50194",
"url": "https://bugzilla.suse.com/1233111"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50194"
},
{
"cve": "CVE-2024-50195",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50195"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nposix-clock: Fix missing timespec64 check in pc_clock_settime()\n\nAs Andrew pointed out, it will make sense that the PTP core\nchecked timespec64 struct\u0027s tv_sec and tv_nsec range before calling\nptp-\u003einfo-\u003esettime64().\n\nAs the man manual of clock_settime() said, if tp.tv_sec is negative or\ntp.tv_nsec is outside the range [0..999,999,999], it should return EINVAL,\nwhich include dynamic clocks which handles PTP clock, and the condition is\nconsistent with timespec64_valid(). As Thomas suggested, timespec64_valid()\nonly check the timespec is valid, but not ensure that the time is\nin a valid range, so check it ahead using timespec64_valid_strict()\nin pc_clock_settime() and return -EINVAL if not valid.\n\nThere are some drivers that use tp-\u003etv_sec and tp-\u003etv_nsec directly to\nwrite registers without validity checks and assume that the higher layer\nhas checked it, which is dangerous and will benefit from this, such as\nhclge_ptp_settime(), igb_ptp_settime_i210(), _rcar_gen4_ptp_settime(),\nand some drivers can remove the checks of itself.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50195",
"url": "https://www.suse.com/security/cve/CVE-2024-50195"
},
{
"category": "external",
"summary": "SUSE Bug 1233103 for CVE-2024-50195",
"url": "https://bugzilla.suse.com/1233103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50195"
},
{
"cve": "CVE-2024-50196",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50196"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: ocelot: fix system hang on level based interrupts\n\nThe current implementation only calls chained_irq_enter() and\nchained_irq_exit() if it detects pending interrupts.\n\n```\nfor (i = 0; i \u003c info-\u003estride; i++) {\n\turegmap_read(info-\u003emap, id_reg + 4 * i, \u0026reg);\n\tif (!reg)\n\t\tcontinue;\n\n\tchained_irq_enter(parent_chip, desc);\n```\n\nHowever, in case of GPIO pin configured in level mode and the parent\ncontroller configured in edge mode, GPIO interrupt might be lowered by the\nhardware. In the result, if the interrupt is short enough, the parent\ninterrupt is still pending while the GPIO interrupt is cleared;\nchained_irq_enter() never gets called and the system hangs trying to\nservice the parent interrupt.\n\nMoving chained_irq_enter() and chained_irq_exit() outside the for loop\nensures that they are called even when GPIO interrupt is lowered by the\nhardware.\n\nThe similar code with chained_irq_enter() / chained_irq_exit() functions\nwrapping interrupt checking loop may be found in many other drivers:\n```\ngrep -r -A 10 chained_irq_enter drivers/pinctrl\n```",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50196",
"url": "https://www.suse.com/security/cve/CVE-2024-50196"
},
{
"category": "external",
"summary": "SUSE Bug 1233113 for CVE-2024-50196",
"url": "https://bugzilla.suse.com/1233113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50196"
},
{
"cve": "CVE-2024-50198",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50198"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: light: veml6030: fix IIO device retrieval from embedded device\n\nThe dev pointer that is received as an argument in the\nin_illuminance_period_available_show function references the device\nembedded in the IIO device, not in the i2c client.\n\ndev_to_iio_dev() must be used to accessthe right data. The current\nimplementation leads to a segmentation fault on every attempt to read\nthe attribute because indio_dev gets a NULL assignment.\n\nThis bug has been present since the first appearance of the driver,\napparently since the last version (V6) before getting applied. A\nconstant attribute was used until then, and the last modifications might\nhave not been tested again.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50198",
"url": "https://www.suse.com/security/cve/CVE-2024-50198"
},
{
"category": "external",
"summary": "SUSE Bug 1233100 for CVE-2024-50198",
"url": "https://bugzilla.suse.com/1233100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50198"
},
{
"cve": "CVE-2024-50200",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50200"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmaple_tree: correct tree corruption on spanning store\n\nPatch series \"maple_tree: correct tree corruption on spanning store\", v3.\n\nThere has been a nasty yet subtle maple tree corruption bug that appears\nto have been in existence since the inception of the algorithm.\n\nThis bug seems far more likely to happen since commit f8d112a4e657\n(\"mm/mmap: avoid zeroing vma tree in mmap_region()\"), which is the point\nat which reports started to be submitted concerning this bug.\n\nWe were made definitely aware of the bug thanks to the kind efforts of\nBert Karwatzki who helped enormously in my being able to track this down\nand identify the cause of it.\n\nThe bug arises when an attempt is made to perform a spanning store across\ntwo leaf nodes, where the right leaf node is the rightmost child of the\nshared parent, AND the store completely consumes the right-mode node.\n\nThis results in mas_wr_spanning_store() mitakenly duplicating the new and\nexisting entries at the maximum pivot within the range, and thus maple\ntree corruption.\n\nThe fix patch corrects this by detecting this scenario and disallowing the\nmistaken duplicate copy.\n\nThe fix patch commit message goes into great detail as to how this occurs.\n\nThis series also includes a test which reliably reproduces the issue, and\nasserts that the fix works correctly.\n\nBert has kindly tested the fix and confirmed it resolved his issues. Also\nMikhail Gavrilov kindly reported what appears to be precisely the same\nbug, which this fix should also resolve.\n\n\nThis patch (of 2):\n\nThere has been a subtle bug present in the maple tree implementation from\nits inception.\n\nThis arises from how stores are performed - when a store occurs, it will\noverwrite overlapping ranges and adjust the tree as necessary to\naccommodate this.\n\nA range may always ultimately span two leaf nodes. In this instance we\nwalk the two leaf nodes, determine which elements are not overwritten to\nthe left and to the right of the start and end of the ranges respectively\nand then rebalance the tree to contain these entries and the newly\ninserted one.\n\nThis kind of store is dubbed a \u0027spanning store\u0027 and is implemented by\nmas_wr_spanning_store().\n\nIn order to reach this stage, mas_store_gfp() invokes\nmas_wr_preallocate(), mas_wr_store_type() and mas_wr_walk() in turn to\nwalk the tree and update the object (mas) to traverse to the location\nwhere the write should be performed, determining its store type.\n\nWhen a spanning store is required, this function returns false stopping at\nthe parent node which contains the target range, and mas_wr_store_type()\nmarks the mas-\u003estore_type as wr_spanning_store to denote this fact.\n\nWhen we go to perform the store in mas_wr_spanning_store(), we first\ndetermine the elements AFTER the END of the range we wish to store (that\nis, to the right of the entry to be inserted) - we do this by walking to\nthe NEXT pivot in the tree (i.e. r_mas.last + 1), starting at the node we\nhave just determined contains the range over which we intend to write.\n\nWe then turn our attention to the entries to the left of the entry we are\ninserting, whose state is represented by l_mas, and copy these into a \u0027big\nnode\u0027, which is a special node which contains enough slots to contain two\nleaf node\u0027s worth of data.\n\nWe then copy the entry we wish to store immediately after this - the copy\nand the insertion of the new entry is performed by mas_store_b_node().\n\nAfter this we copy the elements to the right of the end of the range which\nwe are inserting, if we have not exceeded the length of the node (i.e. \nr_mas.offset \u003c= r_mas.end).\n\nHerein lies the bug - under very specific circumstances, this logic can\nbreak and corrupt the maple tree.\n\nConsider the following tree:\n\nHeight\n 0 Root Node\n / \\\n pivot = 0xffff / \\ pivot = ULONG_MAX\n / \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50200",
"url": "https://www.suse.com/security/cve/CVE-2024-50200"
},
{
"category": "external",
"summary": "SUSE Bug 1233088 for CVE-2024-50200",
"url": "https://bugzilla.suse.com/1233088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50200"
},
{
"cve": "CVE-2024-50201",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50201"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: Fix encoder-\u003epossible_clones\n\nInclude the encoder itself in its possible_clones bitmask.\nIn the past nothing validated that drivers were populating\npossible_clones correctly, but that changed in commit\n74d2aacbe840 (\"drm: Validate encoder-\u003epossible_clones\").\nLooks like radeon never got the memo and is still not\nfollowing the rules 100% correctly.\n\nThis results in some warnings during driver initialization:\nBogus possible_clones: [ENCODER:46:TV-46] possible_clones=0x4 (full encoder mask=0x7)\nWARNING: CPU: 0 PID: 170 at drivers/gpu/drm/drm_mode_config.c:615 drm_mode_config_validate+0x113/0x39c\n...\n\n(cherry picked from commit 3b6e7d40649c0d75572039aff9d0911864c689db)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50201",
"url": "https://www.suse.com/security/cve/CVE-2024-50201"
},
{
"category": "external",
"summary": "SUSE Bug 1233104 for CVE-2024-50201",
"url": "https://bugzilla.suse.com/1233104"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50201"
},
{
"cve": "CVE-2024-50205",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50205"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()\n\nThe step variable is initialized to zero. It is changed in the loop,\nbut if it\u0027s not changed it will remain zero. Add a variable check\nbefore the division.\n\nThe observed behavior was introduced by commit 826b5de90c0b\n(\"ALSA: firewire-lib: fix insufficient PCM rule for period/buffer size\"),\nand it is difficult to show that any of the interval parameters will\nsatisfy the snd_interval_test() condition with data from the\namdtp_rate_table[] table.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50205",
"url": "https://www.suse.com/security/cve/CVE-2024-50205"
},
{
"category": "external",
"summary": "SUSE Bug 1233293 for CVE-2024-50205",
"url": "https://bugzilla.suse.com/1233293"
},
{
"category": "external",
"summary": "SUSE Bug 1233294 for CVE-2024-50205",
"url": "https://bugzilla.suse.com/1233294"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-50205"
},
{
"cve": "CVE-2024-50208",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50208"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages\n\nAvoid memory corruption while setting up Level-2 PBL pages for the non MR\nresources when num_pages \u003e 256K.\n\nThere will be a single PDE page address (contiguous pages in the case of \u003e\nPAGE_SIZE), but, current logic assumes multiple pages, leading to invalid\nmemory access after 256K PBL entries in the PDE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50208",
"url": "https://www.suse.com/security/cve/CVE-2024-50208"
},
{
"category": "external",
"summary": "SUSE Bug 1233117 for CVE-2024-50208",
"url": "https://bugzilla.suse.com/1233117"
},
{
"category": "external",
"summary": "SUSE Bug 1233118 for CVE-2024-50208",
"url": "https://bugzilla.suse.com/1233118"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-50208"
},
{
"cve": "CVE-2024-50209",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50209"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Add a check for memory allocation\n\n__alloc_pbl() can return error when memory allocation fails.\nDriver is not checking the status on one of the instances.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50209",
"url": "https://www.suse.com/security/cve/CVE-2024-50209"
},
{
"category": "external",
"summary": "SUSE Bug 1233114 for CVE-2024-50209",
"url": "https://bugzilla.suse.com/1233114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50209"
},
{
"cve": "CVE-2024-50210",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50210"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nposix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()\n\nIf get_clock_desc() succeeds, it calls fget() for the clockid\u0027s fd,\nand get the clk-\u003erwsem read lock, so the error path should release\nthe lock to make the lock balance and fput the clockid\u0027s fd to make\nthe refcount balance and release the fd related resource.\n\nHowever the below commit left the error path locked behind resulting in\nunbalanced locking. Check timespec64_valid_strict() before\nget_clock_desc() to fix it, because the \"ts\" is not changed\nafter that.\n\n[pabeni@redhat.com: fixed commit message typo]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50210",
"url": "https://www.suse.com/security/cve/CVE-2024-50210"
},
{
"category": "external",
"summary": "SUSE Bug 1233097 for CVE-2024-50210",
"url": "https://bugzilla.suse.com/1233097"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50210"
},
{
"cve": "CVE-2024-50215",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50215"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-auth: assign dh_key to NULL after kfree_sensitive\n\nctrl-\u003edh_key might be used across multiple calls to nvmet_setup_dhgroup()\nfor the same controller. So it\u0027s better to nullify it after release on\nerror path in order to avoid double free later in nvmet_destroy_auth().\n\nFound by Linux Verification Center (linuxtesting.org) with Svace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50215",
"url": "https://www.suse.com/security/cve/CVE-2024-50215"
},
{
"category": "external",
"summary": "SUSE Bug 1233189 for CVE-2024-50215",
"url": "https://bugzilla.suse.com/1233189"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50215"
},
{
"cve": "CVE-2024-50216",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50216"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: fix finding a last resort AG in xfs_filestream_pick_ag\n\nWhen the main loop in xfs_filestream_pick_ag fails to find a suitable\nAG it tries to just pick the online AG. But the loop for that uses\nargs-\u003epag as loop iterator while the later code expects pag to be\nset. Fix this by reusing the max_pag case for this last resort, and\nalso add a check for impossible case of no AG just to make sure that\nthe uninitialized pag doesn\u0027t even escape in theory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50216",
"url": "https://www.suse.com/security/cve/CVE-2024-50216"
},
{
"category": "external",
"summary": "SUSE Bug 1233179 for CVE-2024-50216",
"url": "https://bugzilla.suse.com/1233179"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50216"
},
{
"cve": "CVE-2024-50218",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50218"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: pass u64 to ocfs2_truncate_inline maybe overflow\n\nSyzbot reported a kernel BUG in ocfs2_truncate_inline. There are two\nreasons for this: first, the parameter value passed is greater than\nocfs2_max_inline_data_with_xattr, second, the start and end parameters of\nocfs2_truncate_inline are \"unsigned int\".\n\nSo, we need to add a sanity check for byte_start and byte_len right before\nocfs2_truncate_inline() in ocfs2_remove_inode_range(), if they are greater\nthan ocfs2_max_inline_data_with_xattr return -EINVAL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50218",
"url": "https://www.suse.com/security/cve/CVE-2024-50218"
},
{
"category": "external",
"summary": "SUSE Bug 1233191 for CVE-2024-50218",
"url": "https://bugzilla.suse.com/1233191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50218"
},
{
"cve": "CVE-2024-50221",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50221"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Vangogh: Fix kernel memory out of bounds write\n\nKASAN reports that the GPU metrics table allocated in\nvangogh_tables_init() is not large enough for the memset done in\nsmu_cmn_init_soft_gpu_metrics(). Condensed report follows:\n\n[ 33.861314] BUG: KASAN: slab-out-of-bounds in smu_cmn_init_soft_gpu_metrics+0x73/0x200 [amdgpu]\n[ 33.861799] Write of size 168 at addr ffff888129f59500 by task mangoapp/1067\n...\n[ 33.861808] CPU: 6 UID: 1000 PID: 1067 Comm: mangoapp Tainted: G W 6.12.0-rc4 #356 1a56f59a8b5182eeaf67eb7cb8b13594dd23b544\n[ 33.861816] Tainted: [W]=WARN\n[ 33.861818] Hardware name: Valve Galileo/Galileo, BIOS F7G0107 12/01/2023\n[ 33.861822] Call Trace:\n[ 33.861826] \u003cTASK\u003e\n[ 33.861829] dump_stack_lvl+0x66/0x90\n[ 33.861838] print_report+0xce/0x620\n[ 33.861853] kasan_report+0xda/0x110\n[ 33.862794] kasan_check_range+0xfd/0x1a0\n[ 33.862799] __asan_memset+0x23/0x40\n[ 33.862803] smu_cmn_init_soft_gpu_metrics+0x73/0x200 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779]\n[ 33.863306] vangogh_get_gpu_metrics_v2_4+0x123/0xad0 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779]\n[ 33.864257] vangogh_common_get_gpu_metrics+0xb0c/0xbc0 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779]\n[ 33.865682] amdgpu_dpm_get_gpu_metrics+0xcc/0x110 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779]\n[ 33.866160] amdgpu_get_gpu_metrics+0x154/0x2d0 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779]\n[ 33.867135] dev_attr_show+0x43/0xc0\n[ 33.867147] sysfs_kf_seq_show+0x1f1/0x3b0\n[ 33.867155] seq_read_iter+0x3f8/0x1140\n[ 33.867173] vfs_read+0x76c/0xc50\n[ 33.867198] ksys_read+0xfb/0x1d0\n[ 33.867214] do_syscall_64+0x90/0x160\n...\n[ 33.867353] Allocated by task 378 on cpu 7 at 22.794876s:\n[ 33.867358] kasan_save_stack+0x33/0x50\n[ 33.867364] kasan_save_track+0x17/0x60\n[ 33.867367] __kasan_kmalloc+0x87/0x90\n[ 33.867371] vangogh_init_smc_tables+0x3f9/0x840 [amdgpu]\n[ 33.867835] smu_sw_init+0xa32/0x1850 [amdgpu]\n[ 33.868299] amdgpu_device_init+0x467b/0x8d90 [amdgpu]\n[ 33.868733] amdgpu_driver_load_kms+0x19/0xf0 [amdgpu]\n[ 33.869167] amdgpu_pci_probe+0x2d6/0xcd0 [amdgpu]\n[ 33.869608] local_pci_probe+0xda/0x180\n[ 33.869614] pci_device_probe+0x43f/0x6b0\n\nEmpirically we can confirm that the former allocates 152 bytes for the\ntable, while the latter memsets the 168 large block.\n\nRoot cause appears that when GPU metrics tables for v2_4 parts were added\nit was not considered to enlarge the table to fit.\n\nThe fix in this patch is rather \"brute force\" and perhaps later should be\ndone in a smarter way, by extracting and consolidating the part version to\nsize logic to a common helper, instead of brute forcing the largest\npossible allocation. Nevertheless, for now this works and fixes the out of\nbounds write.\n\nv2:\n * Drop impossible v3_0 case. (Mario)\n\n(cherry picked from commit 0880f58f9609f0200483a49429af0f050d281703)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50221",
"url": "https://www.suse.com/security/cve/CVE-2024-50221"
},
{
"category": "external",
"summary": "SUSE Bug 1233185 for CVE-2024-50221",
"url": "https://bugzilla.suse.com/1233185"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50221"
},
{
"cve": "CVE-2024-50224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50224"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: spi-fsl-dspi: Fix crash when not using GPIO chip select\n\nAdd check for the return value of spi_get_csgpiod() to avoid passing a NULL\npointer to gpiod_direction_output(), preventing a crash when GPIO chip\nselect is not used.\n\nFix below crash:\n[ 4.251960] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[ 4.260762] Mem abort info:\n[ 4.263556] ESR = 0x0000000096000004\n[ 4.267308] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 4.272624] SET = 0, FnV = 0\n[ 4.275681] EA = 0, S1PTW = 0\n[ 4.278822] FSC = 0x04: level 0 translation fault\n[ 4.283704] Data abort info:\n[ 4.286583] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[ 4.292074] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 4.297130] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 4.302445] [0000000000000000] user address but active_mm is swapper\n[ 4.308805] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 4.315072] Modules linked in:\n[ 4.318124] CPU: 2 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-rc4-next-20241023-00008-ga20ec42c5fc1 #359\n[ 4.328130] Hardware name: LS1046A QDS Board (DT)\n[ 4.332832] pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 4.339794] pc : gpiod_direction_output+0x34/0x5c\n[ 4.344505] lr : gpiod_direction_output+0x18/0x5c\n[ 4.349208] sp : ffff80008003b8f0\n[ 4.352517] x29: ffff80008003b8f0 x28: 0000000000000000 x27: ffffc96bcc7e9068\n[ 4.359659] x26: ffffc96bcc6e00b0 x25: ffffc96bcc598398 x24: ffff447400132810\n[ 4.366800] x23: 0000000000000000 x22: 0000000011e1a300 x21: 0000000000020002\n[ 4.373940] x20: 0000000000000000 x19: 0000000000000000 x18: ffffffffffffffff\n[ 4.381081] x17: ffff44740016e600 x16: 0000000500000003 x15: 0000000000000007\n[ 4.388221] x14: 0000000000989680 x13: 0000000000020000 x12: 000000000000001e\n[ 4.395362] x11: 0044b82fa09b5a53 x10: 0000000000000019 x9 : 0000000000000008\n[ 4.402502] x8 : 0000000000000002 x7 : 0000000000000007 x6 : 0000000000000000\n[ 4.409641] x5 : 0000000000000200 x4 : 0000000002000000 x3 : 0000000000000000\n[ 4.416781] x2 : 0000000000022202 x1 : 0000000000000000 x0 : 0000000000000000\n[ 4.423921] Call trace:\n[ 4.426362] gpiod_direction_output+0x34/0x5c (P)\n[ 4.431067] gpiod_direction_output+0x18/0x5c (L)\n[ 4.435771] dspi_setup+0x220/0x334",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50224",
"url": "https://www.suse.com/security/cve/CVE-2024-50224"
},
{
"category": "external",
"summary": "SUSE Bug 1233188 for CVE-2024-50224",
"url": "https://bugzilla.suse.com/1233188"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50224"
},
{
"cve": "CVE-2024-50225",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50225"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix error propagation of split bios\n\nThe purpose of btrfs_bbio_propagate_error() shall be propagating an error\nof split bio to its original btrfs_bio, and tell the error to the upper\nlayer. However, it\u0027s not working well on some cases.\n\n* Case 1. Immediate (or quick) end_bio with an error\n\nWhen btrfs sends btrfs_bio to mirrored devices, btrfs calls\nbtrfs_bio_end_io() when all the mirroring bios are completed. If that\nbtrfs_bio was split, it is from btrfs_clone_bioset and its end_io function\nis btrfs_orig_write_end_io. For this case, btrfs_bbio_propagate_error()\naccesses the orig_bbio\u0027s bio context to increase the error count.\n\nThat works well in most cases. However, if the end_io is called enough\nfast, orig_bbio\u0027s (remaining part after split) bio context may not be\nproperly set at that time. Since the bio context is set when the orig_bbio\n(the last btrfs_bio) is sent to devices, that might be too late for earlier\nsplit btrfs_bio\u0027s completion. That will result in NULL pointer\ndereference.\n\nThat bug is easily reproducible by running btrfs/146 on zoned devices [1]\nand it shows the following trace.\n\n[1] You need raid-stripe-tree feature as it create \"-d raid0 -m raid1\" FS.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000020\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] PREEMPT SMP PTI\n CPU: 1 UID: 0 PID: 13 Comm: kworker/u32:1 Not tainted 6.11.0-rc7-BTRFS-ZNS+ #474\n Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011\n Workqueue: writeback wb_workfn (flush-btrfs-5)\n RIP: 0010:btrfs_bio_end_io+0xae/0xc0 [btrfs]\n BTRFS error (device dm-0): bdev /dev/mapper/error-test errs: wr 2, rd 0, flush 0, corrupt 0, gen 0\n RSP: 0018:ffffc9000006f248 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: ffff888005a7f080 RCX: ffffc9000006f1dc\n RDX: 0000000000000000 RSI: 000000000000000a RDI: ffff888005a7f080\n RBP: ffff888011dfc540 R08: 0000000000000000 R09: 0000000000000001\n R10: ffffffff82e508e0 R11: 0000000000000005 R12: ffff88800ddfbe58\n R13: ffff888005a7f080 R14: ffff888005a7f158 R15: ffff888005a7f158\n FS: 0000000000000000(0000) GS:ffff88803ea80000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000020 CR3: 0000000002e22006 CR4: 0000000000370ef0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n ? __die_body.cold+0x19/0x26\n ? page_fault_oops+0x13e/0x2b0\n ? _printk+0x58/0x73\n ? do_user_addr_fault+0x5f/0x750\n ? exc_page_fault+0x76/0x240\n ? asm_exc_page_fault+0x22/0x30\n ? btrfs_bio_end_io+0xae/0xc0 [btrfs]\n ? btrfs_log_dev_io_error+0x7f/0x90 [btrfs]\n btrfs_orig_write_end_io+0x51/0x90 [btrfs]\n dm_submit_bio+0x5c2/0xa50 [dm_mod]\n ? find_held_lock+0x2b/0x80\n ? blk_try_enter_queue+0x90/0x1e0\n __submit_bio+0xe0/0x130\n ? ktime_get+0x10a/0x160\n ? lockdep_hardirqs_on+0x74/0x100\n submit_bio_noacct_nocheck+0x199/0x410\n btrfs_submit_bio+0x7d/0x150 [btrfs]\n btrfs_submit_chunk+0x1a1/0x6d0 [btrfs]\n ? lockdep_hardirqs_on+0x74/0x100\n ? __folio_start_writeback+0x10/0x2c0\n btrfs_submit_bbio+0x1c/0x40 [btrfs]\n submit_one_bio+0x44/0x60 [btrfs]\n submit_extent_folio+0x13f/0x330 [btrfs]\n ? btrfs_set_range_writeback+0xa3/0xd0 [btrfs]\n extent_writepage_io+0x18b/0x360 [btrfs]\n extent_write_locked_range+0x17c/0x340 [btrfs]\n ? __pfx_end_bbio_data_write+0x10/0x10 [btrfs]\n run_delalloc_cow+0x71/0xd0 [btrfs]\n btrfs_run_delalloc_range+0x176/0x500 [btrfs]\n ? find_lock_delalloc_range+0x119/0x260 [btrfs]\n writepage_delalloc+0x2ab/0x480 [btrfs]\n extent_write_cache_pages+0x236/0x7d0 [btrfs]\n btrfs_writepages+0x72/0x130 [btrfs]\n do_writepages+0xd4/0x240\n ? find_held_lock+0x2b/0x80\n ? wbc_attach_and_unlock_inode+0x12c/0x290\n ? wbc_attach_and_unlock_inode+0x12c/0x29\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50225",
"url": "https://www.suse.com/security/cve/CVE-2024-50225"
},
{
"category": "external",
"summary": "SUSE Bug 1233193 for CVE-2024-50225",
"url": "https://bugzilla.suse.com/1233193"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50225"
},
{
"cve": "CVE-2024-50228",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50228"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50228",
"url": "https://www.suse.com/security/cve/CVE-2024-50228"
},
{
"category": "external",
"summary": "SUSE Bug 1233204 for CVE-2024-50228",
"url": "https://bugzilla.suse.com/1233204"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50228"
},
{
"cve": "CVE-2024-50229",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50229"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential deadlock with newly created symlinks\n\nSyzbot reported that page_symlink(), called by nilfs_symlink(), triggers\nmemory reclamation involving the filesystem layer, which can result in\ncircular lock dependencies among the reader/writer semaphore\nnilfs-\u003ens_segctor_sem, s_writers percpu_rwsem (intwrite) and the\nfs_reclaim pseudo lock.\n\nThis is because after commit 21fc61c73c39 (\"don\u0027t put symlink bodies in\npagecache into highmem\"), the gfp flags of the page cache for symbolic\nlinks are overwritten to GFP_KERNEL via inode_nohighmem().\n\nThis is not a problem for symlinks read from the backing device, because\nthe __GFP_FS flag is dropped after inode_nohighmem() is called. However,\nwhen a new symlink is created with nilfs_symlink(), the gfp flags remain\noverwritten to GFP_KERNEL. Then, memory allocation called from\npage_symlink() etc. triggers memory reclamation including the FS layer,\nwhich may call nilfs_evict_inode() or nilfs_dirty_inode(). And these can\ncause a deadlock if they are called while nilfs-\u003ens_segctor_sem is held:\n\nFix this issue by dropping the __GFP_FS flag from the page cache GFP flags\nof newly created symlinks in the same way that nilfs_new_inode() and\n__nilfs_read_inode() do, as a workaround until we adopt nofs allocation\nscope consistently or improve the locking constraints.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50229",
"url": "https://www.suse.com/security/cve/CVE-2024-50229"
},
{
"category": "external",
"summary": "SUSE Bug 1233205 for CVE-2024-50229",
"url": "https://bugzilla.suse.com/1233205"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50229"
},
{
"cve": "CVE-2024-50230",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50230"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix kernel bug due to missing clearing of checked flag\n\nSyzbot reported that in directory operations after nilfs2 detects\nfilesystem corruption and degrades to read-only,\n__block_write_begin_int(), which is called to prepare block writes, may\nfail the BUG_ON check for accesses exceeding the folio/page size,\ntriggering a kernel bug.\n\nThis was found to be because the \"checked\" flag of a page/folio was not\ncleared when it was discarded by nilfs2\u0027s own routine, which causes the\nsanity check of directory entries to be skipped when the directory\npage/folio is reloaded. So, fix that.\n\nThis was necessary when the use of nilfs2\u0027s own page discard routine was\napplied to more than just metadata files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50230",
"url": "https://www.suse.com/security/cve/CVE-2024-50230"
},
{
"category": "external",
"summary": "SUSE Bug 1233206 for CVE-2024-50230",
"url": "https://bugzilla.suse.com/1233206"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50230"
},
{
"cve": "CVE-2024-50231",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50231"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table()\n\nmodprobe iio-test-gts and rmmod it, then the following memory leak\noccurs:\n\n\tunreferenced object 0xffffff80c810be00 (size 64):\n\t comm \"kunit_try_catch\", pid 1654, jiffies 4294913981\n\t hex dump (first 32 bytes):\n\t 02 00 00 00 08 00 00 00 20 00 00 00 40 00 00 00 ........ ...@...\n\t 80 00 00 00 00 02 00 00 00 04 00 00 00 08 00 00 ................\n\t backtrace (crc a63d875e):\n\t [\u003c0000000028c1b3c2\u003e] kmemleak_alloc+0x34/0x40\n\t [\u003c000000001d6ecc87\u003e] __kmalloc_noprof+0x2bc/0x3c0\n\t [\u003c00000000393795c1\u003e] devm_iio_init_iio_gts+0x4b4/0x16f4\n\t [\u003c0000000071bb4b09\u003e] 0xffffffdf052a62e0\n\t [\u003c000000000315bc18\u003e] 0xffffffdf052a6488\n\t [\u003c00000000f9dc55b5\u003e] kunit_try_run_case+0x13c/0x3ac\n\t [\u003c00000000175a3fd4\u003e] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t [\u003c00000000f505065d\u003e] kthread+0x2e8/0x374\n\t [\u003c00000000bbfb0e5d\u003e] ret_from_fork+0x10/0x20\n\tunreferenced object 0xffffff80cbfe9e70 (size 16):\n\t comm \"kunit_try_catch\", pid 1658, jiffies 4294914015\n\t hex dump (first 16 bytes):\n\t 10 00 00 00 40 00 00 00 80 00 00 00 00 00 00 00 ....@...........\n\t backtrace (crc 857f0cb4):\n\t [\u003c0000000028c1b3c2\u003e] kmemleak_alloc+0x34/0x40\n\t [\u003c000000001d6ecc87\u003e] __kmalloc_noprof+0x2bc/0x3c0\n\t [\u003c00000000393795c1\u003e] devm_iio_init_iio_gts+0x4b4/0x16f4\n\t [\u003c0000000071bb4b09\u003e] 0xffffffdf052a62e0\n\t [\u003c000000007d089d45\u003e] 0xffffffdf052a6864\n\t [\u003c00000000f9dc55b5\u003e] kunit_try_run_case+0x13c/0x3ac\n\t [\u003c00000000175a3fd4\u003e] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t [\u003c00000000f505065d\u003e] kthread+0x2e8/0x374\n\t [\u003c00000000bbfb0e5d\u003e] ret_from_fork+0x10/0x20\n\t......\n\nIt includes 5*5 times \"size 64\" memory leaks, which correspond to 5 times\ntest_init_iio_gain_scale() calls with gts_test_gains size 10 (10*size(int))\nand gts_test_itimes size 5. It also includes 5*1 times \"size 16\"\nmemory leak, which correspond to one time __test_init_iio_gain_scale()\ncall with gts_test_gains_gain_low size 3 (3*size(int)) and gts_test_itimes\nsize 5.\n\nThe reason is that the per_time_gains[i] is not freed which is allocated in\nthe \"gts-\u003enum_itime\" for loop in iio_gts_build_avail_scale_table().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50231",
"url": "https://www.suse.com/security/cve/CVE-2024-50231"
},
{
"category": "external",
"summary": "SUSE Bug 1233208 for CVE-2024-50231",
"url": "https://bugzilla.suse.com/1233208"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50231"
},
{
"cve": "CVE-2024-50232",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50232"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: ad7124: fix division by zero in ad7124_set_channel_odr()\n\nIn the ad7124_write_raw() function, parameter val can potentially\nbe zero. This may lead to a division by zero when DIV_ROUND_CLOSEST()\nis called within ad7124_set_channel_odr(). The ad7124_write_raw()\nfunction is invoked through the sequence: iio_write_channel_raw() -\u003e\niio_write_channel_attribute() -\u003e iio_channel_write(), with no checks\nin place to ensure val is non-zero.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50232",
"url": "https://www.suse.com/security/cve/CVE-2024-50232"
},
{
"category": "external",
"summary": "SUSE Bug 1233209 for CVE-2024-50232",
"url": "https://bugzilla.suse.com/1233209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50232"
},
{
"cve": "CVE-2024-50233",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50233"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg()\n\nIn the ad9832_write_frequency() function, clk_get_rate() might return 0.\nThis can lead to a division by zero when calling ad9832_calc_freqreg().\nThe check if (fout \u003e (clk_get_rate(st-\u003emclk) / 2)) does not protect\nagainst the case when fout is 0. The ad9832_write_frequency() function\nis called from ad9832_write(), and fout is derived from a text buffer,\nwhich can contain any value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50233",
"url": "https://www.suse.com/security/cve/CVE-2024-50233"
},
{
"category": "external",
"summary": "SUSE Bug 1233210 for CVE-2024-50233",
"url": "https://bugzilla.suse.com/1233210"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50233"
},
{
"cve": "CVE-2024-50234",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50234"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlegacy: Clear stale interrupts before resuming device\n\niwl4965 fails upon resume from hibernation on my laptop. The reason\nseems to be a stale interrupt which isn\u0027t being cleared out before\ninterrupts are enabled. We end up with a race beween the resume\ntrying to bring things back up, and the restart work (queued form\nthe interrupt handler) trying to bring things down. Eventually\nthe whole thing blows up.\n\nFix the problem by clearing out any stale interrupts before\ninterrupts get enabled during resume.\n\nHere\u0027s a debug log of the indicent:\n[ 12.042589] ieee80211 phy0: il_isr ISR inta 0x00000080, enabled 0xaa00008b, fh 0x00000000\n[ 12.042625] ieee80211 phy0: il4965_irq_tasklet inta 0x00000080, enabled 0x00000000, fh 0x00000000\n[ 12.042651] iwl4965 0000:10:00.0: RF_KILL bit toggled to enable radio.\n[ 12.042653] iwl4965 0000:10:00.0: On demand firmware reload\n[ 12.042690] ieee80211 phy0: il4965_irq_tasklet End inta 0x00000000, enabled 0xaa00008b, fh 0x00000000, flags 0x00000282\n[ 12.052207] ieee80211 phy0: il4965_mac_start enter\n[ 12.052212] ieee80211 phy0: il_prep_station Add STA to driver ID 31: ff:ff:ff:ff:ff:ff\n[ 12.052244] ieee80211 phy0: il4965_set_hw_ready hardware ready\n[ 12.052324] ieee80211 phy0: il_apm_init Init card\u0027s basic functions\n[ 12.052348] ieee80211 phy0: il_apm_init L1 Enabled; Disabling L0S\n[ 12.055727] ieee80211 phy0: il4965_load_bsm Begin load bsm\n[ 12.056140] ieee80211 phy0: il4965_verify_bsm Begin verify bsm\n[ 12.058642] ieee80211 phy0: il4965_verify_bsm BSM bootstrap uCode image OK\n[ 12.058721] ieee80211 phy0: il4965_load_bsm BSM write complete, poll 1 iterations\n[ 12.058734] ieee80211 phy0: __il4965_up iwl4965 is coming up\n[ 12.058737] ieee80211 phy0: il4965_mac_start Start UP work done.\n[ 12.058757] ieee80211 phy0: __il4965_down iwl4965 is going down\n[ 12.058761] ieee80211 phy0: il_scan_cancel_timeout Scan cancel timeout\n[ 12.058762] ieee80211 phy0: il_do_scan_abort Not performing scan to abort\n[ 12.058765] ieee80211 phy0: il_clear_ucode_stations Clearing ucode stations in driver\n[ 12.058767] ieee80211 phy0: il_clear_ucode_stations No active stations found to be cleared\n[ 12.058819] ieee80211 phy0: _il_apm_stop Stop card, put in low power state\n[ 12.058827] ieee80211 phy0: _il_apm_stop_master stop master\n[ 12.058864] ieee80211 phy0: il4965_clear_free_frames 0 frames on pre-allocated heap on clear.\n[ 12.058869] ieee80211 phy0: Hardware restart was requested\n[ 16.132299] iwl4965 0000:10:00.0: START_ALIVE timeout after 4000ms.\n[ 16.132303] ------------[ cut here ]------------\n[ 16.132304] Hardware became unavailable upon resume. This could be a software issue prior to suspend or a hardware issue.\n[ 16.132338] WARNING: CPU: 0 PID: 181 at net/mac80211/util.c:1826 ieee80211_reconfig+0x8f/0x14b0 [mac80211]\n[ 16.132390] Modules linked in: ctr ccm sch_fq_codel xt_tcpudp xt_multiport xt_state iptable_filter iptable_nat nf_nat nf_conntrack nf_defrag_ipv4 ip_tables x_tables binfmt_misc joydev mousedev btusb btrtl btintel btbcm bluetooth ecdh_generic ecc iTCO_wdt i2c_dev iwl4965 iwlegacy coretemp snd_hda_codec_analog pcspkr psmouse mac80211 snd_hda_codec_generic libarc4 sdhci_pci cqhci sha256_generic sdhci libsha256 firewire_ohci snd_hda_intel snd_intel_dspcfg mmc_core snd_hda_codec snd_hwdep firewire_core led_class iosf_mbi snd_hda_core uhci_hcd lpc_ich crc_itu_t cfg80211 ehci_pci ehci_hcd snd_pcm usbcore mfd_core rfkill snd_timer snd usb_common soundcore video parport_pc parport intel_agp wmi intel_gtt backlight e1000e agpgart evdev\n[ 16.132456] CPU: 0 UID: 0 PID: 181 Comm: kworker/u8:6 Not tainted 6.11.0-cl+ #143\n[ 16.132460] Hardware name: Hewlett-Packard HP Compaq 6910p/30BE, BIOS 68MCU Ver. F.19 07/06/2010\n[ 16.132463] Workqueue: async async_run_entry_fn\n[ 16.132469] RIP: 0010:ieee80211_reconfig+0x8f/0x14b0 [mac80211]\n[ 16.132501] Code: da 02 00 0\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50234",
"url": "https://www.suse.com/security/cve/CVE-2024-50234"
},
{
"category": "external",
"summary": "SUSE Bug 1233211 for CVE-2024-50234",
"url": "https://bugzilla.suse.com/1233211"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50234"
},
{
"cve": "CVE-2024-50235",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50235"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: clear wdev-\u003ecqm_config pointer on free\n\nWhen we free wdev-\u003ecqm_config when unregistering, we also\nneed to clear out the pointer since the same wdev/netdev\nmay get re-registered in another network namespace, then\ndestroyed later, running this code again, which results in\na double-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50235",
"url": "https://www.suse.com/security/cve/CVE-2024-50235"
},
{
"category": "external",
"summary": "SUSE Bug 1233176 for CVE-2024-50235",
"url": "https://bugzilla.suse.com/1233176"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50235"
},
{
"cve": "CVE-2024-50236",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50236"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath10k: Fix memory leak in management tx\n\nIn the current logic, memory is allocated for storing the MSDU context\nduring management packet TX but this memory is not being freed during\nmanagement TX completion. Similar leaks are seen in the management TX\ncleanup logic.\n\nKmemleak reports this problem as below,\n\nunreferenced object 0xffffff80b64ed250 (size 16):\n comm \"kworker/u16:7\", pid 148, jiffies 4294687130 (age 714.199s)\n hex dump (first 16 bytes):\n 00 2b d8 d8 80 ff ff ff c4 74 e9 fd 07 00 00 00 .+.......t......\n backtrace:\n [\u003cffffffe6e7b245dc\u003e] __kmem_cache_alloc_node+0x1e4/0x2d8\n [\u003cffffffe6e7adde88\u003e] kmalloc_trace+0x48/0x110\n [\u003cffffffe6bbd765fc\u003e] ath10k_wmi_tlv_op_gen_mgmt_tx_send+0xd4/0x1d8 [ath10k_core]\n [\u003cffffffe6bbd3eed4\u003e] ath10k_mgmt_over_wmi_tx_work+0x134/0x298 [ath10k_core]\n [\u003cffffffe6e78d5974\u003e] process_scheduled_works+0x1ac/0x400\n [\u003cffffffe6e78d60b8\u003e] worker_thread+0x208/0x328\n [\u003cffffffe6e78dc890\u003e] kthread+0x100/0x1c0\n [\u003cffffffe6e78166c0\u003e] ret_from_fork+0x10/0x20\n\nFree the memory during completion and cleanup to fix the leak.\n\nProtect the mgmt_pending_tx idr_remove() operation in\nath10k_wmi_tlv_op_cleanup_mgmt_tx_send() using ar-\u003edata_lock similar to\nother instances.\n\nTested-on: WCN3990 hw1.0 SNOC WLAN.HL.2.0-01387-QCAHLSWMTPLZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50236",
"url": "https://www.suse.com/security/cve/CVE-2024-50236"
},
{
"category": "external",
"summary": "SUSE Bug 1233212 for CVE-2024-50236",
"url": "https://bugzilla.suse.com/1233212"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50236"
},
{
"cve": "CVE-2024-50237",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50237"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: do not pass a stopped vif to the driver in .get_txpower\n\nAvoid potentially crashing in the driver because of uninitialized private data",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50237",
"url": "https://www.suse.com/security/cve/CVE-2024-50237"
},
{
"category": "external",
"summary": "SUSE Bug 1233216 for CVE-2024-50237",
"url": "https://bugzilla.suse.com/1233216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50237"
},
{
"cve": "CVE-2024-50240",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50240"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: qcom: qmp-usb: fix NULL-deref on runtime suspend\n\nCommit 413db06c05e7 (\"phy: qcom-qmp-usb: clean up probe initialisation\")\nremoved most users of the platform device driver data, but mistakenly\nalso removed the initialisation despite the data still being used in the\nruntime PM callbacks.\n\nRestore the driver data initialisation at probe to avoid a NULL-pointer\ndereference on runtime suspend.\n\nApparently no one uses runtime PM, which currently needs to be enabled\nmanually through sysfs, with this driver.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50240",
"url": "https://www.suse.com/security/cve/CVE-2024-50240"
},
{
"category": "external",
"summary": "SUSE Bug 1233217 for CVE-2024-50240",
"url": "https://bugzilla.suse.com/1233217"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50240"
},
{
"cve": "CVE-2024-50245",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50245"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Fix possible deadlock in mi_read\n\nMutex lock with another subclass used in ni_lock_dir().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50245",
"url": "https://www.suse.com/security/cve/CVE-2024-50245"
},
{
"category": "external",
"summary": "SUSE Bug 1233203 for CVE-2024-50245",
"url": "https://bugzilla.suse.com/1233203"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50245"
},
{
"cve": "CVE-2024-50246",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50246"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Add rough attr alloc_size check",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50246",
"url": "https://www.suse.com/security/cve/CVE-2024-50246"
},
{
"category": "external",
"summary": "SUSE Bug 1233207 for CVE-2024-50246",
"url": "https://bugzilla.suse.com/1233207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50246"
},
{
"cve": "CVE-2024-50248",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50248"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nntfs3: Add bounds checking to mi_enum_attr()\n\nAdded bounds checking to make sure that every attr don\u0027t stray beyond\nvalid memory region.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50248",
"url": "https://www.suse.com/security/cve/CVE-2024-50248"
},
{
"category": "external",
"summary": "SUSE Bug 1233219 for CVE-2024-50248",
"url": "https://bugzilla.suse.com/1233219"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50248"
},
{
"cve": "CVE-2024-50249",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50249"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: CPPC: Make rmw_lock a raw_spin_lock\n\nThe following BUG was triggered:\n\n=============================\n[ BUG: Invalid wait context ]\n6.12.0-rc2-XXX #406 Not tainted\n-----------------------------\nkworker/1:1/62 is trying to lock:\nffffff8801593030 (\u0026cpc_ptr-\u003ermw_lock){+.+.}-{3:3}, at: cpc_write+0xcc/0x370\nother info that might help us debug this:\ncontext-{5:5}\n2 locks held by kworker/1:1/62:\n #0: ffffff897ef5ec98 (\u0026rq-\u003e__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2c/0x50\n #1: ffffff880154e238 (\u0026sg_policy-\u003eupdate_lock){....}-{2:2}, at: sugov_update_shared+0x3c/0x280\nstack backtrace:\nCPU: 1 UID: 0 PID: 62 Comm: kworker/1:1 Not tainted 6.12.0-rc2-g9654bd3e8806 #406\nWorkqueue: 0x0 (events)\nCall trace:\n dump_backtrace+0xa4/0x130\n show_stack+0x20/0x38\n dump_stack_lvl+0x90/0xd0\n dump_stack+0x18/0x28\n __lock_acquire+0x480/0x1ad8\n lock_acquire+0x114/0x310\n _raw_spin_lock+0x50/0x70\n cpc_write+0xcc/0x370\n cppc_set_perf+0xa0/0x3a8\n cppc_cpufreq_fast_switch+0x40/0xc0\n cpufreq_driver_fast_switch+0x4c/0x218\n sugov_update_shared+0x234/0x280\n update_load_avg+0x6ec/0x7b8\n dequeue_entities+0x108/0x830\n dequeue_task_fair+0x58/0x408\n __schedule+0x4f0/0x1070\n schedule+0x54/0x130\n worker_thread+0xc0/0x2e8\n kthread+0x130/0x148\n ret_from_fork+0x10/0x20\n\nsugov_update_shared() locks a raw_spinlock while cpc_write() locks a\nspinlock.\n\nTo have a correct wait-type order, update rmw_lock to a raw spinlock and\nensure that interrupts will be disabled on the CPU holding it.\n\n[ rjw: Changelog edits ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50249",
"url": "https://www.suse.com/security/cve/CVE-2024-50249"
},
{
"category": "external",
"summary": "SUSE Bug 1233197 for CVE-2024-50249",
"url": "https://bugzilla.suse.com/1233197"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50249"
},
{
"cve": "CVE-2024-50250",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50250"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfsdax: dax_unshare_iter needs to copy entire blocks\n\nThe code that copies data from srcmap to iomap in dax_unshare_iter is\nvery very broken, which bfoster\u0027s recent fsx changes have exposed.\n\nIf the pos and len passed to dax_file_unshare are not aligned to an\nfsblock boundary, the iter pos and length in the _iter function will\nreflect this unalignment.\n\ndax_iomap_direct_access always returns a pointer to the start of the\nkmapped fsdax page, even if its pos argument is in the middle of that\npage. This is catastrophic for data integrity when iter-\u003epos is not\naligned to a page, because daddr/saddr do not point to the same byte in\nthe file as iter-\u003epos. Hence we corrupt user data by copying it to the\nwrong place.\n\nIf iter-\u003epos + iomap_length() in the _iter function not aligned to a\npage, then we fail to copy a full block, and only partially populate the\ndestination block. This is catastrophic for data confidentiality\nbecause we expose stale pmem contents.\n\nFix both of these issues by aligning copy_pos/copy_len to a page\nboundary (remember, this is fsdax so 1 fsblock == 1 base page) so that\nwe always copy full blocks.\n\nWe\u0027re not done yet -- there\u0027s no call to invalidate_inode_pages2_range,\nso programs that have the file range mmap\u0027d will continue accessing the\nold memory mapping after the file metadata updates have completed.\n\nBe careful with the return value -- if the unshare succeeds, we still\nneed to return the number of bytes that the iomap iter thinks we\u0027re\noperating on.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50250",
"url": "https://www.suse.com/security/cve/CVE-2024-50250"
},
{
"category": "external",
"summary": "SUSE Bug 1233226 for CVE-2024-50250",
"url": "https://bugzilla.suse.com/1233226"
},
{
"category": "external",
"summary": "SUSE Bug 1233227 for CVE-2024-50250",
"url": "https://bugzilla.suse.com/1233227"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-50250"
},
{
"cve": "CVE-2024-50252",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50252"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address\n\nThe device stores IPv6 addresses that are used for encapsulation in\nlinear memory that is managed by the driver.\n\nChanging the remote address of an ip6gre net device never worked\nproperly, but since cited commit the following reproducer [1] would\nresult in a warning [2] and a memory leak [3]. The problem is that the\nnew remote address is never added by the driver to its hash table (and\ntherefore the device) and the old address is never removed from it.\n\nFix by programming the new address when the configuration of the ip6gre\nnet device changes and removing the old one. If the address did not\nchange, then the above would result in increasing the reference count of\nthe address and then decreasing it.\n\n[1]\n # ip link add name bla up type ip6gre local 2001:db8:1::1 remote 2001:db8:2::1 tos inherit ttl inherit\n # ip link set dev bla type ip6gre remote 2001:db8:3::1\n # ip link del dev bla\n # devlink dev reload pci/0000:01:00.0\n\n[2]\nWARNING: CPU: 0 PID: 1682 at drivers/net/ethernet/mellanox/mlxsw/spectrum.c:3002 mlxsw_sp_ipv6_addr_put+0x140/0x1d0\nModules linked in:\nCPU: 0 UID: 0 PID: 1682 Comm: ip Not tainted 6.12.0-rc3-custom-g86b5b55bc835 #151\nHardware name: Nvidia SN5600/VMOD0013, BIOS 5.13 05/31/2023\nRIP: 0010:mlxsw_sp_ipv6_addr_put+0x140/0x1d0\n[...]\nCall Trace:\n \u003cTASK\u003e\n mlxsw_sp_router_netdevice_event+0x55f/0x1240\n notifier_call_chain+0x5a/0xd0\n call_netdevice_notifiers_info+0x39/0x90\n unregister_netdevice_many_notify+0x63e/0x9d0\n rtnl_dellink+0x16b/0x3a0\n rtnetlink_rcv_msg+0x142/0x3f0\n netlink_rcv_skb+0x50/0x100\n netlink_unicast+0x242/0x390\n netlink_sendmsg+0x1de/0x420\n ____sys_sendmsg+0x2bd/0x320\n ___sys_sendmsg+0x9a/0xe0\n __sys_sendmsg+0x7a/0xd0\n do_syscall_64+0x9e/0x1a0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n[3]\nunreferenced object 0xffff898081f597a0 (size 32):\n comm \"ip\", pid 1626, jiffies 4294719324\n hex dump (first 32 bytes):\n 20 01 0d b8 00 02 00 00 00 00 00 00 00 00 00 01 ...............\n 21 49 61 83 80 89 ff ff 00 00 00 00 01 00 00 00 !Ia.............\n backtrace (crc fd9be911):\n [\u003c00000000df89c55d\u003e] __kmalloc_cache_noprof+0x1da/0x260\n [\u003c00000000ff2a1ddb\u003e] mlxsw_sp_ipv6_addr_kvdl_index_get+0x281/0x340\n [\u003c000000009ddd445d\u003e] mlxsw_sp_router_netdevice_event+0x47b/0x1240\n [\u003c00000000743e7757\u003e] notifier_call_chain+0x5a/0xd0\n [\u003c000000007c7b9e13\u003e] call_netdevice_notifiers_info+0x39/0x90\n [\u003c000000002509645d\u003e] register_netdevice+0x5f7/0x7a0\n [\u003c00000000c2e7d2a9\u003e] ip6gre_newlink_common.isra.0+0x65/0x130\n [\u003c0000000087cd6d8d\u003e] ip6gre_newlink+0x72/0x120\n [\u003c000000004df7c7cc\u003e] rtnl_newlink+0x471/0xa20\n [\u003c0000000057ed632a\u003e] rtnetlink_rcv_msg+0x142/0x3f0\n [\u003c0000000032e0d5b5\u003e] netlink_rcv_skb+0x50/0x100\n [\u003c00000000908bca63\u003e] netlink_unicast+0x242/0x390\n [\u003c00000000cdbe1c87\u003e] netlink_sendmsg+0x1de/0x420\n [\u003c0000000011db153e\u003e] ____sys_sendmsg+0x2bd/0x320\n [\u003c000000003b6d53eb\u003e] ___sys_sendmsg+0x9a/0xe0\n [\u003c00000000cae27c62\u003e] __sys_sendmsg+0x7a/0xd0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50252",
"url": "https://www.suse.com/security/cve/CVE-2024-50252"
},
{
"category": "external",
"summary": "SUSE Bug 1233201 for CVE-2024-50252",
"url": "https://bugzilla.suse.com/1233201"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50252"
},
{
"cve": "CVE-2024-50255",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50255"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs\n\nFix __hci_cmd_sync_sk() to return not NULL for unknown opcodes.\n\n__hci_cmd_sync_sk() returns NULL if a command returns a status event.\nHowever, it also returns NULL where an opcode doesn\u0027t exist in the\nhci_cc table because hci_cmd_complete_evt() assumes status = skb-\u003edata[0]\nfor unknown opcodes.\nThis leads to null-ptr-deref in cmd_sync for HCI_OP_READ_LOCAL_CODECS as\nthere is no hci_cc for HCI_OP_READ_LOCAL_CODECS, which always assumes\nstatus = skb-\u003edata[0].\n\nKASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077]\nCPU: 1 PID: 2000 Comm: kworker/u9:5 Not tainted 6.9.0-ga6bcb805883c-dirty #10\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nWorkqueue: hci7 hci_power_on\nRIP: 0010:hci_read_supported_codecs+0xb9/0x870 net/bluetooth/hci_codec.c:138\nCode: 08 48 89 ef e8 b8 c1 8f fd 48 8b 75 00 e9 96 00 00 00 49 89 c6 48 ba 00 00 00 00 00 fc ff df 4c 8d 60 70 4c 89 e3 48 c1 eb 03 \u003c0f\u003e b6 04 13 84 c0 0f 85 82 06 00 00 41 83 3c 24 02 77 0a e8 bf 78\nRSP: 0018:ffff888120bafac8 EFLAGS: 00010212\nRAX: 0000000000000000 RBX: 000000000000000e RCX: ffff8881173f0040\nRDX: dffffc0000000000 RSI: ffffffffa58496c0 RDI: ffff88810b9ad1e4\nRBP: ffff88810b9ac000 R08: ffffffffa77882a7 R09: 1ffffffff4ef1054\nR10: dffffc0000000000 R11: fffffbfff4ef1055 R12: 0000000000000070\nR13: 0000000000000000 R14: 0000000000000000 R15: ffff88810b9ac000\nFS: 0000000000000000(0000) GS:ffff8881f6c00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f6ddaa3439e CR3: 0000000139764003 CR4: 0000000000770ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n hci_read_local_codecs_sync net/bluetooth/hci_sync.c:4546 [inline]\n hci_init_stage_sync net/bluetooth/hci_sync.c:3441 [inline]\n hci_init4_sync net/bluetooth/hci_sync.c:4706 [inline]\n hci_init_sync net/bluetooth/hci_sync.c:4742 [inline]\n hci_dev_init_sync net/bluetooth/hci_sync.c:4912 [inline]\n hci_dev_open_sync+0x19a9/0x2d30 net/bluetooth/hci_sync.c:4994\n hci_dev_do_open net/bluetooth/hci_core.c:483 [inline]\n hci_power_on+0x11e/0x560 net/bluetooth/hci_core.c:1015\n process_one_work kernel/workqueue.c:3267 [inline]\n process_scheduled_works+0x8ef/0x14f0 kernel/workqueue.c:3348\n worker_thread+0x91f/0xe50 kernel/workqueue.c:3429\n kthread+0x2cb/0x360 kernel/kthread.c:388\n ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50255",
"url": "https://www.suse.com/security/cve/CVE-2024-50255"
},
{
"category": "external",
"summary": "SUSE Bug 1233238 for CVE-2024-50255",
"url": "https://bugzilla.suse.com/1233238"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50255"
},
{
"cve": "CVE-2024-50257",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50257"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: Fix use-after-free in get_info()\n\nip6table_nat module unload has refcnt warning for UAF. call trace is:\n\nWARNING: CPU: 1 PID: 379 at kernel/module/main.c:853 module_put+0x6f/0x80\nModules linked in: ip6table_nat(-)\nCPU: 1 UID: 0 PID: 379 Comm: ip6tables Not tainted 6.12.0-rc4-00047-gc2ee9f594da8-dirty #205\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:module_put+0x6f/0x80\nCall Trace:\n \u003cTASK\u003e\n get_info+0x128/0x180\n do_ip6t_get_ctl+0x6a/0x430\n nf_getsockopt+0x46/0x80\n ipv6_getsockopt+0xb9/0x100\n rawv6_getsockopt+0x42/0x190\n do_sock_getsockopt+0xaa/0x180\n __sys_getsockopt+0x70/0xc0\n __x64_sys_getsockopt+0x20/0x30\n do_syscall_64+0xa2/0x1a0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nConcurrent execution of module unload and get_info() trigered the warning.\nThe root cause is as follows:\n\ncpu0\t\t\t\t cpu1\nmodule_exit\n//mod-\u003estate = MODULE_STATE_GOING\n ip6table_nat_exit\n xt_unregister_template\n\tkfree(t)\n\t//removed from templ_list\n\t\t\t\t getinfo()\n\t\t\t\t\t t = xt_find_table_lock\n\t\t\t\t\t\tlist_for_each_entry(tmpl, \u0026xt_templates[af]...)\n\t\t\t\t\t\t\tif (strcmp(tmpl-\u003ename, name))\n\t\t\t\t\t\t\t\tcontinue; //table not found\n\t\t\t\t\t\t\ttry_module_get\n\t\t\t\t\t\tlist_for_each_entry(t, \u0026xt_net-\u003etables[af]...)\n\t\t\t\t\t\t\treturn t; //not get refcnt\n\t\t\t\t\t module_put(t-\u003eme) //uaf\n unregister_pernet_subsys\n //remove table from xt_net list\n\nWhile xt_table module was going away and has been removed from\nxt_templates list, we couldnt get refcnt of xt_table-\u003eme. Check\nmodule in xt_net-\u003etables list re-traversal to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50257",
"url": "https://www.suse.com/security/cve/CVE-2024-50257"
},
{
"category": "external",
"summary": "SUSE Bug 1233244 for CVE-2024-50257",
"url": "https://bugzilla.suse.com/1233244"
},
{
"category": "external",
"summary": "SUSE Bug 1233245 for CVE-2024-50257",
"url": "https://bugzilla.suse.com/1233245"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-50257"
},
{
"cve": "CVE-2024-50261",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50261"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmacsec: Fix use-after-free while sending the offloading packet\n\nKASAN reports the following UAF. The metadata_dst, which is used to\nstore the SCI value for macsec offload, is already freed by\nmetadata_dst_free() in macsec_free_netdev(), while driver still use it\nfor sending the packet.\n\nTo fix this issue, dst_release() is used instead to release\nmetadata_dst. So it is not freed instantly in macsec_free_netdev() if\nstill referenced by skb.\n\n BUG: KASAN: slab-use-after-free in mlx5e_xmit+0x1e8f/0x4190 [mlx5_core]\n Read of size 2 at addr ffff88813e42e038 by task kworker/7:2/714\n [...]\n Workqueue: mld mld_ifc_work\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x51/0x60\n print_report+0xc1/0x600\n kasan_report+0xab/0xe0\n mlx5e_xmit+0x1e8f/0x4190 [mlx5_core]\n dev_hard_start_xmit+0x120/0x530\n sch_direct_xmit+0x149/0x11e0\n __qdisc_run+0x3ad/0x1730\n __dev_queue_xmit+0x1196/0x2ed0\n vlan_dev_hard_start_xmit+0x32e/0x510 [8021q]\n dev_hard_start_xmit+0x120/0x530\n __dev_queue_xmit+0x14a7/0x2ed0\n macsec_start_xmit+0x13e9/0x2340\n dev_hard_start_xmit+0x120/0x530\n __dev_queue_xmit+0x14a7/0x2ed0\n ip6_finish_output2+0x923/0x1a70\n ip6_finish_output+0x2d7/0x970\n ip6_output+0x1ce/0x3a0\n NF_HOOK.constprop.0+0x15f/0x190\n mld_sendpack+0x59a/0xbd0\n mld_ifc_work+0x48a/0xa80\n process_one_work+0x5aa/0xe50\n worker_thread+0x79c/0x1290\n kthread+0x28f/0x350\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e\n\n Allocated by task 3922:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x10/0x30\n __kasan_kmalloc+0x77/0x90\n __kmalloc_noprof+0x188/0x400\n metadata_dst_alloc+0x1f/0x4e0\n macsec_newlink+0x914/0x1410\n __rtnl_newlink+0xe08/0x15b0\n rtnl_newlink+0x5f/0x90\n rtnetlink_rcv_msg+0x667/0xa80\n netlink_rcv_skb+0x12c/0x360\n netlink_unicast+0x551/0x770\n netlink_sendmsg+0x72d/0xbd0\n __sock_sendmsg+0xc5/0x190\n ____sys_sendmsg+0x52e/0x6a0\n ___sys_sendmsg+0xeb/0x170\n __sys_sendmsg+0xb5/0x140\n do_syscall_64+0x4c/0x100\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n Freed by task 4011:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x50\n poison_slab_object+0x10c/0x190\n __kasan_slab_free+0x11/0x30\n kfree+0xe0/0x290\n macsec_free_netdev+0x3f/0x140\n netdev_run_todo+0x450/0xc70\n rtnetlink_rcv_msg+0x66f/0xa80\n netlink_rcv_skb+0x12c/0x360\n netlink_unicast+0x551/0x770\n netlink_sendmsg+0x72d/0xbd0\n __sock_sendmsg+0xc5/0x190\n ____sys_sendmsg+0x52e/0x6a0\n ___sys_sendmsg+0xeb/0x170\n __sys_sendmsg+0xb5/0x140\n do_syscall_64+0x4c/0x100\n entry_SYSCALL_64_after_hwframe+0x4b/0x53",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50261",
"url": "https://www.suse.com/security/cve/CVE-2024-50261"
},
{
"category": "external",
"summary": "SUSE Bug 1233253 for CVE-2024-50261",
"url": "https://bugzilla.suse.com/1233253"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50261"
},
{
"cve": "CVE-2024-50264",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50264"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/virtio: Initialization of the dangling pointer occurring in vsk-\u003etrans\n\nDuring loopback communication, a dangling pointer can be created in\nvsk-\u003etrans, potentially leading to a Use-After-Free condition. This\nissue is resolved by initializing vsk-\u003etrans to NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50264",
"url": "https://www.suse.com/security/cve/CVE-2024-50264"
},
{
"category": "external",
"summary": "SUSE Bug 1233453 for CVE-2024-50264",
"url": "https://bugzilla.suse.com/1233453"
},
{
"category": "external",
"summary": "SUSE Bug 1233712 for CVE-2024-50264",
"url": "https://bugzilla.suse.com/1233712"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-50264"
},
{
"cve": "CVE-2024-50265",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50265"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove()\n\nSyzkaller is able to provoke null-ptr-dereference in ocfs2_xa_remove():\n\n[ 57.319872] (a.out,1161,7):ocfs2_xa_remove:2028 ERROR: status = -12\n[ 57.320420] (a.out,1161,7):ocfs2_xa_cleanup_value_truncate:1999 ERROR: Partial truncate while removing xattr overlay.upper. Leaking 1 clusters and removing the entry\n[ 57.321727] BUG: kernel NULL pointer dereference, address: 0000000000000004\n[...]\n[ 57.325727] RIP: 0010:ocfs2_xa_block_wipe_namevalue+0x2a/0xc0\n[...]\n[ 57.331328] Call Trace:\n[ 57.331477] \u003cTASK\u003e\n[...]\n[ 57.333511] ? do_user_addr_fault+0x3e5/0x740\n[ 57.333778] ? exc_page_fault+0x70/0x170\n[ 57.334016] ? asm_exc_page_fault+0x2b/0x30\n[ 57.334263] ? __pfx_ocfs2_xa_block_wipe_namevalue+0x10/0x10\n[ 57.334596] ? ocfs2_xa_block_wipe_namevalue+0x2a/0xc0\n[ 57.334913] ocfs2_xa_remove_entry+0x23/0xc0\n[ 57.335164] ocfs2_xa_set+0x704/0xcf0\n[ 57.335381] ? _raw_spin_unlock+0x1a/0x40\n[ 57.335620] ? ocfs2_inode_cache_unlock+0x16/0x20\n[ 57.335915] ? trace_preempt_on+0x1e/0x70\n[ 57.336153] ? start_this_handle+0x16c/0x500\n[ 57.336410] ? preempt_count_sub+0x50/0x80\n[ 57.336656] ? _raw_read_unlock+0x20/0x40\n[ 57.336906] ? start_this_handle+0x16c/0x500\n[ 57.337162] ocfs2_xattr_block_set+0xa6/0x1e0\n[ 57.337424] __ocfs2_xattr_set_handle+0x1fd/0x5d0\n[ 57.337706] ? ocfs2_start_trans+0x13d/0x290\n[ 57.337971] ocfs2_xattr_set+0xb13/0xfb0\n[ 57.338207] ? dput+0x46/0x1c0\n[ 57.338393] ocfs2_xattr_trusted_set+0x28/0x30\n[ 57.338665] ? ocfs2_xattr_trusted_set+0x28/0x30\n[ 57.338948] __vfs_removexattr+0x92/0xc0\n[ 57.339182] __vfs_removexattr_locked+0xd5/0x190\n[ 57.339456] ? preempt_count_sub+0x50/0x80\n[ 57.339705] vfs_removexattr+0x5f/0x100\n[...]\n\nReproducer uses faultinject facility to fail ocfs2_xa_remove() -\u003e\nocfs2_xa_value_truncate() with -ENOMEM.\n\nIn this case the comment mentions that we can return 0 if\nocfs2_xa_cleanup_value_truncate() is going to wipe the entry\nanyway. But the following \u0027rc\u0027 check is wrong and execution flow do\n\u0027ocfs2_xa_remove_entry(loc);\u0027 twice:\n* 1st: in ocfs2_xa_cleanup_value_truncate();\n* 2nd: returning back to ocfs2_xa_remove() instead of going to \u0027out\u0027.\n\nFix this by skipping the 2nd removal of the same entry and making\nsyzkaller repro happy.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50265",
"url": "https://www.suse.com/security/cve/CVE-2024-50265"
},
{
"category": "external",
"summary": "SUSE Bug 1233454 for CVE-2024-50265",
"url": "https://bugzilla.suse.com/1233454"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50265"
},
{
"cve": "CVE-2024-50267",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50267"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: serial: io_edgeport: fix use after free in debug printk\n\nThe \"dev_dbg(\u0026urb-\u003edev-\u003edev, ...\" which happens after usb_free_urb(urb)\nis a use after free of the \"urb\" pointer. Store the \"dev\" pointer at the\nstart of the function to avoid this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50267",
"url": "https://www.suse.com/security/cve/CVE-2024-50267"
},
{
"category": "external",
"summary": "SUSE Bug 1233456 for CVE-2024-50267",
"url": "https://bugzilla.suse.com/1233456"
},
{
"category": "external",
"summary": "SUSE Bug 1233711 for CVE-2024-50267",
"url": "https://bugzilla.suse.com/1233711"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-50267"
},
{
"cve": "CVE-2024-50268",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50268"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd()\n\nThe \"*cmd\" variable can be controlled by the user via debugfs. That means\n\"new_cam\" can be as high as 255 while the size of the uc-\u003eupdated[] array\nis UCSI_MAX_ALTMODES (30).\n\nThe call tree is:\nucsi_cmd() // val comes from simple_attr_write_xsigned()\n-\u003e ucsi_send_command()\n -\u003e ucsi_send_command_common()\n -\u003e ucsi_run_command() // calls ucsi-\u003eops-\u003esync_control()\n -\u003e ucsi_ccg_sync_control()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50268",
"url": "https://www.suse.com/security/cve/CVE-2024-50268"
},
{
"category": "external",
"summary": "SUSE Bug 1233457 for CVE-2024-50268",
"url": "https://bugzilla.suse.com/1233457"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50268"
},
{
"cve": "CVE-2024-50269",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50269"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: musb: sunxi: Fix accessing an released usb phy\n\nCommit 6ed05c68cbca (\"usb: musb: sunxi: Explicitly release USB PHY on\nexit\") will cause that usb phy @glue-\u003exceiv is accessed after released.\n\n1) register platform driver @sunxi_musb_driver\n// get the usb phy @glue-\u003exceiv\nsunxi_musb_probe() -\u003e devm_usb_get_phy().\n\n2) register and unregister platform driver @musb_driver\nmusb_probe() -\u003e sunxi_musb_init()\nuse the phy here\n//the phy is released here\nmusb_remove() -\u003e sunxi_musb_exit() -\u003e devm_usb_put_phy()\n\n3) register @musb_driver again\nmusb_probe() -\u003e sunxi_musb_init()\nuse the phy here but the phy has been released at 2).\n...\n\nFixed by reverting the commit, namely, removing devm_usb_put_phy()\nfrom sunxi_musb_exit().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50269",
"url": "https://www.suse.com/security/cve/CVE-2024-50269"
},
{
"category": "external",
"summary": "SUSE Bug 1233458 for CVE-2024-50269",
"url": "https://bugzilla.suse.com/1233458"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50269"
},
{
"cve": "CVE-2024-50271",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50271"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsignal: restore the override_rlimit logic\n\nPrior to commit d64696905554 (\"Reimplement RLIMIT_SIGPENDING on top of\nucounts\") UCOUNT_RLIMIT_SIGPENDING rlimit was not enforced for a class of\nsignals. However now it\u0027s enforced unconditionally, even if\noverride_rlimit is set. This behavior change caused production issues. \n\nFor example, if the limit is reached and a process receives a SIGSEGV\nsignal, sigqueue_alloc fails to allocate the necessary resources for the\nsignal delivery, preventing the signal from being delivered with siginfo. \nThis prevents the process from correctly identifying the fault address and\nhandling the error. From the user-space perspective, applications are\nunaware that the limit has been reached and that the siginfo is\neffectively \u0027corrupted\u0027. This can lead to unpredictable behavior and\ncrashes, as we observed with java applications.\n\nFix this by passing override_rlimit into inc_rlimit_get_ucounts() and skip\nthe comparison to max there if override_rlimit is set. This effectively\nrestores the old behavior.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50271",
"url": "https://www.suse.com/security/cve/CVE-2024-50271"
},
{
"category": "external",
"summary": "SUSE Bug 1233460 for CVE-2024-50271",
"url": "https://bugzilla.suse.com/1233460"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50271"
},
{
"cve": "CVE-2024-50273",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50273"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: reinitialize delayed ref list after deleting it from the list\n\nAt insert_delayed_ref() if we need to update the action of an existing\nref to BTRFS_DROP_DELAYED_REF, we delete the ref from its ref head\u0027s\nref_add_list using list_del(), which leaves the ref\u0027s add_list member\nnot reinitialized, as list_del() sets the next and prev members of the\nlist to LIST_POISON1 and LIST_POISON2, respectively.\n\nIf later we end up calling drop_delayed_ref() against the ref, which can\nhappen during merging or when destroying delayed refs due to a transaction\nabort, we can trigger a crash since at drop_delayed_ref() we call\nlist_empty() against the ref\u0027s add_list, which returns false since\nthe list was not reinitialized after the list_del() and as a consequence\nwe call list_del() again at drop_delayed_ref(). This results in an\ninvalid list access since the next and prev members are set to poison\npointers, resulting in a splat if CONFIG_LIST_HARDENED and\nCONFIG_DEBUG_LIST are set or invalid poison pointer dereferences\notherwise.\n\nSo fix this by deleting from the list with list_del_init() instead.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50273",
"url": "https://www.suse.com/security/cve/CVE-2024-50273"
},
{
"category": "external",
"summary": "SUSE Bug 1233462 for CVE-2024-50273",
"url": "https://bugzilla.suse.com/1233462"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50273"
},
{
"cve": "CVE-2024-50274",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50274"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: avoid vport access in idpf_get_link_ksettings\n\nWhen the device control plane is removed or the platform\nrunning device control plane is rebooted, a reset is detected\non the driver. On driver reset, it releases the resources and\nwaits for the reset to complete. If the reset fails, it takes\nthe error path and releases the vport lock. At this time if the\nmonitoring tools tries to access link settings, it call traces\nfor accessing released vport pointer.\n\nTo avoid it, move link_speed_mbps to netdev_priv structure\nwhich removes the dependency on vport pointer and the vport lock\nin idpf_get_link_ksettings. Also use netif_carrier_ok()\nto check the link status and adjust the offsetof to use link_up\ninstead of link_speed_mbps.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50274",
"url": "https://www.suse.com/security/cve/CVE-2024-50274"
},
{
"category": "external",
"summary": "SUSE Bug 1233463 for CVE-2024-50274",
"url": "https://bugzilla.suse.com/1233463"
},
{
"category": "external",
"summary": "SUSE Bug 1235104 for CVE-2024-50274",
"url": "https://bugzilla.suse.com/1235104"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-50274"
},
{
"cve": "CVE-2024-50275",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50275"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64/sve: Discard stale CPU state when handling SVE traps\n\nThe logic for handling SVE traps manipulates saved FPSIMD/SVE state\nincorrectly, and a race with preemption can result in a task having\nTIF_SVE set and TIF_FOREIGN_FPSTATE clear even though the live CPU state\nis stale (e.g. with SVE traps enabled). This has been observed to result\nin warnings from do_sve_acc() where SVE traps are not expected while\nTIF_SVE is set:\n\n| if (test_and_set_thread_flag(TIF_SVE))\n| WARN_ON(1); /* SVE access shouldn\u0027t have trapped */\n\nWarnings of this form have been reported intermittently, e.g.\n\n https://lore.kernel.org/linux-arm-kernel/CA+G9fYtEGe_DhY2Ms7+L7NKsLYUomGsgqpdBj+QwDLeSg=JhGg@mail.gmail.com/\n https://lore.kernel.org/linux-arm-kernel/000000000000511e9a060ce5a45c@google.com/\n\nThe race can occur when the SVE trap handler is preempted before and\nafter manipulating the saved FPSIMD/SVE state, starting and ending on\nthe same CPU, e.g.\n\n| void do_sve_acc(unsigned long esr, struct pt_regs *regs)\n| {\n| // Trap on CPU 0 with TIF_SVE clear, SVE traps enabled\n| // task-\u003efpsimd_cpu is 0.\n| // per_cpu_ptr(\u0026fpsimd_last_state, 0) is task.\n|\n| ...\n|\n| // Preempted; migrated from CPU 0 to CPU 1.\n| // TIF_FOREIGN_FPSTATE is set.\n|\n| get_cpu_fpsimd_context();\n|\n| if (test_and_set_thread_flag(TIF_SVE))\n| WARN_ON(1); /* SVE access shouldn\u0027t have trapped */\n|\n| sve_init_regs() {\n| if (!test_thread_flag(TIF_FOREIGN_FPSTATE)) {\n| ...\n| } else {\n| fpsimd_to_sve(current);\n| current-\u003ethread.fp_type = FP_STATE_SVE;\n| }\n| }\n|\n| put_cpu_fpsimd_context();\n|\n| // Preempted; migrated from CPU 1 to CPU 0.\n| // task-\u003efpsimd_cpu is still 0\n| // If per_cpu_ptr(\u0026fpsimd_last_state, 0) is still task then:\n| // - Stale HW state is reused (with SVE traps enabled)\n| // - TIF_FOREIGN_FPSTATE is cleared\n| // - A return to userspace skips HW state restore\n| }\n\nFix the case where the state is not live and TIF_FOREIGN_FPSTATE is set\nby calling fpsimd_flush_task_state() to detach from the saved CPU\nstate. This ensures that a subsequent context switch will not reuse the\nstale CPU state, and will instead set TIF_FOREIGN_FPSTATE, forcing the\nnew state to be reloaded from memory prior to a return to userspace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50275",
"url": "https://www.suse.com/security/cve/CVE-2024-50275"
},
{
"category": "external",
"summary": "SUSE Bug 1233464 for CVE-2024-50275",
"url": "https://bugzilla.suse.com/1233464"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50275"
},
{
"cve": "CVE-2024-50276",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50276"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: vertexcom: mse102x: Fix possible double free of TX skb\n\nThe scope of the TX skb is wider than just mse102x_tx_frame_spi(),\nso in case the TX skb room needs to be expanded, we should free the\nthe temporary skb instead of the original skb. Otherwise the original\nTX skb pointer would be freed again in mse102x_tx_work(), which leads\nto crashes:\n\n Internal error: Oops: 0000000096000004 [#2] PREEMPT SMP\n CPU: 0 PID: 712 Comm: kworker/0:1 Tainted: G D 6.6.23\n Hardware name: chargebyte Charge SOM DC-ONE (DT)\n Workqueue: events mse102x_tx_work [mse102x]\n pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : skb_release_data+0xb8/0x1d8\n lr : skb_release_data+0x1ac/0x1d8\n sp : ffff8000819a3cc0\n x29: ffff8000819a3cc0 x28: ffff0000046daa60 x27: ffff0000057f2dc0\n x26: ffff000005386c00 x25: 0000000000000002 x24: 00000000ffffffff\n x23: 0000000000000000 x22: 0000000000000001 x21: ffff0000057f2e50\n x20: 0000000000000006 x19: 0000000000000000 x18: ffff00003fdacfcc\n x17: e69ad452d0c49def x16: 84a005feff870102 x15: 0000000000000000\n x14: 000000000000024a x13: 0000000000000002 x12: 0000000000000000\n x11: 0000000000000400 x10: 0000000000000930 x9 : ffff00003fd913e8\n x8 : fffffc00001bc008\n x7 : 0000000000000000 x6 : 0000000000000008\n x5 : ffff00003fd91340 x4 : 0000000000000000 x3 : 0000000000000009\n x2 : 00000000fffffffe x1 : 0000000000000000 x0 : 0000000000000000\n Call trace:\n skb_release_data+0xb8/0x1d8\n kfree_skb_reason+0x48/0xb0\n mse102x_tx_work+0x164/0x35c [mse102x]\n process_one_work+0x138/0x260\n worker_thread+0x32c/0x438\n kthread+0x118/0x11c\n ret_from_fork+0x10/0x20\n Code: aa1303e0 97fffab6 72001c1f 54000141 (f9400660)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50276",
"url": "https://www.suse.com/security/cve/CVE-2024-50276"
},
{
"category": "external",
"summary": "SUSE Bug 1233465 for CVE-2024-50276",
"url": "https://bugzilla.suse.com/1233465"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50276"
},
{
"cve": "CVE-2024-50279",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50279"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm cache: fix out-of-bounds access to the dirty bitset when resizing\n\ndm-cache checks the dirty bits of the cache blocks to be dropped when\nshrinking the fast device, but an index bug in bitset iteration causes\nout-of-bounds access.\n\nReproduce steps:\n\n1. create a cache device of 1024 cache blocks (128 bytes dirty bitset)\n\ndmsetup create cmeta --table \"0 8192 linear /dev/sdc 0\"\ndmsetup create cdata --table \"0 131072 linear /dev/sdc 8192\"\ndmsetup create corig --table \"0 524288 linear /dev/sdc 262144\"\ndd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1 oflag=direct\ndmsetup create cache --table \"0 524288 cache /dev/mapper/cmeta \\\n/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0\"\n\n2. shrink the fast device to 512 cache blocks, triggering out-of-bounds\n access to the dirty bitset (offset 0x80)\n\ndmsetup suspend cache\ndmsetup reload cdata --table \"0 65536 linear /dev/sdc 8192\"\ndmsetup resume cdata\ndmsetup resume cache\n\nKASAN reports:\n\n BUG: KASAN: vmalloc-out-of-bounds in cache_preresume+0x269/0x7b0\n Read of size 8 at addr ffffc900000f3080 by task dmsetup/131\n\n (...snip...)\n The buggy address belongs to the virtual mapping at\n [ffffc900000f3000, ffffc900000f5000) created by:\n cache_ctr+0x176a/0x35f0\n\n (...snip...)\n Memory state around the buggy address:\n ffffc900000f2f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ffffc900000f3000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n \u003effffc900000f3080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ^\n ffffc900000f3100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ffffc900000f3180: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n\nFix by making the index post-incremented.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50279",
"url": "https://www.suse.com/security/cve/CVE-2024-50279"
},
{
"category": "external",
"summary": "SUSE Bug 1233468 for CVE-2024-50279",
"url": "https://bugzilla.suse.com/1233468"
},
{
"category": "external",
"summary": "SUSE Bug 1233708 for CVE-2024-50279",
"url": "https://bugzilla.suse.com/1233708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-50279"
},
{
"cve": "CVE-2024-50282",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50282"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()\n\nAvoid a possible buffer overflow if size is larger than 4K.\n\n(cherry picked from commit f5d873f5825b40d886d03bd2aede91d4cf002434)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50282",
"url": "https://www.suse.com/security/cve/CVE-2024-50282"
},
{
"category": "external",
"summary": "SUSE Bug 1233471 for CVE-2024-50282",
"url": "https://bugzilla.suse.com/1233471"
},
{
"category": "external",
"summary": "SUSE Bug 1233707 for CVE-2024-50282",
"url": "https://bugzilla.suse.com/1233707"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-50282"
},
{
"cve": "CVE-2024-50287",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50287"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l2-tpg: prevent the risk of a division by zero\n\nAs reported by Coverity, the logic at tpg_precalculate_line()\nblindly rescales the buffer even when scaled_witdh is equal to\nzero. If this ever happens, this will cause a division by zero.\n\nInstead, add a WARN_ON_ONCE() to trigger such cases and return\nwithout doing any precalculation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50287",
"url": "https://www.suse.com/security/cve/CVE-2024-50287"
},
{
"category": "external",
"summary": "SUSE Bug 1233476 for CVE-2024-50287",
"url": "https://bugzilla.suse.com/1233476"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50287"
},
{
"cve": "CVE-2024-50289",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50289"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: av7110: fix a spectre vulnerability\n\nAs warned by smatch:\n\tdrivers/staging/media/av7110/av7110_ca.c:270 dvb_ca_ioctl() warn: potential spectre issue \u0027av7110-\u003eci_slot\u0027 [w] (local cap)\n\nThere is a spectre-related vulnerability at the code. Fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50289",
"url": "https://www.suse.com/security/cve/CVE-2024-50289"
},
{
"category": "external",
"summary": "SUSE Bug 1233478 for CVE-2024-50289",
"url": "https://bugzilla.suse.com/1233478"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50289"
},
{
"cve": "CVE-2024-50290",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50290"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: cx24116: prevent overflows on SNR calculus\n\nas reported by Coverity, if reading SNR registers fail, a negative\nnumber will be returned, causing an underflow when reading SNR\nregisters.\n\nPrevent that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50290",
"url": "https://www.suse.com/security/cve/CVE-2024-50290"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1233479 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1233479"
},
{
"category": "external",
"summary": "SUSE Bug 1233681 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1233681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-50290"
},
{
"cve": "CVE-2024-50292",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50292"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove\n\nIn case of error when requesting ctrl_chan DMA channel, ctrl_chan is not\nnull. So the release of the dma channel leads to the following issue:\n[ 4.879000] st,stm32-spdifrx 500d0000.audio-controller:\ndma_request_slave_channel error -19\n[ 4.888975] Unable to handle kernel NULL pointer dereference\nat virtual address 000000000000003d\n[...]\n[ 5.096577] Call trace:\n[ 5.099099] dma_release_channel+0x24/0x100\n[ 5.103235] stm32_spdifrx_remove+0x24/0x60 [snd_soc_stm32_spdifrx]\n[ 5.109494] stm32_spdifrx_probe+0x320/0x4c4 [snd_soc_stm32_spdifrx]\n\nTo avoid this issue, release channel only if the pointer is valid.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50292",
"url": "https://www.suse.com/security/cve/CVE-2024-50292"
},
{
"category": "external",
"summary": "SUSE Bug 1233481 for CVE-2024-50292",
"url": "https://bugzilla.suse.com/1233481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50292"
},
{
"cve": "CVE-2024-50295",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50295"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: arc: fix the device for dma_map_single/dma_unmap_single\n\nThe ndev-\u003edev and pdev-\u003edev aren\u0027t the same device, use ndev-\u003edev.parent\nwhich has dma_mask, ndev-\u003edev.parent is just pdev-\u003edev.\nOr it would cause the following issue:\n\n[ 39.933526] ------------[ cut here ]------------\n[ 39.938414] WARNING: CPU: 1 PID: 501 at kernel/dma/mapping.c:149 dma_map_page_attrs+0x90/0x1f8",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50295",
"url": "https://www.suse.com/security/cve/CVE-2024-50295"
},
{
"category": "external",
"summary": "SUSE Bug 1233484 for CVE-2024-50295",
"url": "https://bugzilla.suse.com/1233484"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50295"
},
{
"cve": "CVE-2024-50296",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50296"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix kernel crash when uninstalling driver\n\nWhen the driver is uninstalled and the VF is disabled concurrently, a\nkernel crash occurs. The reason is that the two actions call function\npci_disable_sriov(). The num_VFs is checked to determine whether to\nrelease the corresponding resources. During the second calling, num_VFs\nis not 0 and the resource release function is called. However, the\ncorresponding resource has been released during the first invoking.\nTherefore, the problem occurs:\n\n[15277.839633][T50670] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020\n...\n[15278.131557][T50670] Call trace:\n[15278.134686][T50670] klist_put+0x28/0x12c\n[15278.138682][T50670] klist_del+0x14/0x20\n[15278.142592][T50670] device_del+0xbc/0x3c0\n[15278.146676][T50670] pci_remove_bus_device+0x84/0x120\n[15278.151714][T50670] pci_stop_and_remove_bus_device+0x6c/0x80\n[15278.157447][T50670] pci_iov_remove_virtfn+0xb4/0x12c\n[15278.162485][T50670] sriov_disable+0x50/0x11c\n[15278.166829][T50670] pci_disable_sriov+0x24/0x30\n[15278.171433][T50670] hnae3_unregister_ae_algo_prepare+0x60/0x90 [hnae3]\n[15278.178039][T50670] hclge_exit+0x28/0xd0 [hclge]\n[15278.182730][T50670] __se_sys_delete_module.isra.0+0x164/0x230\n[15278.188550][T50670] __arm64_sys_delete_module+0x1c/0x30\n[15278.193848][T50670] invoke_syscall+0x50/0x11c\n[15278.198278][T50670] el0_svc_common.constprop.0+0x158/0x164\n[15278.203837][T50670] do_el0_svc+0x34/0xcc\n[15278.207834][T50670] el0_svc+0x20/0x30\n\nFor details, see the following figure.\n\n rmmod hclge disable VFs\n----------------------------------------------------\nhclge_exit() sriov_numvfs_store()\n ... device_lock()\n pci_disable_sriov() hns3_pci_sriov_configure()\n pci_disable_sriov()\n sriov_disable()\n sriov_disable() if !num_VFs :\n if !num_VFs : return;\n return; sriov_del_vfs()\n sriov_del_vfs() ...\n ... klist_put()\n klist_put() ...\n ... num_VFs = 0;\n num_VFs = 0; device_unlock();\n\nIn this patch, when driver is removing, we get the device_lock()\nto protect num_VFs, just like sriov_numvfs_store().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50296",
"url": "https://www.suse.com/security/cve/CVE-2024-50296"
},
{
"category": "external",
"summary": "SUSE Bug 1233485 for CVE-2024-50296",
"url": "https://bugzilla.suse.com/1233485"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50296"
},
{
"cve": "CVE-2024-50298",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50298"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: enetc: allocate vf_state during PF probes\n\nIn the previous implementation, vf_state is allocated memory only when VF\nis enabled. However, net_device_ops::ndo_set_vf_mac() may be called before\nVF is enabled to configure the MAC address of VF. If this is the case,\nenetc_pf_set_vf_mac() will access vf_state, resulting in access to a null\npointer. The simplified error log is as follows.\n\nroot@ls1028ardb:~# ip link set eno0 vf 1 mac 00:0c:e7:66:77:89\n[ 173.543315] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004\n[ 173.637254] pc : enetc_pf_set_vf_mac+0x3c/0x80 Message from sy\n[ 173.641973] lr : do_setlink+0x4a8/0xec8\n[ 173.732292] Call trace:\n[ 173.734740] enetc_pf_set_vf_mac+0x3c/0x80\n[ 173.738847] __rtnl_newlink+0x530/0x89c\n[ 173.742692] rtnl_newlink+0x50/0x7c\n[ 173.746189] rtnetlink_rcv_msg+0x128/0x390\n[ 173.750298] netlink_rcv_skb+0x60/0x130\n[ 173.754145] rtnetlink_rcv+0x18/0x24\n[ 173.757731] netlink_unicast+0x318/0x380\n[ 173.761665] netlink_sendmsg+0x17c/0x3c8",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50298",
"url": "https://www.suse.com/security/cve/CVE-2024-50298"
},
{
"category": "external",
"summary": "SUSE Bug 1233487 for CVE-2024-50298",
"url": "https://bugzilla.suse.com/1233487"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50298"
},
{
"cve": "CVE-2024-50301",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50301"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsecurity/keys: fix slab-out-of-bounds in key_task_permission\n\nKASAN reports an out of bounds read:\nBUG: KASAN: slab-out-of-bounds in __kuid_val include/linux/uidgid.h:36\nBUG: KASAN: slab-out-of-bounds in uid_eq include/linux/uidgid.h:63 [inline]\nBUG: KASAN: slab-out-of-bounds in key_task_permission+0x394/0x410\nsecurity/keys/permission.c:54\nRead of size 4 at addr ffff88813c3ab618 by task stress-ng/4362\n\nCPU: 2 PID: 4362 Comm: stress-ng Not tainted 5.10.0-14930-gafbffd6c3ede #15\nCall Trace:\n __dump_stack lib/dump_stack.c:82 [inline]\n dump_stack+0x107/0x167 lib/dump_stack.c:123\n print_address_description.constprop.0+0x19/0x170 mm/kasan/report.c:400\n __kasan_report.cold+0x6c/0x84 mm/kasan/report.c:560\n kasan_report+0x3a/0x50 mm/kasan/report.c:585\n __kuid_val include/linux/uidgid.h:36 [inline]\n uid_eq include/linux/uidgid.h:63 [inline]\n key_task_permission+0x394/0x410 security/keys/permission.c:54\n search_nested_keyrings+0x90e/0xe90 security/keys/keyring.c:793\n\nThis issue was also reported by syzbot.\n\nIt can be reproduced by following these steps(more details [1]):\n1. Obtain more than 32 inputs that have similar hashes, which ends with the\n pattern \u00270xxxxxxxe6\u0027.\n2. Reboot and add the keys obtained in step 1.\n\nThe reproducer demonstrates how this issue happened:\n1. In the search_nested_keyrings function, when it iterates through the\n slots in a node(below tag ascend_to_node), if the slot pointer is meta\n and node-\u003eback_pointer != NULL(it means a root), it will proceed to\n descend_to_node. However, there is an exception. If node is the root,\n and one of the slots points to a shortcut, it will be treated as a\n keyring.\n2. Whether the ptr is keyring decided by keyring_ptr_is_keyring function.\n However, KEYRING_PTR_SUBTYPE is 0x2UL, the same as\n ASSOC_ARRAY_PTR_SUBTYPE_MASK.\n3. When 32 keys with the similar hashes are added to the tree, the ROOT\n has keys with hashes that are not similar (e.g. slot 0) and it splits\n NODE A without using a shortcut. When NODE A is filled with keys that\n all hashes are xxe6, the keys are similar, NODE A will split with a\n shortcut. Finally, it forms the tree as shown below, where slot 6 points\n to a shortcut.\n\n NODE A\n +------\u003e+---+\n ROOT | | 0 | xxe6\n +---+ | +---+\n xxxx | 0 | shortcut : : xxe6\n +---+ | +---+\n xxe6 : : | | | xxe6\n +---+ | +---+\n | 6 |---+ : : xxe6\n +---+ +---+\n xxe6 : : | f | xxe6\n +---+ +---+\n xxe6 | f |\n +---+\n\n4. As mentioned above, If a slot(slot 6) of the root points to a shortcut,\n it may be mistakenly transferred to a key*, leading to a read\n out-of-bounds read.\n\nTo fix this issue, one should jump to descend_to_node if the ptr is a\nshortcut, regardless of whether the node is root or not.\n\n[1] https://lore.kernel.org/linux-kernel/1cfa878e-8c7b-4570-8606-21daf5e13ce7@huaweicloud.com/\n\n[jarkko: tweaked the commit message a bit to have an appropriate closes\n tag.]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50301",
"url": "https://www.suse.com/security/cve/CVE-2024-50301"
},
{
"category": "external",
"summary": "SUSE Bug 1233490 for CVE-2024-50301",
"url": "https://bugzilla.suse.com/1233490"
},
{
"category": "external",
"summary": "SUSE Bug 1233680 for CVE-2024-50301",
"url": "https://bugzilla.suse.com/1233680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-50301"
},
{
"cve": "CVE-2024-50302",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50302"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: zero-initialize the report buffer\n\nSince the report buffer is used by all kinds of drivers in various ways, let\u0027s\nzero-initialize it during allocation to make sure that it can\u0027t be ever used\nto leak kernel memory via specially-crafted report.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50302",
"url": "https://www.suse.com/security/cve/CVE-2024-50302"
},
{
"category": "external",
"summary": "SUSE Bug 1233491 for CVE-2024-50302",
"url": "https://bugzilla.suse.com/1233491"
},
{
"category": "external",
"summary": "SUSE Bug 1233679 for CVE-2024-50302",
"url": "https://bugzilla.suse.com/1233679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-50302"
},
{
"cve": "CVE-2024-53042",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53042"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow()\n\nThere are code paths from which the function is called without holding\nthe RCU read lock, resulting in a suspicious RCU usage warning [1].\n\nFix by using l3mdev_master_upper_ifindex_by_index() which will acquire\nthe RCU read lock before calling\nl3mdev_master_upper_ifindex_by_index_rcu().\n\n[1]\nWARNING: suspicious RCU usage\n6.12.0-rc3-custom-gac8f72681cf2 #141 Not tainted\n-----------------------------\nnet/core/dev.c:876 RCU-list traversed in non-reader section!!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n1 lock held by ip/361:\n #0: ffffffff86fc7cb0 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x377/0xf60\n\nstack backtrace:\nCPU: 3 UID: 0 PID: 361 Comm: ip Not tainted 6.12.0-rc3-custom-gac8f72681cf2 #141\nHardware name: Bochs Bochs, BIOS Bochs 01/01/2011\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xba/0x110\n lockdep_rcu_suspicious.cold+0x4f/0xd6\n dev_get_by_index_rcu+0x1d3/0x210\n l3mdev_master_upper_ifindex_by_index_rcu+0x2b/0xf0\n ip_tunnel_bind_dev+0x72f/0xa00\n ip_tunnel_newlink+0x368/0x7a0\n ipgre_newlink+0x14c/0x170\n __rtnl_newlink+0x1173/0x19c0\n rtnl_newlink+0x6c/0xa0\n rtnetlink_rcv_msg+0x3cc/0xf60\n netlink_rcv_skb+0x171/0x450\n netlink_unicast+0x539/0x7f0\n netlink_sendmsg+0x8c1/0xd80\n ____sys_sendmsg+0x8f9/0xc20\n ___sys_sendmsg+0x197/0x1e0\n __sys_sendmsg+0x122/0x1f0\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53042",
"url": "https://www.suse.com/security/cve/CVE-2024-53042"
},
{
"category": "external",
"summary": "SUSE Bug 1233540 for CVE-2024-53042",
"url": "https://bugzilla.suse.com/1233540"
},
{
"category": "external",
"summary": "SUSE Bug 1233678 for CVE-2024-53042",
"url": "https://bugzilla.suse.com/1233678"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-53042"
},
{
"cve": "CVE-2024-53043",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53043"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmctp i2c: handle NULL header address\n\ndaddr can be NULL if there is no neighbour table entry present,\nin that case the tx packet should be dropped.\n\nsaddr will usually be set by MCTP core, but check for NULL in case a\npacket is transmitted by a different protocol.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53043",
"url": "https://www.suse.com/security/cve/CVE-2024-53043"
},
{
"category": "external",
"summary": "SUSE Bug 1233523 for CVE-2024-53043",
"url": "https://bugzilla.suse.com/1233523"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53043"
},
{
"cve": "CVE-2024-53045",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53045"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: dapm: fix bounds checker error in dapm_widget_list_create\n\nThe widgets array in the snd_soc_dapm_widget_list has a __counted_by\nattribute attached to it, which points to the num_widgets variable. This\nattribute is used in bounds checking, and if it is not set before the\narray is filled, then the bounds sanitizer will issue a warning or a\nkernel panic if CONFIG_UBSAN_TRAP is set.\n\nThis patch sets the size of the widgets list calculated with\nlist_for_each as the initial value for num_widgets as it is used for\nallocating memory for the array. It is updated with the actual number of\nadded elements after the array is filled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53045",
"url": "https://www.suse.com/security/cve/CVE-2024-53045"
},
{
"category": "external",
"summary": "SUSE Bug 1233524 for CVE-2024-53045",
"url": "https://bugzilla.suse.com/1233524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53045"
},
{
"cve": "CVE-2024-53048",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53048"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix crash on probe for DPLL enabled E810 LOM\n\nThe E810 Lan On Motherboard (LOM) design is vendor specific. Intel\nprovides the reference design, but it is up to vendor on the final\nproduct design. For some cases, like Linux DPLL support, the static\nvalues defined in the driver does not reflect the actual LOM design.\nCurrent implementation of dpll pins is causing the crash on probe\nof the ice driver for such DPLL enabled E810 LOM designs:\n\nWARNING: (...) at drivers/dpll/dpll_core.c:495 dpll_pin_get+0x2c4/0x330\n...\nCall Trace:\n \u003cTASK\u003e\n ? __warn+0x83/0x130\n ? dpll_pin_get+0x2c4/0x330\n ? report_bug+0x1b7/0x1d0\n ? handle_bug+0x42/0x70\n ? exc_invalid_op+0x18/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? dpll_pin_get+0x117/0x330\n ? dpll_pin_get+0x2c4/0x330\n ? dpll_pin_get+0x117/0x330\n ice_dpll_get_pins.isra.0+0x52/0xe0 [ice]\n...\n\nThe number of dpll pins enabled by LOM vendor is greater than expected\nand defined in the driver for Intel designed NICs, which causes the crash.\n\nPrevent the crash and allow generic pin initialization within Linux DPLL\nsubsystem for DPLL enabled E810 LOM designs.\n\nNewly designed solution for described issue will be based on \"per HW\ndesign\" pin initialization. It requires pin information dynamically\nacquired from the firmware and is already in progress, planned for\nnext-tree only.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53048",
"url": "https://www.suse.com/security/cve/CVE-2024-53048"
},
{
"category": "external",
"summary": "SUSE Bug 1233721 for CVE-2024-53048",
"url": "https://bugzilla.suse.com/1233721"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53048"
},
{
"cve": "CVE-2024-53051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53051"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/hdcp: Add encoder check in intel_hdcp_get_capability\n\nSometimes during hotplug scenario or suspend/resume scenario encoder is\nnot always initialized when intel_hdcp_get_capability add\na check to avoid kernel null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53051",
"url": "https://www.suse.com/security/cve/CVE-2024-53051"
},
{
"category": "external",
"summary": "SUSE Bug 1233547 for CVE-2024-53051",
"url": "https://bugzilla.suse.com/1233547"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53051"
},
{
"cve": "CVE-2024-53052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53052"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/rw: fix missing NOWAIT check for O_DIRECT start write\n\nWhen io_uring starts a write, it\u0027ll call kiocb_start_write() to bump the\nsuper block rwsem, preventing any freezes from happening while that\nwrite is in-flight. The freeze side will grab that rwsem for writing,\nexcluding any new writers from happening and waiting for existing writes\nto finish. But io_uring unconditionally uses kiocb_start_write(), which\nwill block if someone is currently attempting to freeze the mount point.\nThis causes a deadlock where freeze is waiting for previous writes to\ncomplete, but the previous writes cannot complete, as the task that is\nsupposed to complete them is blocked waiting on starting a new write.\nThis results in the following stuck trace showing that dependency with\nthe write blocked starting a new write:\n\ntask:fio state:D stack:0 pid:886 tgid:886 ppid:876\nCall trace:\n __switch_to+0x1d8/0x348\n __schedule+0x8e8/0x2248\n schedule+0x110/0x3f0\n percpu_rwsem_wait+0x1e8/0x3f8\n __percpu_down_read+0xe8/0x500\n io_write+0xbb8/0xff8\n io_issue_sqe+0x10c/0x1020\n io_submit_sqes+0x614/0x2110\n __arm64_sys_io_uring_enter+0x524/0x1038\n invoke_syscall+0x74/0x268\n el0_svc_common.constprop.0+0x160/0x238\n do_el0_svc+0x44/0x60\n el0_svc+0x44/0xb0\n el0t_64_sync_handler+0x118/0x128\n el0t_64_sync+0x168/0x170\nINFO: task fsfreeze:7364 blocked for more than 15 seconds.\n Not tainted 6.12.0-rc5-00063-g76aaf945701c #7963\n\nwith the attempting freezer stuck trying to grab the rwsem:\n\ntask:fsfreeze state:D stack:0 pid:7364 tgid:7364 ppid:995\nCall trace:\n __switch_to+0x1d8/0x348\n __schedule+0x8e8/0x2248\n schedule+0x110/0x3f0\n percpu_down_write+0x2b0/0x680\n freeze_super+0x248/0x8a8\n do_vfs_ioctl+0x149c/0x1b18\n __arm64_sys_ioctl+0xd0/0x1a0\n invoke_syscall+0x74/0x268\n el0_svc_common.constprop.0+0x160/0x238\n do_el0_svc+0x44/0x60\n el0_svc+0x44/0xb0\n el0t_64_sync_handler+0x118/0x128\n el0t_64_sync+0x168/0x170\n\nFix this by having the io_uring side honor IOCB_NOWAIT, and only attempt a\nblocking grab of the super block rwsem if it isn\u0027t set. For normal issue\nwhere IOCB_NOWAIT would always be set, this returns -EAGAIN which will\nhave io_uring core issue a blocking attempt of the write. That will in\nturn also get completions run, ensuring forward progress.\n\nSince freezing requires CAP_SYS_ADMIN in the first place, this isn\u0027t\nsomething that can be triggered by a regular user.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53052",
"url": "https://www.suse.com/security/cve/CVE-2024-53052"
},
{
"category": "external",
"summary": "SUSE Bug 1233548 for CVE-2024-53052",
"url": "https://bugzilla.suse.com/1233548"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53052"
},
{
"cve": "CVE-2024-53055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53055"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: fix 6 GHz scan construction\n\nIf more than 255 colocated APs exist for the set of all\nAPs found during 2.4/5 GHz scanning, then the 6 GHz scan\nconstruction will loop forever since the loop variable\nhas type u8, which can never reach the number found when\nthat\u0027s bigger than 255, and is stored in a u32 variable.\nAlso move it into the loops to have a smaller scope.\n\nUsing a u32 there is fine, we limit the number of APs in\nthe scan list and each has a limit on the number of RNR\nentries due to the frame size. With a limit of 1000 scan\nresults, a frame size upper bound of 4096 (really it\u0027s\nmore like ~2300) and a TBTT entry size of at least 11,\nwe get an upper bound for the number of ~372k, well in\nthe bounds of a u32.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53055",
"url": "https://www.suse.com/security/cve/CVE-2024-53055"
},
{
"category": "external",
"summary": "SUSE Bug 1233550 for CVE-2024-53055",
"url": "https://bugzilla.suse.com/1233550"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53055"
},
{
"cve": "CVE-2024-53056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy()\n\nIn mtk_crtc_create(), if the call to mbox_request_channel() fails then we\nset the \"mtk_crtc-\u003ecmdq_client.chan\" pointer to NULL. In that situation,\nwe do not call cmdq_pkt_create().\n\nDuring the cleanup, we need to check if the \"mtk_crtc-\u003ecmdq_client.chan\"\nis NULL first before calling cmdq_pkt_destroy(). Calling\ncmdq_pkt_destroy() is unnecessary if we didn\u0027t call cmdq_pkt_create() and\nit will result in a NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53056",
"url": "https://www.suse.com/security/cve/CVE-2024-53056"
},
{
"category": "external",
"summary": "SUSE Bug 1233568 for CVE-2024-53056",
"url": "https://bugzilla.suse.com/1233568"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53056"
},
{
"cve": "CVE-2024-53058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data\n\nIn case the non-paged data of a SKB carries protocol header and protocol\npayload to be transmitted on a certain platform that the DMA AXI address\nwidth is configured to 40-bit/48-bit, or the size of the non-paged data\nis bigger than TSO_MAX_BUFF_SIZE on a certain platform that the DMA AXI\naddress width is configured to 32-bit, then this SKB requires at least\ntwo DMA transmit descriptors to serve it.\n\nFor example, three descriptors are allocated to split one DMA buffer\nmapped from one piece of non-paged data:\n dma_desc[N + 0],\n dma_desc[N + 1],\n dma_desc[N + 2].\nThen three elements of tx_q-\u003etx_skbuff_dma[] will be allocated to hold\nextra information to be reused in stmmac_tx_clean():\n tx_q-\u003etx_skbuff_dma[N + 0],\n tx_q-\u003etx_skbuff_dma[N + 1],\n tx_q-\u003etx_skbuff_dma[N + 2].\nNow we focus on tx_q-\u003etx_skbuff_dma[entry].buf, which is the DMA buffer\naddress returned by DMA mapping call. stmmac_tx_clean() will try to\nunmap the DMA buffer _ONLY_IF_ tx_q-\u003etx_skbuff_dma[entry].buf\nis a valid buffer address.\n\nThe expected behavior that saves DMA buffer address of this non-paged\ndata to tx_q-\u003etx_skbuff_dma[entry].buf is:\n tx_q-\u003etx_skbuff_dma[N + 0].buf = NULL;\n tx_q-\u003etx_skbuff_dma[N + 1].buf = NULL;\n tx_q-\u003etx_skbuff_dma[N + 2].buf = dma_map_single();\nUnfortunately, the current code misbehaves like this:\n tx_q-\u003etx_skbuff_dma[N + 0].buf = dma_map_single();\n tx_q-\u003etx_skbuff_dma[N + 1].buf = NULL;\n tx_q-\u003etx_skbuff_dma[N + 2].buf = NULL;\n\nOn the stmmac_tx_clean() side, when dma_desc[N + 0] is closed by the\nDMA engine, tx_q-\u003etx_skbuff_dma[N + 0].buf is a valid buffer address\nobviously, then the DMA buffer will be unmapped immediately.\nThere may be a rare case that the DMA engine does not finish the\npending dma_desc[N + 1], dma_desc[N + 2] yet. Now things will go\nhorribly wrong, DMA is going to access a unmapped/unreferenced memory\nregion, corrupted data will be transmited or iommu fault will be\ntriggered :(\n\nIn contrast, the for-loop that maps SKB fragments behaves perfectly\nas expected, and that is how the driver should do for both non-paged\ndata and paged frags actually.\n\nThis patch corrects DMA map/unmap sequences by fixing the array index\nfor tx_q-\u003etx_skbuff_dma[entry].buf when assigning DMA buffer address.\n\nTested and verified on DWXGMAC CORE 3.20a",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53058",
"url": "https://www.suse.com/security/cve/CVE-2024-53058"
},
{
"category": "external",
"summary": "SUSE Bug 1233552 for CVE-2024-53058",
"url": "https://bugzilla.suse.com/1233552"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53058"
},
{
"cve": "CVE-2024-53059",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53059"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd()\n\n1. The size of the response packet is not validated.\n2. The response buffer is not freed.\n\nResolve these issues by switching to iwl_mvm_send_cmd_status(),\nwhich handles both size validation and frees the buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53059",
"url": "https://www.suse.com/security/cve/CVE-2024-53059"
},
{
"category": "external",
"summary": "SUSE Bug 1233553 for CVE-2024-53059",
"url": "https://bugzilla.suse.com/1233553"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53059"
},
{
"cve": "CVE-2024-53060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53060"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: prevent NULL pointer dereference if ATIF is not supported\n\nacpi_evaluate_object() may return AE_NOT_FOUND (failure), which\nwould result in dereferencing buffer.pointer (obj) while being NULL.\n\nAlthough this case may be unrealistic for the current code, it is\nstill better to protect against possible bugs.\n\nBail out also when status is AE_NOT_FOUND.\n\nThis fixes 1 FORWARD_NULL issue reported by Coverity\nReport: CID 1600951: Null pointer dereferences (FORWARD_NULL)\n\n(cherry picked from commit 91c9e221fe2553edf2db71627d8453f083de87a1)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53060",
"url": "https://www.suse.com/security/cve/CVE-2024-53060"
},
{
"category": "external",
"summary": "SUSE Bug 1233554 for CVE-2024-53060",
"url": "https://bugzilla.suse.com/1233554"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53060"
},
{
"cve": "CVE-2024-53061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53061"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: s5p-jpeg: prevent buffer overflows\n\nThe current logic allows word to be less than 2. If this happens,\nthere will be buffer overflows, as reported by smatch. Add extra\nchecks to prevent it.\n\nWhile here, remove an unused word = 0 assignment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53061",
"url": "https://www.suse.com/security/cve/CVE-2024-53061"
},
{
"category": "external",
"summary": "SUSE Bug 1233555 for CVE-2024-53061",
"url": "https://bugzilla.suse.com/1233555"
},
{
"category": "external",
"summary": "SUSE Bug 1233621 for CVE-2024-53061",
"url": "https://bugzilla.suse.com/1233621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-53061"
},
{
"cve": "CVE-2024-53063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53063"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvbdev: prevent the risk of out of memory access\n\nThe dvbdev contains a static variable used to store dvb minors.\n\nThe behavior of it depends if CONFIG_DVB_DYNAMIC_MINORS is set\nor not. When not set, dvb_register_device() won\u0027t check for\nboundaries, as it will rely that a previous call to\ndvb_register_adapter() would already be enforcing it.\n\nOn a similar way, dvb_device_open() uses the assumption\nthat the register functions already did the needed checks.\n\nThis can be fragile if some device ends using different\ncalls. This also generate warnings on static check analysers\nlike Coverity.\n\nSo, add explicit guards to prevent potential risk of OOM issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53063",
"url": "https://www.suse.com/security/cve/CVE-2024-53063"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1233557 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1233557"
},
{
"category": "external",
"summary": "SUSE Bug 1233619 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1233619"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-53063"
},
{
"cve": "CVE-2024-53066",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53066"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: Fix KMSAN warning in decode_getfattr_attrs()\n\nFix the following KMSAN warning:\n\nCPU: 1 UID: 0 PID: 7651 Comm: cp Tainted: G B\nTainted: [B]=BAD_PAGE\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009)\n=====================================================\n=====================================================\nBUG: KMSAN: uninit-value in decode_getfattr_attrs+0x2d6d/0x2f90\n decode_getfattr_attrs+0x2d6d/0x2f90\n decode_getfattr_generic+0x806/0xb00\n nfs4_xdr_dec_getattr+0x1de/0x240\n rpcauth_unwrap_resp_decode+0xab/0x100\n rpcauth_unwrap_resp+0x95/0xc0\n call_decode+0x4ff/0xb50\n __rpc_execute+0x57b/0x19d0\n rpc_execute+0x368/0x5e0\n rpc_run_task+0xcfe/0xee0\n nfs4_proc_getattr+0x5b5/0x990\n __nfs_revalidate_inode+0x477/0xd00\n nfs_access_get_cached+0x1021/0x1cc0\n nfs_do_access+0x9f/0xae0\n nfs_permission+0x1e4/0x8c0\n inode_permission+0x356/0x6c0\n link_path_walk+0x958/0x1330\n path_lookupat+0xce/0x6b0\n filename_lookup+0x23e/0x770\n vfs_statx+0xe7/0x970\n vfs_fstatat+0x1f2/0x2c0\n __se_sys_newfstatat+0x67/0x880\n __x64_sys_newfstatat+0xbd/0x120\n x64_sys_call+0x1826/0x3cf0\n do_syscall_64+0xd0/0x1b0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThe KMSAN warning is triggered in decode_getfattr_attrs(), when calling\ndecode_attr_mdsthreshold(). It appears that fattr-\u003emdsthreshold is not\ninitialized.\n\nFix the issue by initializing fattr-\u003emdsthreshold to NULL in\nnfs_fattr_init().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53066",
"url": "https://www.suse.com/security/cve/CVE-2024-53066"
},
{
"category": "external",
"summary": "SUSE Bug 1233560 for CVE-2024-53066",
"url": "https://bugzilla.suse.com/1233560"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53066"
},
{
"cve": "CVE-2024-53068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53068"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier()\n\nThe scmi_dev-\u003ename is released prematurely in __scmi_device_destroy(),\nwhich causes slab-use-after-free when accessing scmi_dev-\u003ename in\nscmi_bus_notifier(). So move the release of scmi_dev-\u003ename to\nscmi_device_release() to avoid slab-use-after-free.\n\n | BUG: KASAN: slab-use-after-free in strncmp+0xe4/0xec\n | Read of size 1 at addr ffffff80a482bcc0 by task swapper/0/1\n |\n | CPU: 1 PID: 1 Comm: swapper/0 Not tainted 6.6.38-debug #1\n | Hardware name: Qualcomm Technologies, Inc. SA8775P Ride (DT)\n | Call trace:\n | dump_backtrace+0x94/0x114\n | show_stack+0x18/0x24\n | dump_stack_lvl+0x48/0x60\n | print_report+0xf4/0x5b0\n | kasan_report+0xa4/0xec\n | __asan_report_load1_noabort+0x20/0x2c\n | strncmp+0xe4/0xec\n | scmi_bus_notifier+0x5c/0x54c\n | notifier_call_chain+0xb4/0x31c\n | blocking_notifier_call_chain+0x68/0x9c\n | bus_notify+0x54/0x78\n | device_del+0x1bc/0x840\n | device_unregister+0x20/0xb4\n | __scmi_device_destroy+0xac/0x280\n | scmi_device_destroy+0x94/0xd0\n | scmi_chan_setup+0x524/0x750\n | scmi_probe+0x7fc/0x1508\n | platform_probe+0xc4/0x19c\n | really_probe+0x32c/0x99c\n | __driver_probe_device+0x15c/0x3c4\n | driver_probe_device+0x5c/0x170\n | __driver_attach+0x1c8/0x440\n | bus_for_each_dev+0xf4/0x178\n | driver_attach+0x3c/0x58\n | bus_add_driver+0x234/0x4d4\n | driver_register+0xf4/0x3c0\n | __platform_driver_register+0x60/0x88\n | scmi_driver_init+0xb0/0x104\n | do_one_initcall+0xb4/0x664\n | kernel_init_freeable+0x3c8/0x894\n | kernel_init+0x24/0x1e8\n | ret_from_fork+0x10/0x20\n |\n | Allocated by task 1:\n | kasan_save_stack+0x2c/0x54\n | kasan_set_track+0x2c/0x40\n | kasan_save_alloc_info+0x24/0x34\n | __kasan_kmalloc+0xa0/0xb8\n | __kmalloc_node_track_caller+0x6c/0x104\n | kstrdup+0x48/0x84\n | kstrdup_const+0x34/0x40\n | __scmi_device_create.part.0+0x8c/0x408\n | scmi_device_create+0x104/0x370\n | scmi_chan_setup+0x2a0/0x750\n | scmi_probe+0x7fc/0x1508\n | platform_probe+0xc4/0x19c\n | really_probe+0x32c/0x99c\n | __driver_probe_device+0x15c/0x3c4\n | driver_probe_device+0x5c/0x170\n | __driver_attach+0x1c8/0x440\n | bus_for_each_dev+0xf4/0x178\n | driver_attach+0x3c/0x58\n | bus_add_driver+0x234/0x4d4\n | driver_register+0xf4/0x3c0\n | __platform_driver_register+0x60/0x88\n | scmi_driver_init+0xb0/0x104\n | do_one_initcall+0xb4/0x664\n | kernel_init_freeable+0x3c8/0x894\n | kernel_init+0x24/0x1e8\n | ret_from_fork+0x10/0x20\n |\n | Freed by task 1:\n | kasan_save_stack+0x2c/0x54\n | kasan_set_track+0x2c/0x40\n | kasan_save_free_info+0x38/0x5c\n | __kasan_slab_free+0xe8/0x164\n | __kmem_cache_free+0x11c/0x230\n | kfree+0x70/0x130\n | kfree_const+0x20/0x40\n | __scmi_device_destroy+0x70/0x280\n | scmi_device_destroy+0x94/0xd0\n | scmi_chan_setup+0x524/0x750\n | scmi_probe+0x7fc/0x1508\n | platform_probe+0xc4/0x19c\n | really_probe+0x32c/0x99c\n | __driver_probe_device+0x15c/0x3c4\n | driver_probe_device+0x5c/0x170\n | __driver_attach+0x1c8/0x440\n | bus_for_each_dev+0xf4/0x178\n | driver_attach+0x3c/0x58\n | bus_add_driver+0x234/0x4d4\n | driver_register+0xf4/0x3c0\n | __platform_driver_register+0x60/0x88\n | scmi_driver_init+0xb0/0x104\n | do_one_initcall+0xb4/0x664\n | kernel_init_freeable+0x3c8/0x894\n | kernel_init+0x24/0x1e8\n | ret_from_fork+0x10/0x20",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53068",
"url": "https://www.suse.com/security/cve/CVE-2024-53068"
},
{
"category": "external",
"summary": "SUSE Bug 1233561 for CVE-2024-53068",
"url": "https://bugzilla.suse.com/1233561"
},
{
"category": "external",
"summary": "SUSE Bug 1233618 for CVE-2024-53068",
"url": "https://bugzilla.suse.com/1233618"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-53068"
},
{
"cve": "CVE-2024-53072",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53072"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86/amd/pmc: Detect when STB is not available\n\nLoading the amd_pmc module as:\n\n amd_pmc enable_stb=1\n\n...can result in the following messages in the kernel ring buffer:\n\n amd_pmc AMDI0009:00: SMU cmd failed. err: 0xff\n ioremap on RAM at 0x0000000000000000 - 0x0000000000ffffff\n WARNING: CPU: 10 PID: 2151 at arch/x86/mm/ioremap.c:217 __ioremap_caller+0x2cd/0x340\n\nFurther debugging reveals that this occurs when the requests for\nS2D_PHYS_ADDR_LOW and S2D_PHYS_ADDR_HIGH return a value of 0,\nindicating that the STB is inaccessible. To prevent the ioremap\nwarning and provide clarity to the user, handle the invalid address\nand display an error message.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53072",
"url": "https://www.suse.com/security/cve/CVE-2024-53072"
},
{
"category": "external",
"summary": "SUSE Bug 1233564 for CVE-2024-53072",
"url": "https://bugzilla.suse.com/1233564"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53072"
},
{
"cve": "CVE-2024-53074",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53074"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don\u0027t leak a link on AP removal\n\nRelease the link mapping resource in AP removal. This impacted devices\nthat do not support the MLD API (9260 and down).\nOn those devices, we couldn\u0027t start the AP again after the AP has been\nalready started and stopped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53074",
"url": "https://www.suse.com/security/cve/CVE-2024-53074"
},
{
"category": "external",
"summary": "SUSE Bug 1233566 for CVE-2024-53074",
"url": "https://bugzilla.suse.com/1233566"
},
{
"category": "external",
"summary": "SUSE Bug 1235086 for CVE-2024-53074",
"url": "https://bugzilla.suse.com/1235086"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-53074"
},
{
"cve": "CVE-2024-53076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53076"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: gts-helper: Fix memory leaks for the error path of iio_gts_build_avail_scale_table()\n\nIf per_time_scales[i] or per_time_gains[i] kcalloc fails in the for loop\nof iio_gts_build_avail_scale_table(), the err_free_out will fail to call\nkfree() each time when i is reduced to 0, so all the per_time_scales[0]\nand per_time_gains[0] will not be freed, which will cause memory leaks.\n\nFix it by checking if i \u003e= 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53076",
"url": "https://www.suse.com/security/cve/CVE-2024-53076"
},
{
"category": "external",
"summary": "SUSE Bug 1233567 for CVE-2024-53076",
"url": "https://bugzilla.suse.com/1233567"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53076"
},
{
"cve": "CVE-2024-53079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53079"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/thp: fix deferred split unqueue naming and locking\n\nRecent changes are putting more pressure on THP deferred split queues:\nunder load revealing long-standing races, causing list_del corruptions,\n\"Bad page state\"s and worse (I keep BUGs in both of those, so usually\ndon\u0027t get to see how badly they end up without). The relevant recent\nchanges being 6.8\u0027s mTHP, 6.10\u0027s mTHP swapout, and 6.12\u0027s mTHP swapin,\nimproved swap allocation, and underused THP splitting.\n\nBefore fixing locking: rename misleading folio_undo_large_rmappable(),\nwhich does not undo large_rmappable, to folio_unqueue_deferred_split(),\nwhich is what it does. But that and its out-of-line __callee are mm\ninternals of very limited usability: add comment and WARN_ON_ONCEs to\ncheck usage; and return a bool to say if a deferred split was unqueued,\nwhich can then be used in WARN_ON_ONCEs around safety checks (sparing\ncallers the arcane conditionals in __folio_unqueue_deferred_split()).\n\nJust omit the folio_unqueue_deferred_split() from free_unref_folios(), all\nof whose callers now call it beforehand (and if any forget then bad_page()\nwill tell) - except for its caller put_pages_list(), which itself no\nlonger has any callers (and will be deleted separately).\n\nSwapout: mem_cgroup_swapout() has been resetting folio-\u003ememcg_data 0\nwithout checking and unqueueing a THP folio from deferred split list;\nwhich is unfortunate, since the split_queue_lock depends on the memcg\n(when memcg is enabled); so swapout has been unqueueing such THPs later,\nwhen freeing the folio, using the pgdat\u0027s lock instead: potentially\ncorrupting the memcg\u0027s list. __remove_mapping() has frozen refcount to 0\nhere, so no problem with calling folio_unqueue_deferred_split() before\nresetting memcg_data.\n\nThat goes back to 5.4 commit 87eaceb3faa5 (\"mm: thp: make deferred split\nshrinker memcg aware\"): which included a check on swapcache before adding\nto deferred queue, but no check on deferred queue before adding THP to\nswapcache. That worked fine with the usual sequence of events in reclaim\n(though there were a couple of rare ways in which a THP on deferred queue\ncould have been swapped out), but 6.12 commit dafff3f4c850 (\"mm: split\nunderused THPs\") avoids splitting underused THPs in reclaim, which makes\nswapcache THPs on deferred queue commonplace.\n\nKeep the check on swapcache before adding to deferred queue? Yes: it is\nno longer essential, but preserves the existing behaviour, and is likely\nto be a worthwhile optimization (vmstat showed much more traffic on the\nqueue under swapping load if the check was removed); update its comment.\n\nMemcg-v1 move (deprecated): mem_cgroup_move_account() has been changing\nfolio-\u003ememcg_data without checking and unqueueing a THP folio from the\ndeferred list, sometimes corrupting \"from\" memcg\u0027s list, like swapout. \nRefcount is non-zero here, so folio_unqueue_deferred_split() can only be\nused in a WARN_ON_ONCE to validate the fix, which must be done earlier:\nmem_cgroup_move_charge_pte_range() first try to split the THP (splitting\nof course unqueues), or skip it if that fails. Not ideal, but moving\ncharge has been requested, and khugepaged should repair the THP later:\nnobody wants new custom unqueueing code just for this deprecated case.\n\nThe 87eaceb3faa5 commit did have the code to move from one deferred list\nto another (but was not conscious of its unsafety while refcount non-0);\nbut that was removed by 5.6 commit fac0516b5534 (\"mm: thp: don\u0027t need care\ndeferred split queue in memcg charge move path\"), which argued that the\nexistence of a PMD mapping guarantees that the THP cannot be on a deferred\nlist. As above, false in rare cases, and now commonly false.\n\nBackport to 6.11 should be straightforward. Earlier backports must take\ncare that other _deferred_list fixes and dependencies are included. There\nis not a strong case for backports, but they can fix cornercases.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53079",
"url": "https://www.suse.com/security/cve/CVE-2024-53079"
},
{
"category": "external",
"summary": "SUSE Bug 1233570 for CVE-2024-53079",
"url": "https://bugzilla.suse.com/1233570"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "low"
}
],
"title": "CVE-2024-53079"
},
{
"cve": "CVE-2024-53081",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53081"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: ar0521: don\u0027t overflow when checking PLL values\n\nThe PLL checks are comparing 64 bit integers with 32 bit\nones, as reported by Coverity. Depending on the values of\nthe variables, this may underflow.\n\nFix it ensuring that both sides of the expression are u64.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53081",
"url": "https://www.suse.com/security/cve/CVE-2024-53081"
},
{
"category": "external",
"summary": "SUSE Bug 1233572 for CVE-2024-53081",
"url": "https://bugzilla.suse.com/1233572"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53081"
},
{
"cve": "CVE-2024-53082",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53082"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_net: Add hash_key_length check\n\nAdd hash_key_length check in virtnet_probe() to avoid possible out of\nbound errors when setting/reading the hash key.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53082",
"url": "https://www.suse.com/security/cve/CVE-2024-53082"
},
{
"category": "external",
"summary": "SUSE Bug 1233573 for CVE-2024-53082",
"url": "https://bugzilla.suse.com/1233573"
},
{
"category": "external",
"summary": "SUSE Bug 1233677 for CVE-2024-53082",
"url": "https://bugzilla.suse.com/1233677"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-53082"
},
{
"cve": "CVE-2024-53085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: Lock TPM chip in tpm_pm_suspend() first\n\nSetting TPM_CHIP_FLAG_SUSPENDED in the end of tpm_pm_suspend() can be racy\naccording, as this leaves window for tpm_hwrng_read() to be called while\nthe operation is in progress. The recent bug report gives also evidence of\nthis behaviour.\n\nAadress this by locking the TPM chip before checking any chip-\u003eflags both\nin tpm_pm_suspend() and tpm_hwrng_read(). Move TPM_CHIP_FLAG_SUSPENDED\ncheck inside tpm_get_random() so that it will be always checked only when\nthe lock is reserved.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53085",
"url": "https://www.suse.com/security/cve/CVE-2024-53085"
},
{
"category": "external",
"summary": "SUSE Bug 1233577 for CVE-2024-53085",
"url": "https://bugzilla.suse.com/1233577"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53085"
},
{
"cve": "CVE-2024-53088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53088"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix race condition by adding filter\u0027s intermediate sync state\n\nFix a race condition in the i40e driver that leads to MAC/VLAN filters\nbecoming corrupted and leaking. Address the issue that occurs under\nheavy load when multiple threads are concurrently modifying MAC/VLAN\nfilters by setting mac and port VLAN.\n\n1. Thread T0 allocates a filter in i40e_add_filter() within\n i40e_ndo_set_vf_port_vlan().\n2. Thread T1 concurrently frees the filter in __i40e_del_filter() within\n i40e_ndo_set_vf_mac().\n3. Subsequently, i40e_service_task() calls i40e_sync_vsi_filters(), which\n refers to the already freed filter memory, causing corruption.\n\nReproduction steps:\n1. Spawn multiple VFs.\n2. Apply a concurrent heavy load by running parallel operations to change\n MAC addresses on the VFs and change port VLANs on the host.\n3. Observe errors in dmesg:\n\"Error I40E_AQ_RC_ENOSPC adding RX filters on VF XX,\n\tplease set promiscuous on manually for VF XX\".\n\nExact code for stable reproduction Intel can\u0027t open-source now.\n\nThe fix involves implementing a new intermediate filter state,\nI40E_FILTER_NEW_SYNC, for the time when a filter is on a tmp_add_list.\nThese filters cannot be deleted from the hash list directly but\nmust be removed using the full process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53088",
"url": "https://www.suse.com/security/cve/CVE-2024-53088"
},
{
"category": "external",
"summary": "SUSE Bug 1233580 for CVE-2024-53088",
"url": "https://bugzilla.suse.com/1233580"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53088"
},
{
"cve": "CVE-2024-53093",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53093"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-multipath: defer partition scanning\n\nWe need to suppress the partition scan from occuring within the\ncontroller\u0027s scan_work context. If a path error occurs here, the IO will\nwait until a path becomes available or all paths are torn down, but that\naction also occurs within scan_work, so it would deadlock. Defer the\npartion scan to a different context that does not block scan_work.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53093",
"url": "https://www.suse.com/security/cve/CVE-2024-53093"
},
{
"category": "external",
"summary": "SUSE Bug 1233640 for CVE-2024-53093",
"url": "https://bugzilla.suse.com/1233640"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53093"
},
{
"cve": "CVE-2024-53094",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53094"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/siw: Add sendpage_ok() check to disable MSG_SPLICE_PAGES\n\nWhile running ISER over SIW, the initiator machine encounters a warning\nfrom skb_splice_from_iter() indicating that a slab page is being used in\nsend_page. To address this, it is better to add a sendpage_ok() check\nwithin the driver itself, and if it returns 0, then MSG_SPLICE_PAGES flag\nshould be disabled before entering the network stack.\n\nA similar issue has been discussed for NVMe in this thread:\nhttps://lore.kernel.org/all/20240530142417.146696-1-ofir.gal@volumez.com/\n\n WARNING: CPU: 0 PID: 5342 at net/core/skbuff.c:7140 skb_splice_from_iter+0x173/0x320\n Call Trace:\n tcp_sendmsg_locked+0x368/0xe40\n siw_tx_hdt+0x695/0xa40 [siw]\n siw_qp_sq_process+0x102/0xb00 [siw]\n siw_sq_resume+0x39/0x110 [siw]\n siw_run_sq+0x74/0x160 [siw]\n kthread+0xd2/0x100\n ret_from_fork+0x34/0x40\n ret_from_fork_asm+0x1a/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53094",
"url": "https://www.suse.com/security/cve/CVE-2024-53094"
},
{
"category": "external",
"summary": "SUSE Bug 1233641 for CVE-2024-53094",
"url": "https://bugzilla.suse.com/1233641"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53094"
},
{
"cve": "CVE-2024-53095",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53095"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: Fix use-after-free of network namespace.\n\nRecently, we got a customer report that CIFS triggers oops while\nreconnecting to a server. [0]\n\nThe workload runs on Kubernetes, and some pods mount CIFS servers\nin non-root network namespaces. The problem rarely happened, but\nit was always while the pod was dying.\n\nThe root cause is wrong reference counting for network namespace.\n\nCIFS uses kernel sockets, which do not hold refcnt of the netns that\nthe socket belongs to. That means CIFS must ensure the socket is\nalways freed before its netns; otherwise, use-after-free happens.\n\nThe repro steps are roughly:\n\n 1. mount CIFS in a non-root netns\n 2. drop packets from the netns\n 3. destroy the netns\n 4. unmount CIFS\n\nWe can reproduce the issue quickly with the script [1] below and see\nthe splat [2] if CONFIG_NET_NS_REFCNT_TRACKER is enabled.\n\nWhen the socket is TCP, it is hard to guarantee the netns lifetime\nwithout holding refcnt due to async timers.\n\nLet\u0027s hold netns refcnt for each socket as done for SMC in commit\n9744d2bf1976 (\"smc: Fix use-after-free in tcp_write_timer_handler().\").\n\nNote that we need to move put_net() from cifs_put_tcp_session() to\nclean_demultiplex_info(); otherwise, __sock_create() still could touch a\nfreed netns while cifsd tries to reconnect from cifs_demultiplex_thread().\n\nAlso, maybe_get_net() cannot be put just before __sock_create() because\nthe code is not under RCU and there is a small chance that the same\naddress happened to be reallocated to another netns.\n\n[0]:\nCIFS: VFS: \\\\XXXXXXXXXXX has not responded in 15 seconds. Reconnecting...\nCIFS: Serverclose failed 4 times, giving up\nUnable to handle kernel paging request at virtual address 14de99e461f84a07\nMem abort info:\n ESR = 0x0000000096000004\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x04: level 0 translation fault\nData abort info:\n ISV = 0, ISS = 0x00000004\n CM = 0, WnR = 0\n[14de99e461f84a07] address between user and kernel address ranges\nInternal error: Oops: 0000000096000004 [#1] SMP\nModules linked in: cls_bpf sch_ingress nls_utf8 cifs cifs_arc4 cifs_md4 dns_resolver tcp_diag inet_diag veth xt_state xt_connmark nf_conntrack_netlink xt_nat xt_statistic xt_MASQUERADE xt_mark xt_addrtype ipt_REJECT nf_reject_ipv4 nft_chain_nat nf_nat xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_comment nft_compat nf_tables nfnetlink overlay nls_ascii nls_cp437 sunrpc vfat fat aes_ce_blk aes_ce_cipher ghash_ce sm4_ce_cipher sm4 sm3_ce sm3 sha3_ce sha512_ce sha512_arm64 sha1_ce ena button sch_fq_codel loop fuse configfs dmi_sysfs sha2_ce sha256_arm64 dm_mirror dm_region_hash dm_log dm_mod dax efivarfs\nCPU: 5 PID: 2690970 Comm: cifsd Not tainted 6.1.103-109.184.amzn2023.aarch64 #1\nHardware name: Amazon EC2 r7g.4xlarge/, BIOS 1.0 11/1/2018\npstate: 00400005 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : fib_rules_lookup+0x44/0x238\nlr : __fib_lookup+0x64/0xbc\nsp : ffff8000265db790\nx29: ffff8000265db790 x28: 0000000000000000 x27: 000000000000bd01\nx26: 0000000000000000 x25: ffff000b4baf8000 x24: ffff00047b5e4580\nx23: ffff8000265db7e0 x22: 0000000000000000 x21: ffff00047b5e4500\nx20: ffff0010e3f694f8 x19: 14de99e461f849f7 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\nx14: 0000000000000000 x13: 0000000000000000 x12: 3f92800abd010002\nx11: 0000000000000001 x10: ffff0010e3f69420 x9 : ffff800008a6f294\nx8 : 0000000000000000 x7 : 0000000000000006 x6 : 0000000000000000\nx5 : 0000000000000001 x4 : ffff001924354280 x3 : ffff8000265db7e0\nx2 : 0000000000000000 x1 : ffff0010e3f694f8 x0 : ffff00047b5e4500\nCall trace:\n fib_rules_lookup+0x44/0x238\n __fib_lookup+0x64/0xbc\n ip_route_output_key_hash_rcu+0x2c4/0x398\n ip_route_output_key_hash+0x60/0x8c\n tcp_v4_connect+0x290/0x488\n __inet_stream_connect+0x108/0x3d0\n inet_stream_connect+0x50/0x78\n kernel_connect+0x6c/0xac\n generic_ip_conne\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53095",
"url": "https://www.suse.com/security/cve/CVE-2024-53095"
},
{
"category": "external",
"summary": "SUSE Bug 1233642 for CVE-2024-53095",
"url": "https://bugzilla.suse.com/1233642"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53095"
},
{
"cve": "CVE-2024-53096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53096"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: resolve faulty mmap_region() error path behaviour\n\nThe mmap_region() function is somewhat terrifying, with spaghetti-like\ncontrol flow and numerous means by which issues can arise and incomplete\nstate, memory leaks and other unpleasantness can occur.\n\nA large amount of the complexity arises from trying to handle errors late\nin the process of mapping a VMA, which forms the basis of recently\nobserved issues with resource leaks and observable inconsistent state.\n\nTaking advantage of previous patches in this series we move a number of\nchecks earlier in the code, simplifying things by moving the core of the\nlogic into a static internal function __mmap_region().\n\nDoing this allows us to perform a number of checks up front before we do\nany real work, and allows us to unwind the writable unmap check\nunconditionally as required and to perform a CONFIG_DEBUG_VM_MAPLE_TREE\nvalidation unconditionally also.\n\nWe move a number of things here:\n\n1. We preallocate memory for the iterator before we call the file-backed\n memory hook, allowing us to exit early and avoid having to perform\n complicated and error-prone close/free logic. We carefully free\n iterator state on both success and error paths.\n\n2. The enclosing mmap_region() function handles the mapping_map_writable()\n logic early. Previously the logic had the mapping_map_writable() at the\n point of mapping a newly allocated file-backed VMA, and a matching\n mapping_unmap_writable() on success and error paths.\n\n We now do this unconditionally if this is a file-backed, shared writable\n mapping. If a driver changes the flags to eliminate VM_MAYWRITE, however\n doing so does not invalidate the seal check we just performed, and we in\n any case always decrement the counter in the wrapper.\n\n We perform a debug assert to ensure a driver does not attempt to do the\n opposite.\n\n3. We also move arch_validate_flags() up into the mmap_region()\n function. This is only relevant on arm64 and sparc64, and the check is\n only meaningful for SPARC with ADI enabled. We explicitly add a warning\n for this arch if a driver invalidates this check, though the code ought\n eventually to be fixed to eliminate the need for this.\n\nWith all of these measures in place, we no longer need to explicitly close\nthe VMA on error paths, as we place all checks which might fail prior to a\ncall to any driver mmap hook.\n\nThis eliminates an entire class of errors, makes the code easier to reason\nabout and more robust.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53096",
"url": "https://www.suse.com/security/cve/CVE-2024-53096"
},
{
"category": "external",
"summary": "SUSE Bug 1233756 for CVE-2024-53096",
"url": "https://bugzilla.suse.com/1233756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53096"
},
{
"cve": "CVE-2024-53100",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53100"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: tcp: avoid race between queue_lock lock and destroy\n\nCommit 76d54bf20cdc (\"nvme-tcp: don\u0027t access released socket during\nerror recovery\") added a mutex_lock() call for the queue-\u003equeue_lock\nin nvme_tcp_get_address(). However, the mutex_lock() races with\nmutex_destroy() in nvme_tcp_free_queue(), and causes the WARN below.\n\nDEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\nWARNING: CPU: 3 PID: 34077 at kernel/locking/mutex.c:587 __mutex_lock+0xcf0/0x1220\nModules linked in: nvmet_tcp nvmet nvme_tcp nvme_fabrics iw_cm ib_cm ib_core pktcdvd nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables qrtr sunrpc ppdev 9pnet_virtio 9pnet pcspkr netfs parport_pc parport e1000 i2c_piix4 i2c_smbus loop fuse nfnetlink zram bochs drm_vram_helper drm_ttm_helper ttm drm_kms_helper xfs drm sym53c8xx floppy nvme scsi_transport_spi nvme_core nvme_auth serio_raw ata_generic pata_acpi dm_multipath qemu_fw_cfg [last unloaded: ib_uverbs]\nCPU: 3 UID: 0 PID: 34077 Comm: udisksd Not tainted 6.11.0-rc7 #319\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014\nRIP: 0010:__mutex_lock+0xcf0/0x1220\nCode: 08 84 d2 0f 85 c8 04 00 00 8b 15 ef b6 c8 01 85 d2 0f 85 78 f4 ff ff 48 c7 c6 20 93 ee af 48 c7 c7 60 91 ee af e8 f0 a7 6d fd \u003c0f\u003e 0b e9 5e f4 ff ff 48 b8 00 00 00 00 00 fc ff df 4c 89 f2 48 c1\nRSP: 0018:ffff88811305f760 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff88812c652058 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001\nRBP: ffff88811305f8b0 R08: 0000000000000001 R09: ffffed1075c36341\nR10: ffff8883ae1b1a0b R11: 0000000000010498 R12: 0000000000000000\nR13: 0000000000000000 R14: dffffc0000000000 R15: ffff88812c652058\nFS: 00007f9713ae4980(0000) GS:ffff8883ae180000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fcd78483c7c CR3: 0000000122c38000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? __warn.cold+0x5b/0x1af\n ? __mutex_lock+0xcf0/0x1220\n ? report_bug+0x1ec/0x390\n ? handle_bug+0x3c/0x80\n ? exc_invalid_op+0x13/0x40\n ? asm_exc_invalid_op+0x16/0x20\n ? __mutex_lock+0xcf0/0x1220\n ? nvme_tcp_get_address+0xc2/0x1e0 [nvme_tcp]\n ? __pfx___mutex_lock+0x10/0x10\n ? __lock_acquire+0xd6a/0x59e0\n ? nvme_tcp_get_address+0xc2/0x1e0 [nvme_tcp]\n nvme_tcp_get_address+0xc2/0x1e0 [nvme_tcp]\n ? __pfx_nvme_tcp_get_address+0x10/0x10 [nvme_tcp]\n nvme_sysfs_show_address+0x81/0xc0 [nvme_core]\n dev_attr_show+0x42/0x80\n ? __asan_memset+0x1f/0x40\n sysfs_kf_seq_show+0x1f0/0x370\n seq_read_iter+0x2cb/0x1130\n ? rw_verify_area+0x3b1/0x590\n ? __mutex_lock+0x433/0x1220\n vfs_read+0x6a6/0xa20\n ? lockdep_hardirqs_on+0x78/0x100\n ? __pfx_vfs_read+0x10/0x10\n ksys_read+0xf7/0x1d0\n ? __pfx_ksys_read+0x10/0x10\n ? __x64_sys_openat+0x105/0x1d0\n do_syscall_64+0x93/0x180\n ? lockdep_hardirqs_on_prepare+0x16d/0x400\n ? do_syscall_64+0x9f/0x180\n ? lockdep_hardirqs_on+0x78/0x100\n ? do_syscall_64+0x9f/0x180\n ? __pfx_ksys_read+0x10/0x10\n ? lockdep_hardirqs_on_prepare+0x16d/0x400\n ? do_syscall_64+0x9f/0x180\n ? lockdep_hardirqs_on+0x78/0x100\n ? do_syscall_64+0x9f/0x180\n ? lockdep_hardirqs_on_prepare+0x16d/0x400\n ? do_syscall_64+0x9f/0x180\n ? lockdep_hardirqs_on+0x78/0x100\n ? do_syscall_64+0x9f/0x180\n ? lockdep_hardirqs_on_prepare+0x16d/0x400\n ? do_syscall_64+0x9f/0x180\n ? lockdep_hardirqs_on+0x78/0x100\n ? do_syscall_64+0x9f/0x180\n ? lockdep_hardirqs_on_prepare+0x16d/0x400\n ? do_syscall_64+0x9f/0x180\n ? lockdep_hardirqs_on+0x78/0x100\n ? do_syscall_64+0x9f/0x180\n ? do_syscall_64+0x9f/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f9713f55cfa\nCode: 55 48 89 e5 48 83 ec 20 48 89 55 e8 48 89 75 f0 89 7d f8 e8 e8 74 f8 ff 48 8b 55 e8 48 8b 75 f0 4\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53100",
"url": "https://www.suse.com/security/cve/CVE-2024-53100"
},
{
"category": "external",
"summary": "SUSE Bug 1233771 for CVE-2024-53100",
"url": "https://bugzilla.suse.com/1233771"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53100"
},
{
"cve": "CVE-2024-53101",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53101"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: Fix uninitialized value issue in from_kuid and from_kgid\n\nocfs2_setattr() uses attr-\u003eia_mode, attr-\u003eia_uid and attr-\u003eia_gid in\na trace point even though ATTR_MODE, ATTR_UID and ATTR_GID aren\u0027t set.\n\nInitialize all fields of newattrs to avoid uninitialized variables, by\nchecking if ATTR_MODE, ATTR_UID, ATTR_GID are initialized, otherwise 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53101",
"url": "https://www.suse.com/security/cve/CVE-2024-53101"
},
{
"category": "external",
"summary": "SUSE Bug 1233769 for CVE-2024-53101",
"url": "https://bugzilla.suse.com/1233769"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53101"
},
{
"cve": "CVE-2024-53104",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53104"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format\n\nThis can lead to out of bounds writes since frames of this type were not\ntaken into account when calculating the size of the frames buffer in\nuvc_parse_streaming.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53104",
"url": "https://www.suse.com/security/cve/CVE-2024-53104"
},
{
"category": "external",
"summary": "SUSE Bug 1234025 for CVE-2024-53104",
"url": "https://bugzilla.suse.com/1234025"
},
{
"category": "external",
"summary": "SUSE Bug 1236783 for CVE-2024-53104",
"url": "https://bugzilla.suse.com/1236783"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "important"
}
],
"title": "CVE-2024-53104"
},
{
"cve": "CVE-2024-53106",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53106"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nima: fix buffer overrun in ima_eventdigest_init_common\n\nFunction ima_eventdigest_init() calls ima_eventdigest_init_common()\nwith HASH_ALGO__LAST which is then used to access the array\nhash_digest_size[] leading to buffer overrun. Have a conditional\nstatement to handle this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53106",
"url": "https://www.suse.com/security/cve/CVE-2024-53106"
},
{
"category": "external",
"summary": "SUSE Bug 1234083 for CVE-2024-53106",
"url": "https://bugzilla.suse.com/1234083"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53106"
},
{
"cve": "CVE-2024-53108",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53108"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Adjust VSDB parser for replay feature\n\nAt some point, the IEEE ID identification for the replay check in the\nAMD EDID was added. However, this check causes the following\nout-of-bounds issues when using KASAN:\n\n[ 27.804016] BUG: KASAN: slab-out-of-bounds in amdgpu_dm_update_freesync_caps+0xefa/0x17a0 [amdgpu]\n[ 27.804788] Read of size 1 at addr ffff8881647fdb00 by task systemd-udevd/383\n\n...\n\n[ 27.821207] Memory state around the buggy address:\n[ 27.821215] ffff8881647fda00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 27.821224] ffff8881647fda80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 27.821234] \u003effff8881647fdb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[ 27.821243] ^\n[ 27.821250] ffff8881647fdb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[ 27.821259] ffff8881647fdc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 27.821268] ==================================================================\n\nThis is caused because the ID extraction happens outside of the range of\nthe edid lenght. This commit addresses this issue by considering the\namd_vsdb_block size.\n\n(cherry picked from commit b7e381b1ccd5e778e3d9c44c669ad38439a861d8)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53108",
"url": "https://www.suse.com/security/cve/CVE-2024-53108"
},
{
"category": "external",
"summary": "SUSE Bug 1234081 for CVE-2024-53108",
"url": "https://bugzilla.suse.com/1234081"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53108"
},
{
"cve": "CVE-2024-53110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53110"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvp_vdpa: fix id_table array not null terminated error\n\nAllocate one extra virtio_device_id as null terminator, otherwise\nvdpa_mgmtdev_get_classes() may iterate multiple times and visit\nundefined memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53110",
"url": "https://www.suse.com/security/cve/CVE-2024-53110"
},
{
"category": "external",
"summary": "SUSE Bug 1234085 for CVE-2024-53110",
"url": "https://bugzilla.suse.com/1234085"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53110"
},
{
"cve": "CVE-2024-53112",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53112"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: uncache inode which has failed entering the group\n\nSyzbot has reported the following BUG:\n\nkernel BUG at fs/ocfs2/uptodate.c:509!\n...\nCall Trace:\n \u003cTASK\u003e\n ? __die_body+0x5f/0xb0\n ? die+0x9e/0xc0\n ? do_trap+0x15a/0x3a0\n ? ocfs2_set_new_buffer_uptodate+0x145/0x160\n ? do_error_trap+0x1dc/0x2c0\n ? ocfs2_set_new_buffer_uptodate+0x145/0x160\n ? __pfx_do_error_trap+0x10/0x10\n ? handle_invalid_op+0x34/0x40\n ? ocfs2_set_new_buffer_uptodate+0x145/0x160\n ? exc_invalid_op+0x38/0x50\n ? asm_exc_invalid_op+0x1a/0x20\n ? ocfs2_set_new_buffer_uptodate+0x2e/0x160\n ? ocfs2_set_new_buffer_uptodate+0x144/0x160\n ? ocfs2_set_new_buffer_uptodate+0x145/0x160\n ocfs2_group_add+0x39f/0x15a0\n ? __pfx_ocfs2_group_add+0x10/0x10\n ? __pfx_lock_acquire+0x10/0x10\n ? mnt_get_write_access+0x68/0x2b0\n ? __pfx_lock_release+0x10/0x10\n ? rcu_read_lock_any_held+0xb7/0x160\n ? __pfx_rcu_read_lock_any_held+0x10/0x10\n ? smack_log+0x123/0x540\n ? mnt_get_write_access+0x68/0x2b0\n ? mnt_get_write_access+0x68/0x2b0\n ? mnt_get_write_access+0x226/0x2b0\n ocfs2_ioctl+0x65e/0x7d0\n ? __pfx_ocfs2_ioctl+0x10/0x10\n ? smack_file_ioctl+0x29e/0x3a0\n ? __pfx_smack_file_ioctl+0x10/0x10\n ? lockdep_hardirqs_on_prepare+0x43d/0x780\n ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10\n ? __pfx_ocfs2_ioctl+0x10/0x10\n __se_sys_ioctl+0xfb/0x170\n do_syscall_64+0xf3/0x230\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n \u003c/TASK\u003e\n\nWhen \u0027ioctl(OCFS2_IOC_GROUP_ADD, ...)\u0027 has failed for the particular\ninode in \u0027ocfs2_verify_group_and_input()\u0027, corresponding buffer head\nremains cached and subsequent call to the same \u0027ioctl()\u0027 for the same\ninode issues the BUG() in \u0027ocfs2_set_new_buffer_uptodate()\u0027 (trying\nto cache the same buffer head of that inode). Fix this by uncaching\nthe buffer head with \u0027ocfs2_remove_from_cache()\u0027 on error path in\n\u0027ocfs2_group_add()\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53112",
"url": "https://www.suse.com/security/cve/CVE-2024-53112"
},
{
"category": "external",
"summary": "SUSE Bug 1234087 for CVE-2024-53112",
"url": "https://bugzilla.suse.com/1234087"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53112"
},
{
"cve": "CVE-2024-53114",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53114"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client\n\nA number of Zen4 client SoCs advertise the ability to use virtualized\nVMLOAD/VMSAVE, but using these instructions is reported to be a cause\nof a random host reboot.\n\nThese instructions aren\u0027t intended to be advertised on Zen4 client\nso clear the capability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53114",
"url": "https://www.suse.com/security/cve/CVE-2024-53114"
},
{
"category": "external",
"summary": "SUSE Bug 1234072 for CVE-2024-53114",
"url": "https://bugzilla.suse.com/1234072"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53114"
},
{
"cve": "CVE-2024-53121",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53121"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: fs, lock FTE when checking if active\n\nThe referenced commits introduced a two-step process for deleting FTEs:\n\n- Lock the FTE, delete it from hardware, set the hardware deletion function\n to NULL and unlock the FTE.\n- Lock the parent flow group, delete the software copy of the FTE, and\n remove it from the xarray.\n\nHowever, this approach encounters a race condition if a rule with the same\nmatch value is added simultaneously. In this scenario, fs_core may set the\nhardware deletion function to NULL prematurely, causing a panic during\nsubsequent rule deletions.\n\nTo prevent this, ensure the active flag of the FTE is checked under a lock,\nwhich will prevent the fs_core layer from attaching a new steering rule to\nan FTE that is in the process of deletion.\n\n[ 438.967589] MOSHE: 2496 mlx5_del_flow_rules del_hw_func\n[ 438.968205] ------------[ cut here ]------------\n[ 438.968654] refcount_t: decrement hit 0; leaking memory.\n[ 438.969249] WARNING: CPU: 0 PID: 8957 at lib/refcount.c:31 refcount_warn_saturate+0xfb/0x110\n[ 438.970054] Modules linked in: act_mirred cls_flower act_gact sch_ingress openvswitch nsh mlx5_vdpa vringh vhost_iotlb vdpa mlx5_ib mlx5_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm ib_uverbs ib_core zram zsmalloc fuse [last unloaded: cls_flower]\n[ 438.973288] CPU: 0 UID: 0 PID: 8957 Comm: tc Not tainted 6.12.0-rc1+ #8\n[ 438.973888] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n[ 438.974874] RIP: 0010:refcount_warn_saturate+0xfb/0x110\n[ 438.975363] Code: 40 66 3b 82 c6 05 16 e9 4d 01 01 e8 1f 7c a0 ff 0f 0b c3 cc cc cc cc 48 c7 c7 10 66 3b 82 c6 05 fd e8 4d 01 01 e8 05 7c a0 ff \u003c0f\u003e 0b c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 90\n[ 438.976947] RSP: 0018:ffff888124a53610 EFLAGS: 00010286\n[ 438.977446] RAX: 0000000000000000 RBX: ffff888119d56de0 RCX: 0000000000000000\n[ 438.978090] RDX: ffff88852c828700 RSI: ffff88852c81b3c0 RDI: ffff88852c81b3c0\n[ 438.978721] RBP: ffff888120fa0e88 R08: 0000000000000000 R09: ffff888124a534b0\n[ 438.979353] R10: 0000000000000001 R11: 0000000000000001 R12: ffff888119d56de0\n[ 438.979979] R13: ffff888120fa0ec0 R14: ffff888120fa0ee8 R15: ffff888119d56de0\n[ 438.980607] FS: 00007fe6dcc0f800(0000) GS:ffff88852c800000(0000) knlGS:0000000000000000\n[ 438.983984] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 438.984544] CR2: 00000000004275e0 CR3: 0000000186982001 CR4: 0000000000372eb0\n[ 438.985205] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 438.985842] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 438.986507] Call Trace:\n[ 438.986799] \u003cTASK\u003e\n[ 438.987070] ? __warn+0x7d/0x110\n[ 438.987426] ? refcount_warn_saturate+0xfb/0x110\n[ 438.987877] ? report_bug+0x17d/0x190\n[ 438.988261] ? prb_read_valid+0x17/0x20\n[ 438.988659] ? handle_bug+0x53/0x90\n[ 438.989054] ? exc_invalid_op+0x14/0x70\n[ 438.989458] ? asm_exc_invalid_op+0x16/0x20\n[ 438.989883] ? refcount_warn_saturate+0xfb/0x110\n[ 438.990348] mlx5_del_flow_rules+0x2f7/0x340 [mlx5_core]\n[ 438.990932] __mlx5_eswitch_del_rule+0x49/0x170 [mlx5_core]\n[ 438.991519] ? mlx5_lag_is_sriov+0x3c/0x50 [mlx5_core]\n[ 438.992054] ? xas_load+0x9/0xb0\n[ 438.992407] mlx5e_tc_rule_unoffload+0x45/0xe0 [mlx5_core]\n[ 438.993037] mlx5e_tc_del_fdb_flow+0x2a6/0x2e0 [mlx5_core]\n[ 438.993623] mlx5e_flow_put+0x29/0x60 [mlx5_core]\n[ 438.994161] mlx5e_delete_flower+0x261/0x390 [mlx5_core]\n[ 438.994728] tc_setup_cb_destroy+0xb9/0x190\n[ 438.995150] fl_hw_destroy_filter+0x94/0xc0 [cls_flower]\n[ 438.995650] fl_change+0x11a4/0x13c0 [cls_flower]\n[ 438.996105] tc_new_tfilter+0x347/0xbc0\n[ 438.996503] ? __\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53121",
"url": "https://www.suse.com/security/cve/CVE-2024-53121"
},
{
"category": "external",
"summary": "SUSE Bug 1234078 for CVE-2024-53121",
"url": "https://bugzilla.suse.com/1234078"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53121"
},
{
"cve": "CVE-2024-53138",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53138"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: kTLS, Fix incorrect page refcounting\n\nThe kTLS tx handling code is using a mix of get_page() and\npage_ref_inc() APIs to increment the page reference. But on the release\npath (mlx5e_ktls_tx_handle_resync_dump_comp()), only put_page() is used.\n\nThis is an issue when using pages from large folios: the get_page()\nreferences are stored on the folio page while the page_ref_inc()\nreferences are stored directly in the given page. On release the folio\npage will be dereferenced too many times.\n\nThis was found while doing kTLS testing with sendfile() + ZC when the\nserved file was read from NFS on a kernel with NFS large folios support\n(commit 49b29a573da8 (\"nfs: add support for large folios\")).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53138",
"url": "https://www.suse.com/security/cve/CVE-2024-53138"
},
{
"category": "external",
"summary": "SUSE Bug 1234223 for CVE-2024-53138",
"url": "https://bugzilla.suse.com/1234223"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53138"
}
]
}
SUSE-SU-2025:20163-1
Vulnerability from csaf_suse - Published: 2025-03-27 12:56 - Updated: 2025-03-27 12:56Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-52778: mptcp: deal with large GSO size (bsc#1224948).
- CVE-2023-52920: bpf: support non-r10 register spill/fill to/from stack in precision tracking (bsc#1232823).
- CVE-2024-26596: net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events (bsc#1220355).
- CVE-2024-26741: dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished() (bsc#1222587).
- CVE-2024-26782: mptcp: fix double-free on socket dismantle (bsc#1222590).
- CVE-2024-26953: net: esp: fix bad handling of pages from page_pool (bsc#1223656).
- CVE-2024-27017: netfilter: nft_set_pipapo: walk over current view on netlink dump (bsc#1223733).
- CVE-2024-35888: erspan: make sure erspan_base_hdr is present in skb->head (bsc#1224518).
- CVE-2024-36000: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (bsc#1224548).
- CVE-2024-36244: net/sched: taprio: extend minimum interval restriction to entire cycle too (bsc#1226797).
- CVE-2024-36883: net: fix out-of-bounds access in ops_init (bsc#1225725).
- CVE-2024-36886: tipc: fix UAF in error path (bsc#1225730).
- CVE-2024-36905: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (bsc#1225742).
- CVE-2024-36927: ipv4: Fix uninit-value access in __ip_make_skb() (bsc#1225813).
- CVE-2024-36954: tipc: fix a possible memleak in tipc_buf_append (bsc#1225764).
- CVE-2024-36968: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() (bsc#1226130).
- CVE-2024-38589: netrom: fix possible dead-lock in nr_rt_ioctl() (bsc#1226748).
- CVE-2024-40914: mm/huge_memory: do not unpoison huge_zero_folio (bsc#1227842).
- CVE-2024-41023: sched/deadline: Fix task_struct reference leak (bsc#1228430).
- CVE-2024-41031: mm/filemap: skip to create PMD-sized page cache if needed (bsc#1228454).
- CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620).
- CVE-2024-42102: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" (bsc#1233132).
- CVE-2024-44958: sched/smt: Fix unbalance sched_smt_present dec/inc (bsc#1230179).
- CVE-2024-44995: net: hns3: fix a deadlock problem when config TC during resetting (bsc#1230231).
- CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429).
- CVE-2024-45025: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (bsc#1230456).
- CVE-2024-46678: bonding: change ipsec_lock from spin lock to mutex (bsc#1230550).
- CVE-2024-46680: Bluetooth: btnxpuart: Fix random crash seen while removing driver (bsc#1230557).
- CVE-2024-46681: pktgen: use cpus_read_lock() in pg_net_init() (bsc#1230558).
- CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710)
- CVE-2024-46754: bpf: Remove tst_run from lwt_seg6local_prog_ops (bsc#1230801).
- CVE-2024-46765: ice: protect XDP configuration with a mutex (bsc#1230807).
- CVE-2024-46766: ice: move netif_queue_set_napi to rtnl-protected sections (bsc#1230762).
- CVE-2024-46770: ice: Add netif_device_attach/detach into PF reset flow (bsc#1230763).
- CVE-2024-46775: drm/amd/display: Validate function returns (bsc#1230774).
- CVE-2024-46777: udf: Avoid excessive partition lengths (bsc#1230773).
- CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827).
- CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191).
- CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197).
- CVE-2024-46826: ELF: fix kernel.randomize_va_space double read (bsc#1231115).
- CVE-2024-46831: net: microchip: vcap: Fix use-after-free error in kunit test (bsc#1231117).
- CVE-2024-46834: ethtool: fail closed if we can't get max channel used in indirection tables (bsc#1231096).
- CVE-2024-46840: btrfs: clean up our handling of refs == 0 in snapshot delete (bsc#1231105).
- CVE-2024-46841: btrfs: do not BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() (bsc#1231094).
- CVE-2024-46843: scsi: ufs: core: Remove SCSI host only if added (bsc#1231100).
- CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084).
- CVE-2024-46855: netfilter: nft_socket: fix sk refcount leaks (bsc#1231085).
- CVE-2024-46857: net/mlx5: Fix bridge mode operations when there are no VFs (bsc#1231087).
- CVE-2024-46870: drm/amd/display: Disable DMCUB timeout for DCN35 (bsc#1231435).
- CVE-2024-47658: crypto: stm32/cryp - call finalize with bh disabled (bsc#1231436).
- CVE-2024-47660: fsnotify: clear PARENT_WATCHED flags lazily (bsc#1231439).
- CVE-2024-47664: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware (bsc#1231442).
- CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673).
- CVE-2024-47679: vfs: fix race between evice_inodes() and find_inode()&iput() (bsc#1231930).
- CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987).
- CVE-2024-47685: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (bsc#1231998).
- CVE-2024-47687: vdpa/mlx5: Fix invalid mr resource destroy (bsc#1232003).
- CVE-2024-47692: nfsd: return -EINVAL when namelen is 0 (bsc#1231857).
- CVE-2024-47701: ext4: avoid OOB when system.data xattr changes underneath the filesystem (bsc#1231920).
- CVE-2024-47703: bpf, lsm: add check for BPF LSM return value (bsc#1231946).
- CVE-2024-47704: drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944).
- CVE-2024-47705: block: fix potential invalid pointer dereference in blk_add_partition (bsc#1231872).
- CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942).
- CVE-2024-47707: ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (bsc#1231935).
- CVE-2024-47710: sock_map: Add a cond_resched() in sock_hash_free() (bsc#1232049).
- CVE-2024-47727: x86/tdx: Fix "in-kernel MMIO" check (bsc#1232116).
- CVE-2024-47730: crypto: hisilicon/qm - inject error before stopping queue (bsc#1232075).
- CVE-2024-47731: drivers/perf: Fix ali_drw_pmu driver interrupt status clearing (bsc#1232117).
- CVE-2024-47739: padata: use integer wrap around to prevent deadlock on seq_nr overflow (bsc#1232124).
- CVE-2024-47741: btrfs: fix race setting file private on concurrent lseek using same fd (bsc#1231869).
- CVE-2024-47745: mm: call the security_mmap_file() LSM hook in remap_file_pages() (bsc#1232135).
- CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145).
- CVE-2024-47752: media: mediatek: vcodec: Fix H264 stateless decoder smatch warning (bsc#1232130).
- CVE-2024-47753: media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning (bsc#1231868).
- CVE-2024-47754: media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning (bsc#1232131).
- CVE-2024-49852: scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() (bsc#1232819).
- CVE-2024-49864: rxrpc: Fix a race between socket set up and I/O thread creation (bsc#1232256).
- CVE-2024-49867: btrfs: wait for fixup workers before stopping cleaner kthread during umount (bsc#1232262).
- CVE-2024-49868: btrfs: fix a NULL pointer dereference when failed to start a new trasacntion (bsc#1232272).
- CVE-2024-49881: ext4: update orig_path in ext4_find_extent() (bsc#1232201).
- CVE-2024-49882: ext4: fix double brelse() the buffer of the extents path (bsc#1232200).
- CVE-2024-49883: ext4: aovid use-after-free in ext4_ext_insert_extent() (bsc#1232199).
- CVE-2024-49888: bpf: Fix a sdiv overflow issue (bsc#1232208).
- CVE-2024-49890: drm/amd/pm: ensure the fw_info is not null before using it (bsc#1232217).
- CVE-2024-49892: drm/amd/display: Initialize get_bytes_per_element's default to 1 (bsc#1232220).
- CVE-2024-49894: drm/amd/display: Fix index out of bounds in degamma hardware format translation (bsc#1232354).
- CVE-2024-49895: drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation (bsc#1232352).
- CVE-2024-49896: drm/amd/display: Check stream before comparing them (bsc#1232221).
- CVE-2024-49897: drm/amd/display: Check phantom_stream before it is used (bsc#1232355).
- CVE-2024-49898: drm/amd/display: Check null-initialized variables (bsc#1232222).
- CVE-2024-49899: drm/amd/display: Initialize denominators' default to 1 (bsc#1232358).
- CVE-2024-49901: drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs (bsc#1232305).
- CVE-2024-49906: drm/amd/display: Check null pointer before try to access it (bsc#1232332).
- CVE-2024-49907: drm/amd/display: Check null pointers before using dc->clk_mgr (bsc#1232334).
- CVE-2024-49909: drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func (bsc#1232337).
- CVE-2024-49911: drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func (bsc#1232366).
- CVE-2024-49912: drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream' (bsc#1232367).
- CVE-2024-49913: drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream (bsc#1232307).
- CVE-2024-49914: drm/amd/display: Add null check for pipe_ctx->plane_state in (bsc#1232369).
- CVE-2024-49917: drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn30_init_hw (bsc#1231965).
- CVE-2024-49918: drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer (bsc#1231967).
- CVE-2024-49919: drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer (bsc#1231968).
- CVE-2024-49920: drm/amd/display: Check null pointers before multiple uses (bsc#1232313).
- CVE-2024-49921: drm/amd/display: Check null pointers before used (bsc#1232371).
- CVE-2024-49922: drm/amd/display: Check null pointers before using them (bsc#1232374).
- CVE-2024-49923: drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags (bsc#1232361).
- CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224)
- CVE-2024-49933: blk_iocost: fix more out of bound shifts (bsc#1232368).
- CVE-2024-49934: fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name (bsc#1232387).
- CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424).
- CVE-2024-49944: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start (bsc#1232166).
- CVE-2024-49945: net/ncsi: Disable the ncsi work before freeing the associated structure (bsc#1232165).
- CVE-2024-49946: ppp: do not assume bh is held in ppp_channel_bridge_input() (bsc#1232164).
- CVE-2024-49949: net: avoid potential underflow in qdisc_pkt_len_init() with UFO (bsc#1232160).
- CVE-2024-49950: Bluetooth: L2CAP: Fix uaf in l2cap_connect (bsc#1232159).
- CVE-2024-49952: netfilter: nf_tables: prevent nf_skb_duplicated corruption (bsc#1232157).
- CVE-2024-49953: net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice (bsc#1232156).
- CVE-2024-49954: static_call: Replace pointless WARN_ON() in static_call_module_notify() (bsc#1232155).
- CVE-2024-49958: ocfs2: reserve space for inline xattr before attaching reflink tree (bsc#1232151).
- CVE-2024-49959: jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (bsc#1232149).
- CVE-2024-49960: ext4: fix timer use-after-free on failed mount (bsc#1232395).
- CVE-2024-49967: ext4: no need to continue when the number of entries is 1 (bsc#1232140).
- CVE-2024-49968: ext4: filesystems without casefold feature cannot be mounted with siphash (bsc#1232264).
- CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519).
- CVE-2024-49972: drm/amd/display: Deallocate DML memory if allocation fails (bsc#1232315).
- CVE-2024-49973: r8169: add tally counter fields added with RTL8125 (bsc#1232105).
- CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383).
- CVE-2024-49983: ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free (bsc#1232096).
- CVE-2024-49986: platform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors (bsc#1232093).
- CVE-2024-49987: bpftool: Fix undefined behavior in qsort(NULL, 0, ...) (bsc#1232258).
- CVE-2024-49989: drm/amd/display: fix double free issue during amdgpu module unload (bsc#1232483).
- CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282).
- CVE-2024-49993: iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count (bsc#1232316).
- CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432).
- CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points (bsc#1232089).
- CVE-2024-50000: net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (bsc#1232085).
- CVE-2024-50001: net/mlx5: Fix error path in multi-packet WQE transmit (bsc#1232084).
- CVE-2024-50002: static_call: Handle module init failure correctly in static_call_del_module() (bsc#1232083).
- CVE-2024-50003: drm/amd/display: Fix system hang while resume with TBT monitor (bsc#1232385).
- CVE-2024-50004: drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35 (bsc#1232396).
- CVE-2024-50006: ext4: fix i_data_sem unlock order in ext4_ind_migrate() (bsc#1232442).
- CVE-2024-50009: cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value (bsc#1232318).
- CVE-2024-50012: cpufreq: Avoid a bad reference count on CPU node (bsc#1232386).
- CVE-2024-50014: ext4: fix access to uninitialised lock in fc replay path (bsc#1232446).
- CVE-2024-50015: ext4: dax: fix overflowing extents beyond inode size when partially writing (bsc#1232079).
- CVE-2024-50020: ice: Fix improper handling of refcount in ice_sriov_set_msix_vec_count() (bsc#1231989).
- CVE-2024-50021: ice: Fix improper handling of refcount in ice_dpll_init_rclk_pins() (bsc#1231957).
- CVE-2024-50022: device-dax: correct pgoff align in dax_set_mapping() (bsc#1231956).
- CVE-2024-50024: net: Fix an unsafe loop on the list (bsc#1231954).
- CVE-2024-50027: thermal: core: Free tzp copy along with the thermal zone (bsc#1231951).
- CVE-2024-50028: thermal: core: Reference count the zone in thermal_zone_get_by_id() (bsc#1231950).
- CVE-2024-50033: slip: make slhc_remember() more robust against malicious packets (bsc#1231914).
- CVE-2024-50035: ppp: fix ppp_async_encode() illegal access (bsc#1232392).
- CVE-2024-50040: igb: Do not bring the device up after non-fatal error (bsc#1231908).
- CVE-2024-50041: i40e: Fix macvlan leak by synchronizing access to mac_filter_hash (bsc#1231907).
- CVE-2024-50042: ice: Fix increasing MSI-X on VF (bsc#1231906).
- CVE-2024-50045: netfilter: br_netfilter: fix panic with metadata_dst skb (bsc#1231903).
- CVE-2024-50046: NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() (bsc#1231902).
- CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418).
- CVE-2024-50059: ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition (bsc#1232345).
- CVE-2024-50060: io_uring: check if we need to reschedule during overflow flush (bsc#1232417).
- CVE-2024-50063: bpf: Prevent tail call between progs attached to different hooks (bsc#1232435).
- CVE-2024-50064: zram: free secondary algorithms names (bsc#1231901).
- CVE-2024-50080: ublk: do not allow user copy for unprivileged device (bsc#1232502).
- CVE-2024-50081: blk-mq: setup queue ->tag_set before initializing hctx (bsc#1232501).
- CVE-2024-50082: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (bsc#1232500).
- CVE-2024-50084: net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test() (bsc#1232494).
- CVE-2024-50087: btrfs: fix uninitialized pointer free on read_alloc_one_name() error (bsc#1232499).
- CVE-2024-50088: btrfs: fix uninitialized pointer free in add_inode_ref() (bsc#1232498).
- CVE-2024-50098: scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down (bsc#1232881).
- CVE-2024-50110: xfrm: fix one more kernel-infoleak in algo dumping (bsc#1232885).
- CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919).
- CVE-2024-50124: Bluetooth: ISO: Fix UAF on iso_sock_timeout (bsc#1232926).
- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928).
- CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907).
- CVE-2024-50128: net: wwan: fix global oob in wwan_rtnl_policy (bsc#1232905).
- CVE-2024-50130: netfilter: bpf: must hold reference on net namespace (bsc#1232894).
- CVE-2024-50138: bpf: Use raw_spinlock_t in ringbuf (bsc#1232935).
- CVE-2024-50139: KVM: arm64: Fix shift-out-of-bounds bug (bsc#1233062).
- CVE-2024-50145: octeon_ep: add SKB allocation failures handling in __octep_oq_process_rx() (bsc#1233044).
- CVE-2024-50153: scsi: target: core: Fix null-ptr-deref in target_alloc_device() (bsc#1233061).
- CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233070).
- CVE-2024-50166: fsl/fman: Fix refcount handling of fman-related devices (bsc#1233050).
- CVE-2024-50167: be2net: fix potential memory leak in be_xmit() (bsc#1233049).
- CVE-2024-50169: vsock: Update rx_bytes on read_skb() (bsc#1233320).
- CVE-2024-50171: net: systemport: fix potential memory leak in bcm_sysport_xmit() (bsc#1233057).
- CVE-2024-50177: drm/amd/display: fix a UBSAN warning in DML2.1 (bsc#1233115).
- CVE-2024-50182: secretmem: disable memfd_secret() if arch cannot set direct map (bsc#1233129).
- CVE-2024-50184: virtio_pmem: Check device status before requesting flush (bsc#1233135).
- CVE-2024-50186: net: explicitly clear the sk pointer, when pf->create fails (bsc#1233110).
- CVE-2024-50192: irqchip/gic-v4: Do not allow a VMOVP on a dying VPE (bsc#1233106).
- CVE-2024-50225: btrfs: fix error propagation of split bios (bsc#1233193).
- CVE-2024-50228: mm: shmem: fix data-race in shmem_getattr() (bsc#1233204).
- CVE-2024-50230: nilfs2: fix kernel bug due to missing clearing of checked flag (bsc#1233206).
- CVE-2024-50245: fs/ntfs3: Fix possible deadlock in mi_read (bsc#1233203).
- CVE-2024-50246: fs/ntfs3: Add rough attr alloc_size check (bsc#1233207).
- CVE-2024-50250: fsdax: dax_unshare_iter needs to copy entire blocks (bsc#1233226).
- CVE-2024-50252: mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address (bsc#1233201).
- CVE-2024-50257: netfilter: Fix use-after-free in get_info() (bsc#1233244).
- CVE-2024-50261: macsec: Fix use-after-free while sending the offloading packet (bsc#1233253).
- CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453).
- CVE-2024-50271: signal: restore the override_rlimit logic (bsc#1233460).
- CVE-2024-50273: btrfs: reinitialize delayed ref list after deleting it from the list (bsc#1233462).
- CVE-2024-50274: idpf: avoid vport access in idpf_get_link_ksettings (bsc#1233463).
- CVE-2024-50275: arm64/sve: Discard stale CPU state when handling SVE traps (bsc#1233464).
- CVE-2024-50276: net: vertexcom: mse102x: Fix possible double free of TX skb (bsc#1233465).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
- CVE-2024-50289: media: av7110: fix a spectre vulnerability (bsc#1233478).
- CVE-2024-50295: net: arc: fix the device for dma_map_single/dma_unmap_single (bsc#1233484).
- CVE-2024-50296: net: hns3: fix kernel crash when uninstalling driver (bsc#1233485).
- CVE-2024-50298: net: enetc: allocate vf_state during PF probes (bsc#1233487).
- CVE-2024-53042: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() (bsc#1233540).
- CVE-2024-53043: mctp i2c: handle NULL header address (bsc#1233523).
- CVE-2024-53048: ice: fix crash on probe for DPLL enabled E810 LOM (bsc#1233721).
- CVE-2024-53051: drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability (bsc#1233547).
- CVE-2024-53055: wifi: iwlwifi: mvm: fix 6 GHz scan construction (bsc#1233550).
- CVE-2024-53056: drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy() (bsc#1233568).
- CVE-2024-53058: net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data (bsc#1233552).
- CVE-2024-53079: mm/thp: fix deferred split unqueue naming and locking (bsc#1233570).
- CVE-2024-53082: virtio_net: Add hash_key_length check (bsc#1233573).
- CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642).
- CVE-2024-53110: vp_vdpa: fix id_table array not null terminated error (bsc#1234085).
- CVE-2024-53121: net/mlx5: fs, lock FTE when checking if active (bsc#1234078).
- CVE-2024-53138: net/mlx5e: kTLS, Fix incorrect page refcounting (bsc#1234223).
The following non-security bugs were fixed:
- 9p: explicitly deny setlease attempts (git-fixes).
- ACPI: CPPC: Add support for setting EPP register in FFH (stable-fixes).
- ACPI: CPPC: Fix _CPC register setting issue (git-fixes).
- ACPI: CPPC: Make rmw_lock a raw_spin_lock (git-fixes).
- ACPI: EC: Do not release locks during operation region accesses (stable-fixes).
- ACPI: PAD: fix crash in exit_round_robin() (stable-fixes).
- ACPI: PRM: Clean up guid type in struct prm_handler_info (git-fixes).
- ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context (git-fixes).
- ACPI: battery: Fix possible crash when unregistering a battery hook (git-fixes).
- ACPI: battery: Simplify battery hook locking (stable-fixes).
- ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue (stable-fixes).
- ACPI: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[] (stable-fixes).
- ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[] (stable-fixes).
- ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[] (stable-fixes).
- ACPI: resource: Add another DMI match for the TongFang GMxXGxx (stable-fixes).
- ACPI: video: Add force_vendor quirk for Panasonic Toughbook CF-18 (stable-fixes).
- ACPICA: Fix memory leak if acpi_ps_get_next_field() fails (stable-fixes).
- ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails (stable-fixes).
- ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() (stable-fixes).
- ACPICA: iasl: handle empty connection_node (stable-fixes).
- ALSA/hda: intel-sdw-acpi: cleanup sdw_intel_scan_controller (stable-fixes).
- ALSA/hda: intel-sdw-acpi: fetch fwnode once in sdw_intel_scan_controller() (stable-fixes).
- ALSA/hda: intel-sdw-acpi: simplify sdw-master-count property read (stable-fixes).
- ALSA: 6fire: Release resources at card release (git-fixes).
- ALSA: Reorganize kerneldoc parameter names (stable-fixes).
- ALSA: ac97: bus: Fix the mistake in the comment (git-fixes).
- ALSA: asihpi: Fix potential OOB array access (stable-fixes).
- ALSA: caiaq: Use snd_card_free_when_closed() at disconnection (git-fixes).
- ALSA: core: add isascii() check to card ID generator (stable-fixes).
- ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (git-fixes).
- ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init() (git-fixes).
- ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2 (stable-fixes).
- ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne 1000 G2 (git-fixes).
- ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin (git-fixes).
- ALSA: hda/conexant: fix Z60MR100 startup pop issue (stable-fixes).
- ALSA: hda/conexant: fix some typos (stable-fixes).
- ALSA: hda/cs8409: Fix possible NULL dereference (git-fixes).
- ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs (bsc#1219803).
- ALSA: hda/realtek - Fixed Clevo platform headset Mic issue (stable-fixes).
- ALSA: hda/realtek - update set GPIO3 to default for Thinkpad with ALC1318 (git-fixes).
- ALSA: hda/realtek: Add a quirk for HP Pavilion 15z-ec200 (stable-fixes).
- ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9 (stable-fixes).
- ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593 (stable-fixes).
- ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13 (stable-fixes).
- ALSA: hda/realtek: Add support for Samsung Galaxy Book3 360 (NP730QFG) (stable-fixes).
- ALSA: hda/realtek: Apply quirk for Medion E15433 (bsc#1233298).
- ALSA: hda/realtek: Enable mic on Vaio VJFH52 (stable-fixes).
- ALSA: hda/realtek: Enable mute and micmute LED on HP ProBook 430 G8 (stable-fixes).
- ALSA: hda/realtek: Enable speaker pins for Medion E15443 platform (bsc#1233298).
- ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max (bsc#1233298).
- ALSA: hda/realtek: Fix headset mic on TUXEDO Gemini 17 Gen3 (stable-fixes).
- ALSA: hda/realtek: Fix headset mic on TUXEDO Stellaris 16 Gen6 mb1 (stable-fixes).
- ALSA: hda/realtek: Fix the push button function for the ALC257 (git-fixes).
- ALSA: hda/realtek: Limit internal Mic boost on Dell platform (stable-fixes).
- ALSA: hda/realtek: Refactor and simplify Samsung Galaxy Book init (stable-fixes).
- ALSA: hda/realtek: Set PCBeep to default value for ALC274 (stable-fixes).
- ALSA: hda/realtek: Update ALC225 depop procedure (git-fixes).
- ALSA: hda/realtek: Update ALC256 depop procedure (git-fixes).
- ALSA: hda/realtek: Update default depop procedure (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LED for HP mt645 G8 (stable-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP EliteBook 645 G10 (stable-fixes).
- ALSA: hda/realtek: tas2781: Fix ROG ALLY X audio (stable-fixes).
- ALSA: hda/tas2781: Add new quirk for Lenovo Y990 Laptop (stable-fixes).
- ALSA: hda/tas2781: Add new quirk for Lenovo, ASUS, Dell projects (stable-fixes).
- ALSA: hda/tas2781: select CRC32 instead of CRC32_SARWATE (git-fixes).
- ALSA: hda: Poll jack events for LS7A HD-Audio (stable-fixes).
- ALSA: hda: Show the codec quirk info at probing (stable-fixes).
- ALSA: hda: Sound support for HP Spectre x360 16 inch model 2024 (stable-fixes).
- ALSA: hda: tas2781: Fix missing setup at runtime PM (bsc#1230132).
- ALSA: hdsp: Break infinite MIDI input flush loop (stable-fixes).
- ALSA: ice1712: Remove redundant code in stac9460_dac_vol_put (stable-fixes).
- ALSA: line6: add hw monitor volume control to POD HD500X (stable-fixes).
- ALSA: line6: update contact information (stable-fixes).
- ALSA: mixer_oss: Remove some incorrect kfree_const() usages (git-fixes).
- ALSA: pcm: Add sanity NULL check for the default mmap fault handler (stable-fixes).
- ALSA: silence integer wrapping warning (stable-fixes).
- ALSA: ump: Fix evaluation of MIDI 1.0 FB info (git-fixes).
- ALSA: us122l: Use snd_card_free_when_closed() at disconnection (git-fixes).
- ALSA: usb-audio: Add Pioneer DJ/AlphaTheta DJM-A9 Mixer (stable-fixes).
- ALSA: usb-audio: Add delay quirk for VIVO USB-C HEADSET (stable-fixes).
- ALSA: usb-audio: Add input value sanity checks for standard types (stable-fixes).
- ALSA: usb-audio: Add logitech Audio profile quirk (stable-fixes).
- ALSA: usb-audio: Add native DSD support for Luxman D-08u (stable-fixes).
- ALSA: usb-audio: Add quirk for HP 320 FHD Webcam (bsc#1232768).
- ALSA: usb-audio: Add quirks for Dell WD19 dock (stable-fixes).
- ALSA: usb-audio: Define macros for quirk table entries (stable-fixes).
- ALSA: usb-audio: Fix Yamaha P-125 Quirk Entry (stable-fixes).
- ALSA: usb-audio: Fix a DMA to stack memory bug (git-fixes).
- ALSA: usb-audio: Fix out of bounds reads when finding clock sources (stable-fixes).
- ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices (git-fixes).
- ALSA: usb-audio: Make mic volume workarounds globally applicable (stable-fixes).
- ALSA: usb-audio: Replace complex quirk lines with macros (stable-fixes).
- ALSA: usb-audio: Use snprintf instead of sprintf in build_mixer_unit_ctl (stable-fixes).
- ALSA: usb-audio: add mixer mapping for Corsair HS80 (stable-fixes).
- ALSA: usx2y: Use snd_card_free_when_closed() at disconnection (git-fixes).
- ASoC: Intel: avs: da7219: Remove suspend_pre() and resume_post() (stable-fixes).
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet (stable-fixes).
- ASoC: Intel: bytcr_rt5640: Add support for non ACPI instantiated codec (stable-fixes).
- ASoC: Intel: sst: Fix used of uninitialized ctx to log an error (git-fixes).
- ASoC: Intel: sst: Support LPE0F28 ACPI HID (stable-fixes).
- ASoC: SOF: Add i2s bt dai configuration support for AMD platforms (bsc#1233305).
- ASoC: SOF: Add support for configuring PDM interface from topology (bsc#1233305).
- ASoC: SOF: Deprecate invalid enums in IPC3 (bsc#1233305).
- ASoC: SOF: IPC4: get pipeline priority from topology (bsc#1233305).
- ASoC: SOF: IPC4: synchronize fw_config_params with fw definitions (bsc#1233305).
- ASoC: SOF: Refactor sof_i2s_tokens reading to update acpbt dai (bsc#1233305).
- ASoC: SOF: Rename amd_bt sof_dai_type (bsc#1233305).
- ASoC: SOF: Wire up buffer flags (bsc#1233305).
- ASoC: SOF: add alignment for topology header file struct definition (bsc#1233305).
- ASoC: SOF: align topology header file with sof topology header (bsc#1233305).
- ASoC: SOF: ipc3-topology: Convert the topology pin index to ALH dai index (git-fixes).
- ASoC: SOF: ipc3-topology: fix resource leaks in sof_ipc3_widget_setup_comp_dai() (git-fixes).
- ASoC: SOF: ipc4-control: Add support for ALSA enum control (bsc#1233305).
- ASoC: SOF: ipc4-control: Add support for ALSA switch control (bsc#1233305).
- ASoC: SOF: ipc4-mtrace: move debug slot related definitions to header.h (bsc#1233305).
- ASoC: SOF: ipc4-topology: Add deep buffer size to debug prints (bsc#1233305).
- ASoC: SOF: ipc4-topology: Add definition for generic switch/enum control (bsc#1233305).
- ASoC: SOF: ipc4-topology: Add module ID print during module set up (bsc#1233305).
- ASoC: SOF: ipc4-topology: Helper to find an swidget by module/instance id (bsc#1233305).
- ASoC: SOF: ipc4-topology: Only handle dai_config with HW_PARAMS for ChainDMA (bsc#1233305).
- ASoC: SOF: ipc4-topology: change chain_dma handling in dai_config (bsc#1233305).
- ASoC: SOF: ipc4-topology: export sof_ipc4_copier_is_single_format (bsc#1233305).
- ASoC: SOF: ipc4-topology: set config_length based on device_count (bsc#1233305).
- ASoC: SOF: ipc4: Add data struct for module notification message from firmware (bsc#1233305).
- ASoC: SOF: ipc4: Add new message type: SOF_IPC4_GLB_LOAD_LIBRARY_PREPARE (bsc#1233305).
- ASoC: SOF: sof-client-probes-ipc4: Set param_size extension bits (git-fixes).
- ASoC: SOF: topology: Parse DAI type token for dspless mode (bsc#1233305).
- ASoC: SOF: topology: dynamically allocate and store DAI widget->private (bsc#1233305).
- ASoC: amd: yc: Add quirk for ASUS Vivobook S15 M3502RA (stable-fixes).
- ASoC: amd: yc: Add quirk for HP Dragonfly pro one (stable-fixes).
- ASoC: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry (git-fixes).
- ASoC: amd: yc: Fix non-functional mic on ASUS E1404FA (stable-fixes).
- ASoC: amd: yc: Support dmic on another model of Lenovo Thinkpad E14 Gen 6 (stable-fixes).
- ASoC: amd: yc: fix internal mic on Xiaomi Book Pro 14 2022 (stable-fixes).
- ASoC: atmel: mchp-pdmc: Skip ALSA restoration if substream runtime is uninitialized (git-fixes).
- ASoC: audio-graph-card2: Purge absent supplies for device tree nodes (stable-fixes).
- ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() (git-fixes).
- ASoC: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to default regs values (stable-fixes).
- ASoC: codecs: rt5640: Always disable IRQs from rt5640_cancel_work() (stable-fixes).
- ASoC: codecs: wsa883x: Handle reading version failure (stable-fixes).
- ASoC: cs42l51: Fix some error handling paths in cs42l51_probe() (git-fixes).
- ASoC: dapm: fix bounds checker error in dapm_widget_list_create (git-fixes).
- ASoC: fsl_micfil: Add sample rate constraint (stable-fixes).
- ASoC: fsl_micfil: fix regmap_write_bits usage (git-fixes).
- ASoC: fsl_sai: Enable 'FIFO continue on error' FCONT bit (stable-fixes).
- ASoC: imx-card: Set card.owner to avoid a warning calltrace if SND=m (git-fixes).
- ASoC: max98388: Fix missing increment of variable slot_found (git-fixes).
- ASoC: mediatek: mt8188-mt6359: Remove hardcoded dmic codec (git-fixes).
- ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() (git-fixes).
- ASoC: qcom: sm8250: add qrb4210-rb2-sndcard compatible string (stable-fixes).
- ASoC: rt722-sdca: Remove logically deadcode in rt722-sdca.c (git-fixes).
- ASoC: rt722-sdca: increase clk_stop_timeout to fix clock stop issue (stable-fixes).
- ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove (git-fixes).
- ASoC: stm: Prevent potential division by zero in stm32_sai_get_clk_div() (stable-fixes).
- ASoC: stm: Prevent potential division by zero in stm32_sai_mclk_round_rate() (stable-fixes).
- ASoC: tas2781: Add new driver version for tas2563 & tas2781 qfn chip (stable-fixes).
- ASoC: tas2781: Use of_property_read_reg() (stable-fixes).
- Bluetooth: Call iso_exit() on module unload (git-fixes).
- Bluetooth: ISO: Fix multiple init when debugfs is disabled (git-fixes).
- Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync (git-fixes).
- Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change (git-fixes).
- Bluetooth: Remove debugfs directory on module init failure (git-fixes).
- Bluetooth: bnep: fix wild-memory-access in proto_unregister (git-fixes).
- Bluetooth: btintel: Direct exception event to bluetooth stack (git-fixes).
- Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test (bsc#1230557)
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0489:0xe122 (stable-fixes).
- Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 (git-fixes).
- Bluetooth: fix use-after-free in device_for_each_child() (git-fixes).
- Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs (git-fixes).
- Bluetooth: hci_core: Fix calling mgmt_device_connected (git-fixes).
- Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (git-fixes).
- Documentation: kgdb: Correct parameter error (git-fixes).
- HID: Ignore battery for all ELAN I2C-HID devices (stable-fixes).
- HID: amd_sfh: Switch to device-managed dmam_alloc_coherent() (git-fixes).
- HID: core: zero-initialize the report buffer (git-fixes).
- HID: i2c-hid: Remove I2C_HID_QUIRK_SET_PWR_WAKEUP_DEV quirk (stable-fixes).
- HID: lenovo: Add support for Thinkpad X1 Tablet Gen 3 keyboard (stable-fixes).
- HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad (stable-fixes).
- HID: multitouch: Add quirk for Logitech Bolt receiver w/ Casa touchpad (stable-fixes).
- HID: multitouch: Add support for B2402FVA track point (stable-fixes).
- HID: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio (stable-fixes).
- HID: multitouch: Add support for lenovo Y9000P Touchpad (stable-fixes).
- HID: plantronics: Workaround for an unexcepted opposite volume key (stable-fixes).
- HID: wacom: Interpret tilt data from Intuos Pro BT as signed values (git-fixes).
- HID: wacom: fix when get product name maybe null pointer (git-fixes).
- Input: adp5589-keys - fix NULL pointer dereference (git-fixes).
- Input: adp5589-keys - fix adp5589_gpio_get_value() (git-fixes).
- Input: edt-ft5x06 - fix regmap leak when probe fails (git-fixes).
- Input: hideep - add missing dependency on REGMAP_I2C (git-fixes).
- Input: hycon-hy46xx - add missing dependency on REGMAP_I2C (git-fixes).
- Input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk table (stable-fixes).
- Input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk table (stable-fixes).
- Input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD line (stable-fixes).
- Input: xpad - add GameSir T4 Kaleid Controller support (git-fixes).
- Input: xpad - add GameSir VID for Xbox One controllers (git-fixes).
- Input: xpad - add support for 8BitDo Ultimate 2C Wireless Controller (git-fixes).
- Input: xpad - add support for MSI Claw A1M (git-fixes).
- Input: xpad - add support for Machenike G5 Pro Controller (git-fixes).
- Input: xpad - fix support for some third-party controllers (git-fixes).
- Input: xpad - sort xpad_device by vendor and product ID (git-fixes).
- Input: xpad - spelling fixes for "Xbox" (git-fixes).
- KVM: Fix coalesced_mmio_has_room() to avoid premature userspace exit (git-fixes).
- KVM: PPC: Book3S HV: Avoid returning to nested hypervisor on pending doorbells (bsc#1215199).
- KVM: PPC: Book3S HV: Stop using vc->dpdes for nested KVM guests (bsc#1215199).
- KVM: PPC: Book3S HV: remove unused varible (bsc#1194869).
- KVM: SEV-ES: Fix svm_get_msr()/svm_set_msr() for KVM_SEV_ES_INIT guests (bsc#1232207).
- KVM: SEV-ES: Prevent MSR access post VMSA encryption (bsc#1232207).
- KVM: SVM: Disallow guest from changing userspace's MSR_AMD64_DE_CFG value (git-fixes).
- KVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock (git-fixes).
- KVM: VMX: Also clear SGX EDECCSSA in KVM CPU caps when SGX is disabled (git-fixes).
- KVM: VMX: Set PFERR_GUEST_{FINAL,PAGE}_MASK if and only if the GVA is valid (git-fixes).
- KVM: Write the per-page "segment" when clearing (part of) a guest page (git-fixes).
- KVM: s390: Change virtual to physical address access in diag 0x258 handler (git-fixes bsc#1232626).
- KVM: s390: Fix SORTL and DFLTCC instruction format error in __insn32_query (git-fixes bsc#1231276).
- KVM: s390: gaccess: Check if guest address is in memslot (git-fixes bsc#1232623).
- KVM: x86/mmu: Skip emulation on page fault iff 1+ SPs were unprotected (git-fixes).
- KVM: x86/mmu: Trigger unprotect logic only on write-protection page faults (git-fixes).
- KVM: x86: Dedup fastpath MSR post-handling logic (git-fixes).
- KVM: x86: Enforce x2APIC's must-be-zero reserved ICR bits (git-fixes).
- KVM: x86: Exit to userspace if fastpath triggers one on instruction skip (git-fixes).
- KVM: x86: Move x2APIC ICR helper above kvm_apic_write_nodecode() (git-fixes).
- KVM: x86: Re-enter guest if WRMSR(X2APIC_ICR) fastpath is successful (git-fixes).
- KVM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC) (git-fixes).
- NFS: Avoid unnecessary rescanning of the per-server delegation list (git-fixes).
- NFS: remove revoked delegation from server's delegation list (git-fixes).
- NFSD: Fix NFSv4's PUTPUBFH operation (git-fixes).
- NFSD: Mark filecache "down" if init fails (git-fixes).
- NFSv3: only use NFS timeout for MOUNT when protocols are compatible (bsc#1231016).
- NFSv4: Fix clearing of layout segments in layoutreturn (git-fixes).
- PCI: Add ACS quirk for Qualcomm SA8775P (stable-fixes).
- PCI: Add T_PVPERL macro (git-fixes).
- PCI: Add function 0 DMA alias quirk for Glenfly Arise chip (stable-fixes).
- PCI: Fix pci_enable_acs() support for the ACS quirks (bsc#1229019).
- PCI: Fix reset_method_store() memory leak (git-fixes).
- PCI: Mark Creative Labs EMU20k2 INTx masking as broken (stable-fixes).
- PCI: endpoint: Clear secondary (not primary) EPC in pci_epc_remove_epf() (git-fixes).
- PCI: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds (git-fixes).
- PCI: keystone: Add link up check to ks_pcie_other_map_bus() (git-fixes).
- PCI: keystone: Set mode as Root Complex for "ti,keystone-pcie" compatible (git-fixes).
- PCI: rockchip-ep: Fix address translation unit programming (git-fixes).
- RAS/AMD/ATL: Add amd_atl pr_fmt() prefix (jsc#PED-10559).
- RAS/AMD/ATL: Expand helpers for adding and removing base and hole (jsc#PED-10559).
- RAS/AMD/ATL: Implement DF 4.5 NP2 denormalization (jsc#PED-10559).
- RAS/AMD/ATL: Read DRAM hole base early (jsc#PED-10559).
- RAS/AMD/ATL: Validate address map when information is gathered (jsc#PED-10559).
- RDMA/bnxt_re: Add a check for memory allocation (git-fixes)
- RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop (git-fixes)
- RDMA/bnxt_re: Change the sequence of updating the CQ toggle value (git-fixes)
- RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey (git-fixes)
- RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (git-fixes)
- RDMA/bnxt_re: Fix a possible memory leak (git-fixes)
- RDMA/bnxt_re: Fix incorrect AVID type in WQE structure (git-fixes)
- RDMA/bnxt_re: Fix incorrect dereference of srq in async event (git-fixes)
- RDMA/bnxt_re: Fix out of bound check (git-fixes)
- RDMA/bnxt_re: Fix the GID table length (git-fixes)
- RDMA/bnxt_re: Fix the max CQ WQEs for older adapters (git-fixes)
- RDMA/bnxt_re: Fix the usage of control path spin locks (git-fixes)
- RDMA/bnxt_re: Return more meaningful error (git-fixes)
- RDMA/bnxt_re: synchronize the qp-handle table array (git-fixes)
- RDMA/core: Fix ENODEV error for iWARP test over vlan (git-fixes)
- RDMA/cxgb4: Dump vendor specific QP details (git-fixes)
- RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP (git-fixes)
- RDMA/hns: Add mutex_destroy() (git-fixes)
- RDMA/hns: Disassociate mmap pages for all uctx when HW is being reset (git-fixes)
- RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (git-fixes)
- RDMA/hns: Fix an AEQE overflow error caused by untimely update of eq_db_ci (git-fixes)
- RDMA/hns: Fix cpu stuck caused by printings during reset (git-fixes)
- RDMA/hns: Fix different dgids mapping to the same dip_idx (git-fixes)
- RDMA/hns: Fix flush cqe error when racing with destroy qp (git-fixes)
- RDMA/hns: Fix out-of-order issue of requester when setting FENCE (git-fixes)
- RDMA/hns: Use dev_* printings in hem code instead of ibdev_* (git-fixes)
- RDMA/hns: Use macro instead of magic number (git-fixes)
- RDMA/irdma: Fix misspelling of "accept*" (git-fixes)
- RDMA/mad: Improve handling of timed out WRs of mad agent (git-fixes)
- RDMA/mana_ib: use the correct page size for mapping user-mode doorbell page (git-fixes).
- RDMA/mana_ib: use the correct page table index based on hardware page size (git-fixes).
- RDMA/mlx5: Enforce umem boundaries for explicit ODP page faults (git-fixes)
- RDMA/mlx5: Move events notifier registration to be after device registration (git-fixes)
- RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down (git-fixes)
- RDMA/mlx5: Use sq timestamp as QP timestamp when RoCE is disabled (git-fixes).
- RDMA/rtrs-srv: Avoid null pointer deref during path establishment (git-fixes)
- RDMA/rxe: Fix the qp flush warnings in req (git-fixes)
- RDMA/rxe: Set queue pair cur_qp_state when being queried (git-fixes)
- RDMA/siw: Add sendpage_ok() check to disable MSG_SPLICE_PAGES (git-fixes)
- RDMA/srpt: Make slab cache names unique (git-fixes)
- Revert "ALSA: hda/conexant: Mute speakers at suspend / shutdown" (bsc#1228269).
- Revert "ALSA: hda: Conditionally use snooping for AMD HDMI" (stable-fixes).
- Revert "KEYS: encrypted: Add check for strsep" (git-fixes).
- Revert "KVM: PPC: Book3S HV Nested: Stop forwarding all HFUs to L1" (bsc#1215199).
- Revert "RDMA/core: Fix ENODEV error for iWARP test over vlan" (git-fixes)
- Revert "cgroup: Fix memory leak caused by missing cgroup_bpf_offline" (bsc#1234108).
- Revert "cpufreq: brcmstb-avs-cpufreq: Fix initial command check" (stable-fixes).
- Revert "driver core: Fix uevent_show() vs driver detach race" (git-fixes).
- Revert "ixgbe: Manual AN-37 for troublesome link partners for X550 SFI" (git-fixes).
- Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" (git-fixes).
- Revert "ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path" (git-fixes).
- Revert "usb: gadget: composite: fix OS descriptors w_value logic" (git-fixes).
- Revert "wifi: iwlwifi: remove retry loops in start" (git-fixes).
- SUNRPC: Fix integer overflow in decode_rc_list() (git-fixes).
- SUNRPC: Fixup gss_status tracepoint error output (git-fixes).
- SUNRPC: Remove BUG_ON call sites (git-fixes).
- SUNRPC: clnt.c: Remove misleading comment (git-fixes).
- USB: appledisplay: close race between probe and completion handler (git-fixes).
- USB: chaoskey: Fix possible deadlock chaoskey_list_lock (git-fixes).
- USB: chaoskey: fail open after removal (git-fixes).
- USB: gadget: dummy-hcd: Fix "task hung" problem (git-fixes).
- USB: misc: cypress_cy7c63: check for short transfer (git-fixes).
- USB: misc: yurex: fix race between read and write (git-fixes).
- USB: serial: ftdi_sio: Fix atomicity violation in get_serial_info() (git-fixes).
- USB: serial: io_edgeport: fix use after free in debug printk (git-fixes).
- USB: serial: option: add Fibocom FG132 0x0112 composition (stable-fixes).
- USB: serial: option: add Quectel RG650V (stable-fixes).
- USB: serial: option: add Telit FN920C04 MBIM compositions (stable-fixes).
- USB: serial: option: add support for Quectel EG916Q-GL (stable-fixes).
- USB: serial: qcserial: add support for Sierra Wireless EM86xx (stable-fixes).
- accel/qaic: Fix the for loop used to walk SG table (git-fixes).
- accel: Use XArray instead of IDR for minors (jsc#PED-11580).
- acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() (git-fixes).
- ad7780: fix division by zero in ad7780_write_raw() (git-fixes).
- aes-gcm-p10: Use the correct bit to test for P10 (bsc#1232704).
- amd-pstate: Set min_perf to nominal_perf for active mode performance gov (git-fixes).
- apparmor: fix 'Do simple duplicate message elimination' (git-fixes).
- apparmor: test: Fix memory leak for aa_unpack_strdup() (git-fixes).
- apparmor: use kvfree_sensitive to free data->data (git-fixes).
- arm64: Subscribe Microsoft Azure Cobalt 100 to erratum 3194386 (git-fixes)
- arm64: cputype: Add Neoverse-N3 definitions (git-fixes)
- arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer (git-fixes)
- arm64: dts: freescale: imx8mm-verdin: Fix SD regulator startup delay (git-fixes)
- arm64: dts: freescale: imx8mp-verdin: Fix SD regulator startup delay (git-fixes)
- arm64: dts: imx8-ss-vpu: Fix imx8qm VPU IRQs (git-fixes)
- arm64: dts: imx8qxp: Add VPU subsystem file (git-fixes)
- arm64: dts: imx93: add nvmem property for eqos (git-fixes)
- arm64: dts: imx93: add nvmem property for fec1 (git-fixes)
- arm64: dts: imx93: add ocotp node (git-fixes)
- arm64: dts: rockchip: Add DTS for FriendlyARM NanoPi R2S Plus (git-fixes)
- arm64: dts: rockchip: Correct GPIO polarity on brcm BT nodes (git-fixes)
- arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc (git-fixes)
- arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards (git-fixes)
- arm64: dts: rockchip: Fix bluetooth properties on rk3566 box demo (git-fixes)
- arm64: dts: rockchip: Fix reset-gpios property on brcm BT nodes (git-fixes)
- arm64: dts: rockchip: Fix rt5651 compatible value on (git-fixes)
- arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-eaidk-610 (git-fixes)
- arm64: dts: rockchip: Fix wakeup prop names on PineNote BT node (git-fixes)
- arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma (git-fixes)
- arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328 (git-fixes)
- arm64: dts: rockchip: Remove undocumented supports-emmc property (git-fixes)
- arm64: dts: rockchip: fix i2c2 pinctrl-names property on (git-fixes)
- arm64: dts: rockchip: remove num-slots property from (git-fixes)
- arm64: dts: rockchip: remove orphaned pinctrl-names from pinephone (git-fixes)
- arm64: errata: Enable the AC03_CPU_38 workaround for ampere1a (git-fixes).
- arm64: errata: Expand speculative SSBS workaround once more (git-fixes)
- arm64: esr: Define ESR_ELx_EC_* constants as UL (git-fixes)
- arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG (git-fixes)
- arm64: fix selection of HAVE_DYNAMIC_FTRACE_WITH_ARGS (git-fixes).
- arm64: probes: Fix simulate_ldr*_literal() (git-fixes)
- arm64: probes: Fix uprobes for big-endian kernels (git-fixes)
- arm64: probes: Remove broken LDR (literal) uprobe support (git-fixes)
- arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint (git-fixes)
- arm64: smccc: replace custom COUNT_ARGS() & CONCATENATE() (git-fixes)
- arm64: tegra: Move AGX Orin nodes to correct location (git-fixes)
- arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled (git-fixes)
- ata: libata: Set DID_TIME_OUT for commands that actually timed out (git-fixes).
- ata: libata: avoid superfluous disk spin down + spin up during hibernation (git-fixes).
- audit: do not WARN_ON_ONCE(!current->mm) in audit_exe_compare() (git-fixes).
- audit: do not take task_lock() in audit_exe_compare() code path (git-fixes).
- block: print symbolic error name instead of error code (bsc#1231872).
- block: sed-opal: add ioctl IOC_OPAL_SET_SID_PW (bsc#1229677).
- bnxt_en: Cap the size of HWRM_PORT_PHY_QCFG forwarded response (git-fixes).
- bnxt_en: Fix error recovery for 5760X (P7) chips (git-fixes).
- bnxt_en: Fix the PCI-AER routines (git-fixes).
- bnxt_en: Restore PTP tx_avail count in case of skb_pad() error (git-fixes).
- bnxt_en: refactor reset close code (git-fixes).
- bpf, arm64: Fix address emission with tag-based KASAN enabled (git-fixes)
- bpf, arm64: Remove garbage frame for struct_ops trampoline (git-fixes)
- bpf, lsm: Add disabled BPF LSM hook list (git-fixes).
- bpf, net: Fix a potential race in do_sock_getsockopt() (git-fixes).
- bpf, sockmap: SK_DROP on attempted redirects of unsupported af_vsock (git-fixes).
- bpf, verifier: Correct tail_call_reachable for bpf prog (git-fixes).
- bpf, vsock: Drop static vsock_bpf_prot initialization (git-fixes).
- bpf, x64: Remove tail call detection (git-fixes).
- bpf,perf: Fix perf_event_detach_bpf_prog error handling (git-fixes).
- bpf: Fail verification for sign-extension of packet data/data_end/data_meta (git-fixes).
- bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit (git-fixes).
- bpf: Fix error message on kfunc arg type mismatch (git-fixes).
- bpf: Fix helper writes to read-only maps (git-fixes).
- bpf: Fix tailcall cases in test_bpf (git-fixes).
- bpf: Fix truncation bug in coerce_reg_to_size_sx() (git-fixes).
- bpf: Improve check_raw_mode_ok test for MEM_UNINIT-tagged types (git-fixes).
- bpf: Remove truncation test in bpf_strtol and bpf_strtoul helpers (git-fixes).
- bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error (git-fixes).
- bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos (git-fixes).
- btf, scripts: rust: drop is_rust_module.sh (bsc#1230414 bsc#1229450).
- btrfs: merge btrfs_orig_bbio_end_io() into btrfs_bio_end_io() (bsc#1233193)
- btrfs: send: fix invalid clone operation for file that got its size decreased (git-fixes).
- can: c_can: c_can_handle_bus_err(): update statistics if skb allocation fails (git-fixes).
- can: c_can: fix {rx,tx}_errors statistics (git-fixes).
- can: dev: can_set_termination(): allow sleeping GPIOs (git-fixes).
- can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: hi311x: hi3110_can_ist(): fix potential use-after-free (git-fixes).
- can: hi311x: hi3110_can_ist(): fix {rx,tx}_errors statistics (git-fixes).
- can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: j1939: j1939_session_new(): fix skb reference counting (git-fixes).
- can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: mcp251xfd: mcp251xfd_get_tef_len(): fix length calculation (git-fixes).
- can: mcp251xfd: mcp251xfd_get_tef_len(): work around erratum DS80000789E 6 (git-fixes).
- can: mcp251xfd: mcp251xfd_ring_alloc(): fix coalescing configuration when switching CAN modes (git-fixes).
- can: netlink: avoid call to do_set_data_bittiming callback with stale can_priv::ctrlmode (stable-fixes).
- can: sja1000: sja1000_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL (git-fixes).
- can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics (git-fixes).
- ceph: fix cap ref leak via netfs init_request (bsc#1231384).
- cgroup/bpf: only cgroup v2 can be attached by bpf programs (bsc#1234108).
- clk: bcm: bcm53573: fix OF node leak in init (stable-fixes).
- clk: clk-apple-nco: Add NULL check in applnco_probe (git-fixes).
- clk: clk-axi-clkgen: make sure to enable the AXI bus clock (git-fixes).
- clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D (stable-fixes).
- clk: imx: clk-scu: fix clk enable state save and restore (git-fixes).
- clk: imx: fracn-gppll: correct PLL initialization flow (git-fixes).
- clk: imx: fracn-gppll: fix pll power up (git-fixes).
- clk: imx: lpcg-scu: SW workaround for errata (e10858) (git-fixes).
- clk: qcom: clk-alpha-pll: drop lucid-evo pll enabled warning (git-fixes).
- clk: qcom: clk-alpha-pll: fix lucid 5lpe pll enabled check (git-fixes).
- clk: qcom: gcc-qcs404: fix initial rate of GPLL3 (git-fixes).
- clk: renesas: rzg2l: Fix FOUTPOSTDIV clk (git-fixes).
- clk: sunxi-ng: d1: Fix PLL_AUDIO0 preset (git-fixes).
- comedi: Flush partial mappings in error case (git-fixes).
- comedi: ni_routing: tools: Check when the file could not be opened (stable-fixes).
- config s390x: build ultravisor userspace access into the kernel (bsc#1232090).
- config.sh: Remove Arm build project, we do not build armv7 configs
- config: Disable LAM on x86 (bsc#1217845).
- cpufreq/amd-pstate: Fix amd_pstate mode switch on shared memory systems (git-fixes).
- cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost() (git-fixes).
- cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw() (git-fixes).
- cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_cost() (git-fixes).
- cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_power() (git-fixes).
- cpufreq: loongson2: Unregister platform_driver on failure (git-fixes).
- cpufreq: mediatek-hw: Fix wrong return value in mtk_cpufreq_get_cpu_power() (git-fixes).
- crypto: aes-gcm-p10 - Use the correct bit to test for P10 (bsc#1232704).
- crypto: api - Fix liveliness check in crypto_alg_tested (stable-fixes).
- crypto: bcm - add error check in the ahash_hmac_init function (git-fixes).
- crypto: caam - Fix the pointer passed to caam_qi_shutdown() (git-fixes).
- crypto: caam - add error check to caam_rsa_set_priv_key_form (git-fixes).
- crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() (git-fixes).
- crypto: cavium - Fix the if condition to exit loop after timeout (git-fixes).
- crypto: hisilicon/qm - flush all work before driver removed (bsc#1232075)
- crypto: inside-secure - Fix the return value of safexcel_xcbcmac_cra_init() (git-fixes).
- crypto: octeontx - Fix authenc setkey (stable-fixes).
- crypto: octeontx* - Select CRYPTO_AUTHENC (git-fixes).
- crypto: octeontx2 - Fix authenc setkey (stable-fixes).
- crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY (git-fixes).
- crypto: powerpc/p10-aes-gcm - Add dependency on CRYPTO_SIMD and re-enable CRYPTO_AES_GCM_P10 (bsc#1230501 ltc#208632).
- crypto: powerpc/p10-aes-gcm - Disable CRYPTO_AES_GCM_P10 (bsc#1230501 ltc#208632).
- crypto: powerpc/p10-aes-gcm - Re-write AES/GCM stitched implementation (bsc#1230501 ltc#208632).
- crypto: powerpc/p10-aes-gcm - Register modules as SIMD (bsc#1230501 ltc#208632).
- crypto: qat - remove check after debugfs_create_dir() (git-fixes).
- crypto: qat - remove faulty arbiter config reset (git-fixes).
- crypto: qat/qat_4xxx - fix off by one in uof_get_name() (git-fixes).
- crypto: x86/aegis128 - access 32-bit arguments as 32-bit (git-fixes).
- cxgb4: Properly lock TX queue for the selftest (git-fixes).
- cxgb4: add forgotten u64 ivlan cast before shift (git-fixes).
- cxgb4: unnecessary check for 0 in the free_sge_txq_uld() function (git-fixes).
- cxl: downgrade a warning message to debug level in cxl_probe_component_regs() (bsc#1229165).
- dcache: keep dentry_hashtable or d_hash_shift even when not used (git-fixes).
- debugfs: fix automount d_fsdata usage (git-fixes).
- devlink: Fix command annotation documentation (git-fixes).
- dma-fence: Fix reference leak on fence merge failure path (git-fixes).
- dma-fence: Use kernel's sort for merging fences (git-fixes).
- dmaengine: sh: rz-dmac: handle configs where one address is zero (git-fixes).
- dmaengine: ti: k3-udma: Set EOP for all TRs in cyclic BCDMA transfer (git-fixes).
- doc: rcu: update printed dynticks counter bits (git-fixes).
- driver core: bus: Fix double free in driver API bus_register() (stable-fixes).
- driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute (stable-fixes).
- drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend() (git-fixes).
- drm/amd/amdgpu: Fix double unlock in amdgpu_mes_add_ring (git-fixes).
- drm/amd/display: Add HDMI DSC native YCbCr422 support (stable-fixes).
- drm/amd/display: Add disable timeout option (bsc#1231435)
- drm/amd/display: Adjust VSDB parser for replay feature (stable-fixes).
- drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944)
- drm/amd/display: Check null pointer before dereferencing se (stable-fixes).
- drm/amd/display: Clean up dsc blocks in accelerated mode (stable-fixes).
- drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too (stable-fixes).
- drm/amd/display: Fix brightness level not retained over reboot (git-fixes).
- drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe (git-fixes).
- drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp (git-fixes).
- drm/amd/display: Remove a redundant check in authenticated_dp (stable-fixes).
- drm/amd/display: Revert "Check HDCP returned status" (stable-fixes).
- drm/amd/display: Round calculated vtotal (stable-fixes).
- drm/amd/display: Skip to enable dsc if it has been off (stable-fixes).
- drm/amd/display: Validate backlight caps are sane (stable-fixes).
- drm/amd/pm: Vangogh: Fix kernel memory out of bounds write (git-fixes).
- drm/amd: Add some missing straps from NBIO 7.11.0 (git-fixes).
- drm/amd: Fix initialization mistake for NBIO 7.7.0 (stable-fixes).
- drm/amd: Guard against bad data for ATIF ACPI method (git-fixes).
- drm/amdgpu/swsmu: Only force workload setup on init (git-fixes).
- drm/amdgpu/vcn: enable AV1 on both instances (stable-fixes).
- drm/amdgpu: Adjust debugfs eviction and IB access permissions (stable-fixes).
- drm/amdgpu: Adjust debugfs register access permissions (stable-fixes).
- drm/amdgpu: Fix DPX valid mode check on GC 9.4.3 (git-fixes).
- drm/amdgpu: Fix JPEG v4.0.3 register write (git-fixes).
- drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() (stable-fixes).
- drm/amdgpu: fix check in gmc_v9_0_get_vm_pte() (git-fixes).
- drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported (git-fixes).
- drm/amdkfd: Accounting pdd vram_usage for svm (stable-fixes).
- drm/amdkfd: Fix wrong usage of INIT_WORK() (git-fixes).
- drm/bridge: anx7625: Drop EDID cache on bridge power off (git-fixes).
- drm/bridge: it6505: Drop EDID cache on bridge power off (git-fixes).
- drm/bridge: tc358767: Fix link properties discovery (git-fixes).
- drm/bridge: tc358768: Fix DSI command tx (git-fixes).
- drm/etnaviv: Request pages from DMA32 zone on addressing_limited (git-fixes).
- drm/etnaviv: hold GPU lock across perfmon sampling (git-fixes).
- drm/i915/gem: fix bitwise and logical AND mixup (git-fixes).
- drm/i915/hdcp: fix connector refcounting (git-fixes).
- drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- drm/mediatek: Fix child node refcount handling in early exit (git-fixes).
- drm/mediatek: Fix get efuse issue for MT8188 DPTX (git-fixes).
- drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused (git-fixes).
- drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk() (git-fixes).
- drm/msm/dpu: check for overflow in _dpu_crtc_setup_lm_bounds() (git-fixes).
- drm/msm/dpu: do not always program merge_3d block (git-fixes).
- drm/msm/dpu: drop LM_3 / LM_4 on MSM8998 (git-fixes).
- drm/msm/dpu: drop LM_3 / LM_4 on SDM845 (git-fixes).
- drm/msm/dpu: make sure phys resources are properly initialized (git-fixes).
- drm/msm/dpu: move CRTC resource assignment to dpu_encoder_virt_atomic_check (git-fixes).
- drm/msm/dpu: on SDM845 move DSPP_3 to LM_5 block (git-fixes).
- drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation (git-fixes).
- drm/msm/dsi: improve/fix dsc pclk calculation (git-fixes).
- drm/msm/gpu: Check the status of registration to PM QoS (git-fixes).
- drm/msm: Allocate memory for disp snapshot with kvzalloc() (git-fixes).
- drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() (git-fixes).
- drm/msm: Fix some typos in comment (git-fixes).
- drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new() (git-fixes).
- drm/omap: Fix locking in omap_gem_new_dmabuf() (git-fixes).
- drm/omap: Fix possible NULL dereference (git-fixes).
- drm/panfrost: Add missing OPP table refcnt decremental (git-fixes).
- drm/panfrost: Remove unused id_mask from struct panfrost_model (git-fixes).
- drm/radeon: Fix encoder->possible_clones (git-fixes).
- drm/rockchip: vop: Fix a dereferenced before check warning (git-fixes).
- drm/sched: Add locking to drm_sched_entity_modify_sched (git-fixes).
- drm/sched: Always wake up correct scheduler in drm_sched_entity_push_job (git-fixes).
- drm/sti: Add __iomem for mixer_dbg_mxn's parameter (git-fixes).
- drm/sti: avoid potential dereference of error pointers (git-fixes).
- drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check (git-fixes).
- drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check (git-fixes).
- drm/v3d: Address race-condition in MMU flush (git-fixes).
- drm/v3d: Enable Performance Counters before clearing them (git-fixes).
- drm/v3d: Stop the active perfmon before being destroyed (git-fixes).
- drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA (stable-fixes).
- drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_atomic_flush (git-fixes).
- drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_lut_load (git-fixes).
- drm/vc4: Stop the active perfmon before being destroyed (git-fixes).
- drm/vc4: hdmi: Avoid hang with debug registers when suspended (git-fixes).
- drm/vc4: hvs: Correct logic on stopping an HVS channel (git-fixes).
- drm/vc4: hvs: Do not write gamma luts on 2711 (git-fixes).
- drm/vc4: hvs: Fix dlist debug not resetting the next entry pointer (git-fixes).
- drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs function (git-fixes).
- drm/vkms: Drop unnecessary call to drm_crtc_cleanup() (git-fixes).
- drm/vmwgfx: Handle surface check failure correctly (git-fixes).
- drm/vmwgfx: Limit display layout ioctl array size to VMWGFX_NUM_DISPLAY_UNITS (stable-fixes).
- drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS (git-fixes).
- drm: Expand max DRM device number to full MINORBITS (jsc#PED-11580).
- drm: Use XArray instead of IDR for minors (jsc#PED-11580).
- drm: use ATOMIC64_INIT() for atomic64_t (git-fixes).
- drm: xlnx: zynqmp_dpsub: fix hotplug detection (git-fixes).
- drm: zynqmp_kms: Unplug DRM device before removal (git-fixes).
- dwc2: Drop USB dwc2 patch that caused a regression on RPi3 (bsc#1232342)
- e1000e: Fix S0ix residency on corporate systems (git-fixes).
- e1000e: Remove Meteor Lake SMBUS workarounds (git-fixes).
- e1000e: change I219 (19) devices to ADP (git-fixes).
- e1000e: fix force smbus during suspend flow (git-fixes).
- e1000e: move force SMBUS near the end of enable_ulp function (git-fixes).
- efi/libstub: Free correct pointer on failure (git-fixes).
- efi/libstub: fix efi_parse_options() ignoring the default command line (git-fixes).
- efi/libstub: zboot.lds: Discard .discard sections (stable-fixes).
- efi/memattr: Ignore table if the size is clearly bogus (bsc#1231465).
- efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption (stable-fixes).
- eth: bnxt: fix counting packets discarded due to OOM and netpoll (git-fixes).
- ext4: do not track ranges in fast_commit if inode has inlined data (bsc#1231635).
- ext4: fix fast commit inode enqueueing during a full journal commit (bsc#1231636).
- ext4: fix incorrect tid assumption in ext4_fc_mark_ineligible() (bsc#1231637).
- ext4: fix possible tid_t sequence overflows (bsc#1231634).
- ext4: fix slab-use-after-free in ext4_split_extent_at() (bsc#1232201)
- ext4: fix unttached inode after power cut with orphan file feature enabled (bsc#1234009).
- ext4: mark fc as ineligible using an handle in ext4_xattr_set() (bsc#1231640).
- ext4: use handle to mark fc as ineligible in __track_dentry_update() (bsc#1231639).
- f2fs: get out of a repeat loop when getting a locked data page (bsc#1234011).
- fat: fix uninitialized variable (git-fixes).
- fbcon: Fix a NULL pointer dereference issue in fbcon_putcs (stable-fixes).
- fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() (git-fixes).
- fbdev: sisfb: Fix strbuf array overflow (stable-fixes).
- fgraph: Change the name of cpuhp state to "fgraph:online" (git-fixes).
- fgraph: Fix missing unlock in register_ftrace_graph() (git-fixes).
- fgraph: Use CPU hotplug mechanism to initialize idle shadow stacks (git-fixes).
- filemap: remove use of wait bookmarks (bsc#1224088).
- firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() (git-fixes).
- firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup() (git-fixes).
- firmware: arm_scpi: Check the DVFS OPP count returned by the firmware (git-fixes).
- firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state() (git-fixes).
- firmware: google: Unregister driver_info on failure (git-fixes).
- firmware_loader: Fix possible resource leak in fw_log_firmware_info() (git-fixes).
- fs/9p: drop inodes immediately on non-.L too (git-fixes).
- fs/9p: fix the cache always being enabled on files with qid flags (git-fixes).
- fs/ntfs3: Add more attributes checks in mi_enum_attr() (bsc#1233207)
- fs/ntfs3: Fixed overflow check in mi_enum_attr() (bsc#1233207)
- fs/ntfs3: Sequential field availability check in mi_enum_attr() (bsc#1233207)
- fs: Fix uninitialized value issue in from_kuid and from_kgid (git-fixes).
- genirq/msi: Fix off-by-one error in msi_domain_alloc() (git-fixes).
- goldfish: Fix unused const variable 'goldfish_pipe_acpi_match' (git-fixes).
- gpio: aspeed: Add the flush write to ensure the write complete (git-fixes).
- gpio: aspeed: Use devm_clk api to manage clock source (git-fixes).
- gpio: davinci: fix lazy disable (git-fixes).
- gpio: exar: set value when external pull-up or pull-down is present (git-fixes).
- gpio: zevio: Add missed label initialisation (git-fixes).
- gve: Fix XDP TX completion handling when counters overflow (git-fixes).
- gve: Fix an edge case for TSO skb validity check (git-fixes).
- gve: ignore nonrelevant GSO type bits when processing TSO headers (git-fixes).
- hid: intel-ish-hid: Fix uninitialized variable 'rv' in ish_fw_xfer_direct_dma (git-fixes).
- hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event (git-fixes).
- hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer (git-fixes).
- hwmon: (adm9240) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (adt7470) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (max16065) Fix alarm attributes (git-fixes).
- hwmon: (max16065) Remove use of i2c_match_id() (stable-fixes).
- hwmon: (mc34vr500) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (nct6775) add G15CF to ASUS WMI monitoring list (stable-fixes).
- hwmon: (nct6775-core) Fix overflows seen when writing limit attributes (git-fixes).
- hwmon: (tmp513) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (tps23861) Fix reporting of negative temperatures (git-fixes).
- hwmon: intel-m10-bmc-hwmon: relabel Columbiaville to CVL Die Temperature (git-fixes).
- i2c: core: Setup i2c_adapter runtime-pm before calling device_add() (git-fixes).
- i2c: core: fix lockdep warning for sparsely nested adapter chain (git-fixes).
- i2c: cpm: Remove linux,i2c-index conversion from be32 (git-fixes).
- i2c: designware: do not hold SCL low when I2C_DYNAMIC_TAR_UPDATE is not set (git-fixes).
- i2c: exynos5: Calculate t_scl_l, t_scl_h according to i2c spec (git-fixes).
- i2c: i801: Add lis3lv02d for Dell Precision 3540 (git-fixes).
- i2c: i801: Add lis3lv02d for Dell XPS 15 7590 (git-fixes).
- i2c: i801: Use a different adapter-name for IDF adapters (stable-fixes).
- i2c: i801: add helper i801_restore_regs (git-fixes).
- i2c: ismt: kill transaction in hardware on timeout (git-fixes).
- i2c: ocores: Move system PM hooks to the NOIRQ phase (git-fixes).
- i2c: ocores: Remove #ifdef guards for PM related functions (git-fixes).
- i2c: omap: switch to NOIRQ_SYSTEM_SLEEP_PM_OPS() and RUNTIME_PM_OPS() (git-fixes).
- i2c: omap: wakeup the controller during suspend() callback (git-fixes).
- i2c: rcar: properly format a debug output (git-fixes).
- i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume (git-fixes).
- i2c: stm32f7: perform most of irq job in threaded handler (git-fixes).
- i2c: synquacer: Deal with optional PCLK correctly (git-fixes).
- i2c: synquacer: Remove a clk reference from struct synquacer_i2c (stable-fixes).
- i2c: xiic: Try re-initialization on bus busy timeout (git-fixes).
- i2c: xiic: improve error message when transfer fails to start (stable-fixes).
- i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() (git-fixes).
- i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition (stable-fixes).
- i3c: master: svc: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- i40e: Fix XDP program unloading while removing the driver (git-fixes).
- i40e: Report MFS in decimal base instead of hex (git-fixes).
- i40e: fix race condition by adding filter's intermediate sync state (git-fixes).
- iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call (git-fixes).
- iavf: Fix TC config comparison with existing adapter TC config (git-fixes).
- ice: Fix VSI list rule with ICE_SW_LKUP_LAST type (git-fixes).
- ice: Fix checking for unsupported keys on non-tunnel device (git-fixes).
- ice: Fix lldp packets dropping after changing the number of channels (git-fixes).
- ice: Fix netif_is_ice() in Safe Mode (git-fixes).
- ice: Fix package download algorithm (git-fixes).
- ice: Fix recipe read procedure (git-fixes).
- ice: Fix reset handler (git-fixes).
- ice: Flush FDB entries before reset (git-fixes).
- ice: Interpret .set_channels() input differently (git-fixes).
- ice: Rebuild TC queues on VSI queue reconfiguration (git-fixes).
- ice: Reject pin requests with unsupported flags (git-fixes).
- ice: add flag to distinguish reset from .ndo_bpf in XDP rings config (git-fixes).
- ice: add missing WRITE_ONCE when clearing ice_rx_ring::xdp_prog (git-fixes).
- ice: avoid IRQ collision to fix init failure on ACPI S3 resume (git-fixes).
- ice: clear port vlan config during reset (git-fixes).
- ice: disallow DPLL_PIN_STATE_SELECTABLE for dpll output pins (git-fixes).
- ice: do not bring the VSI up, if it was down before the XDP setup (git-fixes).
- ice: do not busy wait for Rx queue disable in ice_qp_dis() (git-fixes).
- ice: fix 200G PHY types to link speed mapping (git-fixes).
- ice: fix 200G link speed message log (git-fixes).
- ice: fix ICE_LAST_OFFSET formula (git-fixes).
- ice: fix VLAN replay after reset (git-fixes).
- ice: fix VSI lists confusion when adding VLANs (git-fixes).
- ice: fix accounting for filters shared by multiple VSIs (git-fixes).
- ice: fix accounting if a VLAN already exists (git-fixes).
- ice: fix iteration of TLVs in Preserved Fields Area (git-fixes).
- ice: fix page reuse when PAGE_SIZE is over 8k (git-fixes).
- ice: fix reads from NVM Shadow RAM on E830 and E825-C devices (git-fixes).
- ice: fix truesize operations for PAGE_SIZE >= 8192 (git-fixes).
- ice: implement AQ download pkg retry (git-fixes).
- ice: map XDP queues to vectors in ice_vsi_map_rings_to_vectors() (git-fixes).
- ice: remove af_xdp_zc_qps bitmap (git-fixes).
- ice: replace synchronize_rcu with synchronize_net (git-fixes).
- ice: respect netif readiness in AF_XDP ZC related ndo's (git-fixes).
- ice: set correct dst VSI in only LAN filters (git-fixes).
- ice: tc: allow zero flags in parsing tc flower (git-fixes).
- ice: tc: check src_vsi in case of traffic from VF (git-fixes).
- ice: use proper macro for testing bit (git-fixes).
- idpf: Interpret .set_channels() input differently (git-fixes).
- idpf: avoid bloating &idpf_q_vector with big %NR_CPUS (git-fixes).
- idpf: do not enable NAPI and interrupts prior to allocating Rx buffers (git-fixes).
- idpf: do not skip over ethtool tcp-data-split setting (git-fixes).
- idpf: fix UAFs when destroying the queues (git-fixes).
- idpf: fix memleak in vport interrupt configuration (git-fixes).
- idpf: fix memory leaks and crashes while performing a soft reset (git-fixes).
- ieee802154: Fix build error (git-fixes).
- igb: Always call igb_xdp_ring_update_tail() under Tx lock (git-fixes).
- igb: Disable threaded IRQ for igb_msix_other (git-fixes).
- igb: Fix not clearing TimeSync interrupts for 82580 (git-fixes).
- igc: Fix double reset adapter triggered from a single taprio cmd (git-fixes).
- igc: Fix packet still tx after gate close by reducing i226 MAC retry buffer (git-fixes).
- igc: Fix qbv tx latency by setting gtxoffset (git-fixes).
- igc: Fix qbv_config_change_errors logics (git-fixes).
- igc: Fix reset adapter logics when tx mode change (git-fixes).
- igc: Unlock on error in igc_io_resume() (git-fixes).
- iio: Fix fwnode_handle in __fwnode_iio_channel_get_by_name() (git-fixes).
- iio: accel: bma400: Fix uninitialized variable field_value in tap event handling (git-fixes).
- iio: accel: kx022a: Fix raw read format (git-fixes).
- iio: accel: kx022a: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() (git-fixes).
- iio: adc: ad7606: Fix typo in the driver name (git-fixes).
- iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer (git-fixes).
- iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- iio: adc: ti-lmp92064: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: amplifiers: ada4250: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: dac: ad3552r: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- iio: dac: ad5766: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig (git-fixes).
- iio: frequency: adf4377: add missing select REMAP_SPI in Kconfig (git-fixes).
- iio: frequency: admv4420: fix missing select REMAP_SPI in Kconfig (git-fixes).
- iio: gts-helper: Fix memory leaks for the error path of iio_gts_build_avail_scale_table() (git-fixes).
- iio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table() (git-fixes).
- iio: gts: Fix uninitialized symbol 'ret' (git-fixes).
- iio: gts: fix infinite loop for gain_to_scaletables() (git-fixes).
- iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() (git-fixes).
- iio: light: al3010: Fix an error handling path in al3010_probe() (git-fixes).
- iio: light: opt3001: add missing full-scale range value (git-fixes).
- iio: light: veml6030: fix ALS sensor resolution (git-fixes).
- iio: light: veml6030: fix IIO device retrieval from embedded device (git-fixes).
- iio: light: veml6030: fix microlux value calculation (git-fixes).
- iio: magnetometer: ak8975: Convert enum->pointer for data in the match tables (stable-fixes).
- iio: magnetometer: ak8975: Fix 'Unexpected device' error (git-fixes).
- iio: magnetometer: ak8975: drop incorrect AK09116 compatible (git-fixes).
- iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- ima: fix buffer overrun in ima_eventdigest_init_common (git-fixes).
- initramfs: avoid filename buffer overrun (bsc#1232436).
- intel_idle: add Granite Rapids Xeon support (bsc#1231630).
- intel_idle: fix ACPI _CST matching for newer Xeon platforms (bsc#1231630).
- io_uring/eventfd: move to more idiomatic RCU free usage (git-fixes).
- io_uring/io-wq: do not allow pinning outside of cpuset (git-fixes).
- io_uring/io-wq: inherit cpuset of cgroup in io worker (git-fixes).
- io_uring/net: harden multishot termination case for recv (git-fixes).
- io_uring/rw: fix cflags posting for single issue multishot read (git-fixes).
- io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (git-fixes).
- io_uring/rw: treat -EOPNOTSUPP for IOCB_NOWAIT like -EAGAIN (git-fixes).
- io_uring/sqpoll: close race on waiting for sqring entries (git-fixes).
- io_uring/sqpoll: do not allow pinning outside of cpuset (git-fixes).
- io_uring/sqpoll: do not put cpumask on stack (git-fixes).
- io_uring/sqpoll: retain test for whether the CPU is valid (git-fixes).
- io_uring: check for presence of task_work rather than TIF_NOTIFY_SIGNAL (git-fixes).
- iommu/amd: Allocate the page table root using GFP_KERNEL (git-fixes).
- iommu/amd: Do not set the D bit on AMD v2 table entries (git-fixes).
- iommu/amd: Fix typo of , instead of ; (git-fixes).
- iommu/vt-d: Always reserve a domain ID for identity setup (git-fixes).
- iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices (git-fixes).
- iommufd: Check the domain owner of the parent before creating a nesting domain (git-fixes).
- iommufd: Protect against overflow of ALIGN() during iova allocation (git-fixes).
- irqchip/gic-v3-its: Avoid explicit cpumask allocation on stack (git-fixes).
- jbd2: Move j_transaction_overhead_buffers into a hole (bsc#1234042).
- jbd2: avoid infinite transaction commit loop (bsc#1234039).
- jbd2: avoid memleak in jbd2_journal_write_metadata_buffer (bsc#1234043).
- jbd2: avoid mount failed when commit block is partial submitted (bsc#1234040).
- jbd2: correct the printing of write_flags in jbd2_write_superblock() (bsc#1234045).
- jbd2: correctly compare tids with tid_geq function in jbd2_fc_begin_commit (bsc#1231638).
- jbd2: fix kernel-doc for j_transaction_overhead_buffers (bsc#1234042).
- jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev (bsc#1234044).
- jbd2: fix soft lockup in journal_finish_inode_data_buffers() (bsc#1234046).
- jbd2: make jbd2_journal_get_max_txn_bufs() internal (bsc#1234041).
- jbd2: precompute number of transaction descriptor blocks (bsc#1234042).
- jfs: Fix sanity check in dbMount (git-fixes).
- jfs: Fix uaf in dbFreeBits (git-fixes).
- jfs: Fix uninit-value access of new_ea in ea_buffer (git-fixes).
- jfs: UBSAN: shift-out-of-bounds in dbFindBits (git-fixes).
- jfs: check if leafidx greater than num leaves per dmap tree (git-fixes).
- jump_label: Fix static_key_slow_dec() yet again (git-fixes).
- kABI fix of VM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC) (git-fixes).
- kABI workaround for ASoC SOF (bsc#1233305).
- kABI: Restore exported __arm_smccc_sve_check (git-fixes)
- kABI: bpf: enum bpf_{type_flag,arg_type} kABI workaround (git-fixes).
- kABI: bpf: struct bpf_insn_acces_aux kABI workaround (git-fixes).
- kabi, mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling (git-fixes kabi).
- kasan: Fix Software Tag-Based KASAN with GCC (git-fixes).
- kasan: move checks to do_strncpy_from_user (git-fixes).
- kbuild, bpf: Use test-ge check for v1.25-only pahole (bsc#1230414 bsc#1229450).
- kbuild,bpf: Add module-specific pahole flags for distilled base BTF (bsc#1230414 bsc#1229450).
- kbuild,bpf: Switch to using --btf_features for pahole v1.26 and later (bsc#1230414 bsc#1229450).
- kbuild: avoid too many execution of scripts/pahole-flags.sh (bsc#1230414 bsc#1229450).
- kbuild: bpf: Tell pahole to DECL_TAG kfuncs (bsc#1230414 bsc#1229450).
- kconfig: qconf: fix buffer overflow in debug links (git-fixes).
- kernel-binary: Enable livepatch package only when livepatch is enabled Otherwise the filelist may be empty failing the build (bsc#1218644).
- kexec_file: fix elfcorehdr digest exclusion when CONFIG_CRASH_HOTPLUG=y (git-fixes).
- keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry (git-fixes).
- keys: Fix overwrite of key expiration on instantiation (git-fixes).
- kthread: unpark only parked kthread (git-fixes).
- leds: lp55xx: Remove redundant test for invalid channel number (git-fixes).
- lib/xarray: introduce a new helper xas_get_order (bsc#1231617).
- lib: string_helpers: silence snprintf() output truncation warning (git-fixes).
- mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING (git-fixes).
- macsec: do not increment counters for an unrelated SA (git-fixes).
- mailbox: arm_mhuv2: clean up loop in get_irq_chan_comb() (git-fixes).
- maple_tree: correct tree corruption on spanning store (git-fixes).
- maple_tree: fix alloc node fail issue (git-fixes).
- maple_tree: refine mas_store_root() on storing NULL (git-fixes).
- media: Drop the previous HD-audio TAS2781 fix (bsc#1230132)
- media: adv7604: prevent underflow condition when reporting colorspace (git-fixes).
- media: amphion: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- media: amphion: Set video drvdata before register video device (git-fixes).
- media: ar0521: do not overflow when checking PLL values (git-fixes).
- media: atomisp: Add check for rgby_data memory allocation failure (git-fixes).
- media: bttv: use audio defaults for winfast2000 (git-fixes).
- media: core: v4l2-ioctl: check if ioctl is known to avoid NULL name (git-fixes).
- media: cx24116: prevent overflows on SNR calculus (git-fixes).
- media: dvb_frontend: do not play tricks with underflow values (git-fixes).
- media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set (stable-fixes).
- media: dvbdev: prevent the risk of out of memory access (git-fixes).
- media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate() (git-fixes).
- media: i2c: dw9768: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- media: i2c: imx335: Enable regulator supplies (stable-fixes).
- media: i2c: tc358743: Fix crash in the probe error path when using polling (git-fixes).
- media: imx-jpeg: Ensure power suppliers be suspended before detach them (git-fixes).
- media: imx-jpeg: Set video drvdata before register video device (git-fixes).
- media: imx335: Fix reset-gpio handling (git-fixes).
- media: mantis: remove orphan mantis_core.h (git-fixes).
- media: mtk-jpeg: Fix null-ptr-deref during unload module (git-fixes).
- media: pci: ipu3-cio2: Initialise timing struct to avoid a compiler warning (git-fixes).
- media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() (git-fixes).
- media: platform: exynos4-is: Fix an OF node reference leak in fimc_md_is_isp_available (git-fixes).
- media: pulse8-cec: fix data timestamp at pulse8_setup() (git-fixes).
- media: s5p-jpeg: prevent buffer overflows (git-fixes).
- media: stb0899_algo: initialize cfr before using it (git-fixes).
- media: ts2020: fix null-ptr-deref in ts2020_probe() (git-fixes).
- media: uvcvideo: Require entities to have a non-zero unique ID (git-fixes).
- media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (git-fixes).
- media: uvcvideo: Stop stream during unregister (git-fixes).
- media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl() (git-fixes).
- media: v4l2-tpg: prevent the risk of a division by zero (git-fixes).
- media: vb2: Fix comment (git-fixes).
- media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() (stable-fixes).
- media: videobuf2: fix typo: vb2_dbuf -> vb2_qbuf (git-fixes).
- media: wl128x: Fix atomicity violation in fmc_send_cmd() (git-fixes).
- mei: use kvmalloc for read buffer (git-fixes).
- mfd: intel_soc_pmic_chtwc: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes).
- mfd: rt5033: Fix missing regmap_del_irq_chip() (git-fixes).
- mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race (git-fixes).
- minmax: avoid overly complex min()/max() macro arguments in xen (git-fixes).
- minmax: scsi: fix mis-use of 'clamp()' in sr.c (git-fixes).
- misc: apds990x: Fix missing pm_runtime_disable() (git-fixes).
- mlx5: avoid truncating error message (git-fixes).
- mlx5: stop warning for 64KB pages (git-fixes).
- mlxbf_gige: disable RX filters until RX path initialized (git-fixes).
- mm/filemap: optimize filemap folio adding (bsc#1231617).
- mm/filemap: return early if failed to allocate memory for split (bsc#1231617).
- mm/hugetlb: fix nodes huge page allocation when there are surplus pages (bsc#1234012).
- mm: avoid unsafe VMA hook invocation when error arises on mmap hook (git-fixes).
- mm: khugepaged: fix the arguments order in khugepaged_collapse_file trace point (git-fixes).
- mm: mmap: no need to call khugepaged_enter_vma() for stack (jsc#PED-10978).
- mm: move dummy_vm_ops out of a header (git-fixes prerequisity).
- mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling (git-fixes).
- mm: refactor map_deny_write_exec() (git-fixes).
- mm: resolve faulty mmap_region() error path behaviour (git-fixes).
- mm: unconditionally close VMAs on error (git-fixes).
- mmc: core: Further prevent card detect during shutdown (git-fixes).
- mmc: mmc_spi: drop buggy snprintf() (git-fixes).
- mmc: sunxi-mmc: Fix A100 compatible description (git-fixes).
- modpost: fix acpi MODULE_DEVICE_TABLE built with mismatched endianness (git-fixes).
- modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host (git-fixes).
- modpost: remove incorrect code in do_eisa_entry() (git-fixes).
- module: abort module loading when sysfs setup suffer errors (git-fixes).
- mtd: rawnand: atmel: Fix possible memory leak (git-fixes).
- mtd: spi-nor: core: replace dummy buswidth from addr to data (git-fixes).
- nbd: fix race between timeout and normal completion (bsc#1230918).
- net/mlx5: Add missing masks and QoS bit masks for scheduling elements (git-fixes).
- net/mlx5: Added cond_resched() to crdump collection (git-fixes).
- net/mlx5: Check capability for fw_reset (git-fixes).
- net/mlx5: Check for invalid vector index on EQ creation (git-fixes).
- net/mlx5: Explicitly set scheduling element and TSAR type (git-fixes).
- net/mlx5: Fix command bitmask initialization (git-fixes).
- net/mlx5: Fix error handling in irq_pool_request_irq (git-fixes).
- net/mlx5: Lag, do bond only if slaves agree on roce state (git-fixes).
- net/mlx5: Lag, do not use the hardcoded value of the first port (git-fixes).
- net/mlx5: Stop waiting for PCI if pci channel is offline (git-fixes).
- net/mlx5: Unregister notifier on eswitch init failure (git-fixes).
- net/mlx5: Update the list of the PCI supported devices (git-fixes).
- net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys (git-fixes).
- net/mlx5e: Add missing link mode to ptys2ext_ethtool_map (git-fixes).
- net/mlx5e: Add missing link modes to ptys2ethtool_map (git-fixes).
- net/mlx5e: Add mqprio_rl cleanup and free in mlx5e_priv_cleanup() (git-fixes).
- net/mlx5e: Correctly report errors for ethtool rx flows (git-fixes).
- net/mlx5e: Do not call cleanup on profile rollback failure (git-fixes).
- net/mlx5e: Fix IPsec tunnel mode offload feature check (git-fixes).
- net/mlx5e: Fix UDP GSO for encapsulated packets (git-fixes).
- net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets (git-fixes).
- net/mlx5e: Require mlx5 tc classifier action support for IPsec prio capability (git-fixes).
- net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion (git-fixes).
- net: mana: Implement get_ringparam/set_ringparam for mana (bsc#1229891).
- net: mana: Improve mana_set_channels() in low mem conditions (bsc#1230289).
- net: mdio-ipq4019: add missing error check (git-fixes).
- net: phy: Remove LED entry from LEDs list on unregister (git-fixes).
- net: phy: bcm84881: Fix some error handling paths (git-fixes).
- net: phy: dp83822: Fix reset pin definitions (git-fixes).
- net: phy: dp83869: fix memory corruption when enabling fiber (git-fixes).
- net: phy: ti: add PHY_RST_AFTER_CLK_EN flag (git-fixes).
- net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() (git-fixes).
- net: qede: use return from qede_parse_actions() (git-fixes).
- net: qede: use return from qede_parse_flow_attr() for flow_spec (git-fixes).
- net: qede: use return from qede_parse_flow_attr() for flower (git-fixes).
- net: relax socket state check at accept time (git-fixes).
- net: stmmac: dwmac-tegra: Fix link bring-up sequence (git-fixes)
- net: sysfs: Fix /sys/class/net/<iface> path for statistics (git-fixes).
- net: test for not too small csum_start in virtio_net_hdr_to_skb() (git-fixes).
- net: usb: lan78xx: Fix double free issue with interrupt buffer allocation (git-fixes).
- net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device (git-fixes).
- net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration (git-fixes).
- net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition (stable-fixes).
- net: usb: usbnet: fix name regression (get-fixes).
- net: usb: usbnet: fix race in probe failure (git-fixes).
- net: wwan: fix global oob in wwan_rtnl_policy (git-fixes).
- net: wwan: t7xx: Fix off-by-one error in t7xx_dpmaif_rx_buf_alloc() (git-fixes).
- net: xfrm: preserve kabi for xfrm_state (bsc#1233754).
- netdevsim: copy addresses for both in and out paths (git-fixes).
- netdevsim: use cond_resched() in nsim_dev_trap_report_work() (git-fixes).
- netfilter: nf_tables: missing iterator type in lookup walk (git-fixes).
- nfs: Fix KMSAN warning in decode_getfattr_attrs() (git-fixes).
- nfs: avoid i_lock contention in nfs_clear_invalid_mapping (git-fixes).
- nfs: fix memory leak in error path of nfs4_do_reclaim (git-fixes).
- nfsd: call cache_put if xdr_reserve_space returns NULL (git-fixes).
- nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net (git-fixes).
- nfsd: fix delegation_blocked() to block correctly for at least 30 seconds (git-fixes).
- nfsd: fix refcount leak when file is unhashed after being found (git-fixes).
- nfsd: map the EBADMSG to nfserr_io to avoid warning (git-fixes).
- nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire (git-fixes).
- nfsd: remove unsafe BUG_ON from set_change_info (bsc#1234121).
- nfsd: return -EINVAL when namelen is 0 (git-fixes).
- nilfs2: fix kernel bug due to missing clearing of buffer delay flag (git-fixes).
- nilfs2: fix potential deadlock with newly created symlinks (git-fixes).
- nouveau/dmem: Fix privileged error in copy engine channel (git-fixes).
- nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error (git-fixes).
- nouveau/dp: handle retries for AUX CH transfers with GSP (git-fixes).
- nouveau/gsp: Avoid addressing beyond end of rpc->entries (stable-fixes).
- nouveau: fw: sync dma after setup is called (git-fixes).
- nouveau: handle EBUSY and EAGAIN for GSP aux errors (git-fixes).
- ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).
- ntfs3: Add bounds checking to mi_enum_attr() (bsc#1233207)
- nvme-fabrics: fix kernel crash while shutting down controller (git-fixes).
- nvme-loop: flush off pending I/O while shutting down loop controller (git-fixes).
- nvme-multipath: suppress partition scan until the disk is ready (bsc#1228244).
- nvme-pci: fix freeing of the HMB descriptor table (git-fixes).
- nvme-pci: fix race condition between reset and nvme_dev_disable() (git-fixes).
- nvme-pci: qdepth 1 quirk (git-fixes).
- nvme-pci: reverse request order in nvme_queue_rqs (git-fixes).
- nvme-pci: set doorbell config before unquiescing (git-fixes).
- nvme/host: Fix RCU list traversal to use SRCU primitive (git-fixes).
- nvme: disable CC.CRIME (NVME_CC_CRIME) (jsc#PED-9901).
- nvme: null terminate nvme_tls_attrs (git-fixes).
- nvme: re-fix error-handling for io_uring nvme-passthrough (git-fixes).
- nvme: tcp: avoid race between queue_lock lock and destroy (git-fixes).
- nvmet-auth: assign dh_key to NULL after kfree_sensitive (git-fixes).
- ocfs2: Drop OCFS2 patch causing a regression (bsc#1233255)
- ocfs2: fix UBSAN warning in ocfs2_verify_volume() (git-fixes).
- ocfs2: fix the la space leak when unmounting an ocfs2 volume (git-fixes).
- ocfs2: fix uninit-value in ocfs2_get_block() (git-fixes).
- ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow (git-fixes).
- ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() (git-fixes).
- ocfs2: uncache inode which has failed entering the group (git-fixes).
- of: Add cleanup.h based auto release via __free(device_node) markings (bsc#1232386)
- parport: Proper fix for array out-of-bounds access (git-fixes).
- phy: freescale: imx8m-pcie: Do CMN_RST just before PHY PLL lock check (git-fixes).
- phy: qcom: qmp-combo: move driver data initialisation earlier (git-fixes).
- phy: qcom: qmp-usb: fix NULL-deref on runtime suspend (git-fixes).
- phy: tegra: xusb: Add error pointer check in xusb.c (git-fixes).
- phy: ti: phy-j721e-wiz: fix usxgmii configuration (git-fixes).
- pinctrl: apple: check devm_kasprintf() returned value (git-fixes).
- pinctrl: k210: Undef K210_PC_DEFAULT (git-fixes).
- pinctrl: ocelot: fix system hang on level based interrupts (stable-fixes).
- pinctrl: qcom: spmi: fix debugfs drive strength (git-fixes).
- pinctrl: zynqmp: drop excess struct member description (git-fixes).
- platform/chrome: cros_ec_typec: fix missing fwnode reference decrement (git-fixes).
- platform/x86/amd/pmc: Detect when STB is not available (git-fixes).
- platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug (git-fixes).
- platform/x86: dell-sysman: add support for alienware products (stable-fixes).
- platform/x86: dell-wmi: Ignore suspend notifications (stable-fixes).
- platform/x86: lenovo-ymc: Ignore the 0x0 state (stable-fixes).
- platform/x86: panasonic-laptop: Return errno correctly in show callback (git-fixes).
- platform/x86: touchscreen_dmi: add nanote-next quirk (stable-fixes).
- posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone (bsc#1234098).
- power: reset: brcmstb: Do not go into infinite loop if reset fails (stable-fixes).
- power: supply: bq27xxx: Fix registers of bq27426 (git-fixes).
- power: supply: core: Remove might_sleep() from power_supply_put() (git-fixes).
- power: supply: rt9471: Fix wrong WDT function regfield declaration (git-fixes).
- power: supply: rt9471: Use IC status regfield to report real charger status (git-fixes).
- powercap: intel_rapl: Fix off by one in get_rpi() (git-fixes).
- powerpc/64: Convert patch_instruction() to patch_u32() (bsc#1194869).
- powerpc/64s: Fix unnecessary copy to 0 when kernel is booted at address 0 (bsc#1215199).
- powerpc/atomic: Use YZ constraints for DS-form instructions (bsc#1194869).
- powerpc/boot: Handle allocation failure in simple_realloc() (bsc#1194869).
- powerpc/boot: Only free if realloc() succeeds (bsc#1194869).
- powerpc/code-patching: Add generic memory patching (bsc#1194869).
- powerpc/code-patching: Perform hwsync in __patch_instruction() in case of failure (bsc#1194869).
- powerpc/crypto: do not build aes-gcm-p10 by default (bsc#1230501 ltc#208632).
- powerpc/crypto: fix missing skcipher dependency for aes-gcm-p10 (bsc#1230501 ltc#208632).
- powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init() (bsc#1215199).
- powerpc/fadump: Refactor and prepare fadump_cma_init for late init (bsc#1215199).
- powerpc/kexec: Fix return of uninitialized variable (bsc#1194869).
- powerpc/mm/fault: Fix kfence page fault reporting (bsc#1194869).
- powerpc/mm: Fix boot crash with FLATMEM (bsc#1194869).
- powerpc/mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL (bsc#1194869).
- powerpc/powernv: Free name on error in opal_event_init() (bsc#1194869).
- powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector (bsc#1194869).
- powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore (bsc#1194869).
- powerpc/pseries: Use correct data types from pseries_hp_errorlog struct (bsc#1215199).
- powerpc/vdso: Fix VDSO data access when running in a non-root time namespace (bsc#1194869).
- powerpc/vdso: Inconditionally use CFUNC macro (bsc#1215199).
- powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu (bsc#1194869).
- powerpc/xmon: Fix disassembly CPU feature checks (bsc#1065729).
- printk: Add notation to console_srcu locking (bsc#1232183).
- pwm: imx-tpm: Use correct MODULO value for EPWM mode (git-fixes).
- qed: avoid truncating work queue length (git-fixes).
- rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow (bsc#1226631).
- rcu: Fix buffer overflow in print_cpu_stall_info() (bsc#1226623).
- regmap: detach regmap from dev on regmap_exit (git-fixes).
- regmap: irq: Set lockdep class for hierarchical IRQ domains (git-fixes).
- rpm/check-for-config-changes: add HAVE_RUST and RUSTC_SUPPORTS_ to IGNORED_CONFIGS_RE They depend on SHADOW_CALL_STACK.
- rpm/release-projects: Add SLFO projects (bsc#1231293).
- rpm/scripts: Remove obsolete Symbols.list Symbols.list is not longer needed by the new klp-convert implementation. (bsc#1218644)
- rpmsg: glink: Handle rejected intent request better (git-fixes).
- rtc: ab-eoz9: do not fail temperature reads on undervoltage notification (git-fixes).
- rtc: abx80x: Fix WDT bit position of the status register (git-fixes).
- rtc: bbnsm: add remove hook (git-fixes).
- rtc: check if __rtc_read_time was successful in rtc_timer_do_work() (git-fixes).
- rtc: rzn1: fix BCD to rtc_time conversion errors (git-fixes).
- rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- runtime constants: add default dummy infrastructure (git-fixes).
- runtime constants: add x86 architecture support (git-fixes).
- s390/mm: Add cond_resched() to cmm_alloc/free_pages() (bsc#1228747).
- s390/pci: Handle PCI error codes other than 0x3a (git-fixes bsc#1232629).
- s390/sclp: Deactivate sclp after all its users (git-fixes bsc#1232628).
- s390/sclp_vt220: Convert newlines to CRLF instead of LFCR (git-fixes bsc#1232627).
- scsi: NCR5380: Check for phase match during PDMA fixup (git-fixes).
- scsi: NCR5380: Initialize buffer for MSG IN and STATUS transfers (git-fixes).
- scsi: Remove scsi device no_start_on_resume flag (git-fixes).
- scsi: aacraid: Rearrange order of struct aac_srb_unit (git-fixes).
- scsi: cdrom: kABI: fix cdrom_dev_ops change (git-fixes).
- scsi: core: Disable CDL by default (git-fixes).
- scsi: core: Fix handling of SCMD_FAIL_IF_RECOVERING (git-fixes).
- scsi: core: Fix the return value of scsi_logical_block_count() (git-fixes).
- scsi: core: Handle devices which return an unusually large VPD page count (git-fixes).
- scsi: core: alua: I/O errors for ALUA state transitions (git-fixes).
- scsi: fnic: Move flush_work initialization out of if block (bsc#1230055).
- scsi: hisi_sas: Handle the NCQ error returned by D2H frame (git-fixes).
- scsi: hpsa: Fix allocation size for Scsi_Host private data (git-fixes).
- scsi: kABI: restore no_start_on_resume to scsi_device (git-fixes).
- scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed (git-fixes).
- scsi: libsas: Fix the failure of adding phy with zero-address to port (git-fixes).
- scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in lpfc_els_flush_cmd() (bsc#1232757).
- scsi: lpfc: Add cleanup of nvmels_wq after HBA reset (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Call lpfc_sli4_queue_unset() in restart and rmmod paths (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Change lpfc_nodelist nlp_flag member into a bitmask (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Check SLI_ACTIVE flag in FDMI cmpl before submitting follow up FDMI (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Check devloss callbk done flag for potential stale NDLP ptrs (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Copyright updates for 14.4.0.6 patches (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance (bsc#1232757).
- scsi: lpfc: Fix kref imbalance on fabric ndlps from dev_loss_tmo handler (bsc#1232757).
- scsi: lpfc: Modify CGN warning signal calculation based on EDC response (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Prevent NDLP reference count underflow in dev_loss_tmo callback (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Remove NLP_RELEASE_RPI flag from nodelist structure (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Remove trailing space after \n newline (bsc#1232757).
- scsi: lpfc: Restrict support for 32 byte CDBs to specific HBAs (bsc#1232757 bsc#1228119).
- scsi: lpfc: Revise TRACE_EVENT log flag severities from KERN_ERR to KERN_WARNING (bsc#1232757).
- scsi: lpfc: Support loopback tests with VMID enabled (bsc#1232757).
- scsi: lpfc: Update lpfc version to 14.4.0.5 (bsc#1232757).
- scsi: lpfc: Update lpfc version to 14.4.0.6 (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Update lpfc_els_flush_cmd() to check for SLI_ACTIVE before BSG flag (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Update phba link state conditional before sending CMF_SYNC_WQE (bsc#1232757).
- scsi: mac_scsi: Disallow bus errors during PDMA send (git-fixes).
- scsi: mac_scsi: Refactor polling loop (git-fixes).
- scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages (git-fixes).
- scsi: mpi3mr: Avoid IOMMU page faults on REPORT ZONES (git-fixes).
- scsi: mpi3mr: Avoid memcpy field-spanning write WARNING (git-fixes).
- scsi: mpi3mr: Avoid possible run-time warning with long manufacturer strings (git-fixes).
- scsi: mpi3mr: Fix ATA NCQ priority support (git-fixes).
- scsi: mpi3mr: Validate SAS port assignments (git-fixes).
- scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES (git-fixes).
- scsi: pm8001: Do not overwrite PCI queue mapping (git-fixes).
- scsi: pm80xx: Set phy->enable_completion only when we wait for it (git-fixes).
- scsi: qedf: Set qed_slowpath_params to zero before use (git-fixes).
- scsi: scsi_transport_fc: Allow setting rport state to current state (git-fixes).
- scsi: sd: Ignore command SYNCHRONIZE CACHE error if format in progress (git-fixes).
- scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer (git-fixes).
- scsi: smartpqi: correct stream detection (git-fixes).
- scsi: smartpqi: revert propagate-the-multipath-failure-to-SML-quickly (git-fixes).
- scsi: spi: Fix sshdr use (git-fixes).
- scsi: sr: Fix unintentional arithmetic wraparound (git-fixes).
- scsi: wd33c93: Do not use stale scsi_pointer value (git-fixes).
- security/keys: fix slab-out-of-bounds in key_task_permission (git-fixes).
- selftests/bpf: Add a test case to write mtu result into .rodata (git-fixes).
- selftests/bpf: Add a test case to write strtol result into .rodata (git-fixes).
- selftests/bpf: Add test for sign extension in coerce_subreg_to_size_sx() (git-fixes).
- selftests/bpf: Add test for truncation after sign extension in coerce_reg_to_size_sx() (git-fixes).
- selftests/bpf: Add tests for ldsx of pkt data/data_end/data_meta accesses (git-fixes).
- selftests/bpf: Fix ARG_PTR_TO_LONG {half-,}uninitialized test (git-fixes).
- selftests/bpf: Rename ARG_PTR_TO_LONG test description (git-fixes).
- selftests/bpf: test for malformed BPF_CORE_TYPE_ID_LOCAL relocation (git-fixes).
- serial: 8250: omap: Move pm_runtime_get_sync (git-fixes).
- serial: imx: Update mctrl old_status on RTSD interrupt (git-fixes).
- serial: protect uart_port_dtr_rts() in uart_shutdown() too (stable-fixes).
- signal: Replace BUG_ON()s (bsc#1234093).
- soc: fsl: rcpm: fix missing of_node_put() in copy_ippdexpcr1_setting() (git-fixes).
- soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() (git-fixes).
- soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- soundwire: intel_bus_common: enable interrupts before exiting reset (stable-fixes).
- spi: Fix acpi deferred irq probe (git-fixes).
- spi: atmel-quadspi: Fix register name in verbose logging function (git-fixes).
- spi: atmel-quadspi: Fix wrong register value written to MR (git-fixes).
- spi: mpc52xx: Add cancel_work_sync before module remove (git-fixes).
- spi: mtk-snfi: fix kerneldoc for mtk_snand_is_page_ops() (git-fixes).
- spi: s3c64xx: fix timeout counters in flush_fifo (git-fixes).
- spi: spi-fsl-dspi: Fix crash when not using GPIO chip select (git-fixes).
- spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- spi: tegra210-quad: Avoid shift-out-of-bounds (git-fixes).
- splice: always fsnotify_access(in), fsnotify_modify(out) on success (git-fixes).
- splice: fsnotify_access(fd)/fsnotify_modify(fd) in vmsplice (git-fixes).
- splice: fsnotify_access(in), fsnotify_modify(out) on success in tee (git-fixes).
- srcu: Fix callbacks acceleration mishandling (git-fixes).
- staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() (git-fixes).
- sumversion: Fix a memory leak in get_src_version() (git-fixes).
- supported.conf: mark nhpoly1305 module as supported (bsc#1231035).
- supported.conf: mark ultravisor userspace access as supported (bsc#1232090).
- task_work: add kerneldoc annotation for 'data' argument (git-fixes).
- tcp: Fix refcnt handling in __inet_hash_connect() (git-fixes).
- thermal: core: Initialize thermal zones before registering them (git-fixes).
- thermal: int3400: Fix reading of current_uuid for active policy (git-fixes).
- thermal: intel: int340x: processor: Fix warning during module unload (git-fixes).
- thunderbolt: Honor TMU requirements in the domain when setting TMU mode (stable-fixes).
- thunderbolt: Improve DisplayPort tunnel setup process to be more robust (stable-fixes).
- tools/lib/thermal: Fix sampling handler context ptr (git-fixes).
- tools/power turbostat: Fix trailing '\n' parsing (git-fixes).
- tools/power turbostat: Increase the limit for fd opened (bsc#1233119).
- tools: hv: rm .*.cmd when make clean (git-fixes).
- tpm: Lock TPM chip in tpm_pm_suspend() first (bsc#1082555 git-fixes).
- tpm: fix signed/unsigned bug when checking event logs (git-fixes).
- tracing/hwlat: Fix a race during cpuhp processing (git-fixes).
- tracing/osnoise: Fix build when timerlat is not enabled (git-fixes).
- tracing/osnoise: Skip running osnoise if all instances are off (git-fixes).
- tracing/osnoise: Switch from PF_NO_SETAFFINITY to migrate_disable (git-fixes).
- tracing/osnoise: Use a cpumask to know what threads are kthreads (git-fixes).
- tracing/timerlat: Add interface_lock around clearing of kthread in stop_kthread() (git-fixes).
- tracing/timerlat: Add user-space interface (git-fixes).
- tracing/timerlat: Drop interface_lock in stop_kthread() (git-fixes).
- tracing/timerlat: Fix a race during cpuhp processing (git-fixes).
- tracing/timerlat: Fix duplicated kthread creation due to CPU online/offline (git-fixes).
- tracing/timerlat: Move hrtimer_init to timerlat_fd open() (git-fixes).
- tracing/timerlat: Only clear timer if a kthread exists (git-fixes).
- tracing: Consider the NULL character when validating the event length (git-fixes).
- tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler (git-fixes).
- tty: n_gsm: Fix use-after-free in gsm_cleanup_mux (stable-fixes).
- u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file (git-fixes).
- ubifs: Fix adding orphan entry twice for the same inode (git-fixes).
- ubifs: Fix unattached xattr inode if powercut happens after deleting (git-fixes).
- ubifs: add check for crypto_shash_tfm_digest (git-fixes).
- ubifs: dbg_orphan_check: Fix missed key type checking (git-fixes).
- ucounts: fix counter leak in inc_rlimit_get_ucounts() (bsc#1233460).
- unicode: Do not special case ignorable code points (stable-fixes).
- unicode: Fix utf8_load() error path (git-fixes).
- uprobe: avoid out-of-bounds memory access of fetching args (git-fixes).
- uprobes: encapsulate preparation of uprobe args buffer (git-fixes).
- uprobes: introduce the global struct vm_special_mapping xol_mapping (bsc#1231114).
- uprobes: turn xol_area->pages into xol_area->page (bsc#1231114).
- usb: chipidea: udc: enable suspend interrupt after usb reset (stable-fixes).
- usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the Crashkernel Scenario (stable-fixes).
- usb: dwc3: Wait for EndXfer completion before restoring GUSB2PHYCFG (git-fixes).
- usb: dwc3: core: Stop processing of pending events if controller is halted (git-fixes).
- usb: dwc3: gadget: Add missing check for single port RAM in TxFIFO resizing logic (git-fixes).
- usb: dwc3: gadget: Fix checking for number of TRBs left (git-fixes).
- usb: dwc3: gadget: Fix looping of queued SG entries (git-fixes).
- usb: ehci-spear: fix call balance of sehci clk handling routines (git-fixes).
- usb: gadget: core: force synchronous registration (git-fixes).
- usb: gadget: dummy_hcd: Set transfer interval to 1 microframe (stable-fixes).
- usb: gadget: dummy_hcd: Switch to hrtimer transfer scheduler (stable-fixes).
- usb: gadget: dummy_hcd: execute hrtimer callback in softirq context (git-fixes).
- usb: gadget: f_uac2: Replace snprintf() with the safer scnprintf() variant (stable-fixes).
- usb: gadget: f_uac2: fix non-newline-terminated function name (stable-fixes).
- usb: gadget: f_uac2: fix return value for UAC2_ATTRIBUTE_STRING store (git-fixes).
- usb: musb: Fix hardware lockup on first Rx endpoint request (git-fixes).
- usb: musb: sunxi: Fix accessing an released usb phy (git-fixes).
- usb: phy: Fix API devm_usb_put_phy() can not release the phy (git-fixes).
- usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip (stable-fixes).
- usb: typec: altmode should keep reference to parent (git-fixes).
- usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() (git-fixes).
- usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes() (git-fixes).
- usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() (git-fixes).
- usb: xhci: Fix TD invalidation under pending Set TR Dequeue (git-fixes).
- usb: xhci: Fix problem with xhci resume from suspend (stable-fixes).
- usb: xhci: fix loss of data on Cadence xHC (git-fixes).
- usb: yurex: make waiting on yurex_write interruptible (git-fixes).
- usbip: tools: Fix detach_port() invalid port error path (git-fixes).
- usbnet: fix cyclical race on disconnect with work queue (git-fixes).
- vdpa: Fix an error handling path in eni_vdpa_probe() (git-fixes).
- vdpa_sim_blk: Fix the potential leak of mgmt_dev (git-fixes).
- vdpa_sim_blk: allocate the buffer zeroed (git-fixes).
- vduse: avoid using __GFP_NOFAIL (git-fixes).
- vfs: dcache: move hashlen_hash() from callers into d_hash() (git-fixes).
- vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (git-fixes).
- vhost_vdpa: assign irq bypass producer token correctly (git-fixes).
- virtio_console: fix misc probe bugs (git-fixes).
- vmalloc: modify the alloc_vmap_area() error message for better diagnostics (jsc#PED-10978).
- vmxnet3: Add XDP support (bsc#1226498).
- vmxnet3: Fix missing reserved tailroom (bsc#1226498).
- vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame (bsc#1226498).
- vmxnet3: add command to allow disabling of offloads (bsc#1226498).
- vmxnet3: add latency measurement support in vmxnet3 (bsc#1226498).
- vmxnet3: prepare for version 9 changes (bsc#1226498).
- vmxnet3: update to version 9 (bsc#1226498).
- vsock: Update msg_count on read_skb() (git-fixes).
- vt: prevent kernel-infoleak in con_font_get() (git-fixes).
- watchdog: apple: Actually flush writes after requesting watchdog restart (git-fixes).
- watchdog: mediatek: Make sure system reset gets asserted in mtk_wdt_restart() (git-fixes).
- watchdog: rti: of: honor timeout-sec property (git-fixes).
- wifi: ath10k: Fix memory leak in management tx (git-fixes).
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1 (git-fixes).
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2 (git-fixes).
- wifi: ath11k: Fix CE offset address calculation for WCN6750 in SSR (git-fixes).
- wifi: ath11k: Fix invalid ring usage in full monitor mode (git-fixes).
- wifi: ath11k: fix array out-of-bound access in SoC stats (stable-fixes).
- wifi: ath12k: Skip Rx TID cleanup for self peer (git-fixes).
- wifi: ath12k: fix array out-of-bound access in SoC stats (stable-fixes).
- wifi: ath12k: fix crash when unbinding (git-fixes).
- wifi: ath12k: fix warning when unbinding (git-fixes).
- wifi: ath12k: remove msdu_end structure for WCN7850 (git-fixes).
- wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (git-fixes).
- wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() (stable-fixes).
- wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit (stable-fixes).
- wifi: brcm80211: BRCM_TRACING should depend on TRACING (git-fixes).
- wifi: brcmfmac: release 'root' node in all execution paths (git-fixes).
- wifi: cfg80211: Set correct chandef when starting CAC (stable-fixes).
- wifi: cfg80211: clear wdev->cqm_config pointer on free (git-fixes).
- wifi: cw1200: Fix potential NULL dereference (git-fixes).
- wifi: iwlegacy: Clear stale interrupts before resuming device (stable-fixes).
- wifi: iwlegacy: Fix "field-spanning write" warning in il_enqueue_hcmd() (git-fixes).
- wifi: iwlwifi: allow only CN mcc from WRDD (stable-fixes).
- wifi: iwlwifi: config: label 'gl' devices as discrete (git-fixes).
- wifi: iwlwifi: mvm: Fix a race in scan abort flow (stable-fixes).
- wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() (git-fixes).
- wifi: iwlwifi: mvm: avoid NULL pointer dereference (stable-fixes).
- wifi: iwlwifi: mvm: do not add default link in fw restart flow (git-fixes).
- wifi: iwlwifi: mvm: do not leak a link on AP removal (git-fixes).
- wifi: iwlwifi: mvm: drop wrong STA selection in TX (stable-fixes).
- wifi: iwlwifi: mvm: use correct key iteration (stable-fixes).
- wifi: iwlwifi: remove AX101, AX201 and AX203 support from LNL (stable-fixes).
- wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower (git-fixes).
- wifi: mac80211: fix RCU list iterations (stable-fixes).
- wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys (git-fixes).
- wifi: mt76: mt7915: add dummy HW offload of IEEE 802.11 fragmentation (stable-fixes).
- wifi: mt76: mt7915: disable tx worker during tx BA session enable/disable (stable-fixes).
- wifi: mt76: mt7915: hold dev->mt76.mutex while disabling tx worker (stable-fixes).
- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() (stable-fixes).
- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (git-fixes).
- wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- wifi: rtw88: 8821cu: Remove VID/PID 0bda:c82c (stable-fixes).
- wifi: rtw88: Fix USB/SDIO devices not transmitting beacons (git-fixes).
- wifi: rtw88: select WANT_DEV_COREDUMP (stable-fixes).
- wifi: rtw89: avoid reading out of bounds when loading TX power FW elements (stable-fixes).
- wifi: rtw89: avoid to add interface to list twice when SER (stable-fixes).
- wifi: rtw89: correct base HT rate mask for firmware (stable-fixes).
- wifi: wfx: Fix error handling in wfx_core_init() (git-fixes).
- x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client (bsc#1233443).
- x86/CPU/AMD: Only apply Zenbleed fix for Zen2 during late microcode load (git-fixes).
- x86/Documentation: Indent 'note::' directive for protocol version number note (git-fixes).
- x86/PCI: Check pcie_find_root_port() return for NULL (git-fixes).
- x86/amd_nb: Add new PCI IDs for AMD family 1Ah model 60h (git-fixes).
- x86/apic: Always explicitly disarm TSC-deadline timer (git-fixes).
- x86/apic: Make x2apic_disable() work correctly (git-fixes).
- x86/bugs: Do not use UNTRAIN_RET with IBPB on entry (git-fixes).
- x86/bugs: Skip RSB fill at VMEXIT (git-fixes).
- x86/cpufeatures: Add a IBPB_NO_RET BUG flag (git-fixes).
- x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET (git-fixes).
- x86/entry: Have entry_ibpb() invalidate return predictions (git-fixes).
- x86/entry: Remove unwanted instrumentation in common_interrupt() (git-fixes).
- x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency (git-fixes).
- x86/microcode/intel: Remove unnecessary cache writeback and invalidation (git-fixes).
- x86/mm: Use IPIs to synchronize LAM enablement (git-fixes).
- x86/resctrl: Annotate get_mem_config() functions as __init (git-fixes).
- x86/resctrl: Avoid overflow in MB settings in bw_validate() (git-fixes).
- x86/resctrl: Remove hard-coded memory bandwidth limit (git-fixes).
- x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler (git-fixes).
- x86/syscall: Avoid memcpy() for ia32 syscall_get_arguments() (git-fixes).
- x86/tdx: Dynamically disable SEPT violations from causing #VEs (git-fixes).
- x86/tdx: Enable CPU topology enumeration (git-fixes).
- x86/tdx: Introduce wrappers to read and write TD metadata (git-fixes).
- x86/tdx: Rename tdx_parse_tdinfo() to tdx_setup() (git-fixes).
- x86/traps: move kmsan check after instrumentation_begin (git-fixes).
- x86: Increase brk randomness entropy for 64-bit systems (git-fixes).
- x86: do the user address masking outside the user access area (git-fixes).
- x86: fix off-by-one in access_ok() (git-fixes).
- x86: fix user address masking non-canonical speculation issue (git-fixes).
- x86: make the masked_user_access_begin() macro use its argument only once (git-fixes).
- x86: support user address masking instead of non-speculative conditional (git-fixes).
- xfrm: Export symbol xfrm_dev_state_delete (bsc#1233754).
- xfrm: Fix unregister netdevice hang on hardware offload (bsc#1233754).
- xfs: check opcode and iovec count match in xlog_recover_attri_commit_pass2 (git-fixes).
- xfs: check shortform attr entry flags specifically (git-fixes).
- xfs: convert delayed extents to unwritten when zeroing post eof blocks (git-fixes).
- xfs: fix finding a last resort AG in xfs_filestream_pick_ag (git-fixes).
- xfs: fix freeing speculative preallocations for preallocated files (git-fixes).
- xfs: make sure sb_fdblocks is non-negative (git-fixes).
- xfs: make the seq argument to xfs_bmapi_convert_delalloc() optional (git-fixes).
- xfs: make xfs_bmapi_convert_delalloc() to allocate the target offset (git-fixes).
- xfs: remove a racy if_bytes check in xfs_reflink_end_cow_extent (git-fixes).
- xfs: validate recovered name buffers when recovering xattr items (git-fixes).
- xhci: Add a quirk for writing ERST in high-low order (git-fixes).
- xhci: Fix Link TRB DMA in command ring stopped completion event (git-fixes).
- xhci: Fix incorrect stream context type macro (git-fixes).
- xhci: Mitigate failed set dequeue pointer commands (git-fixes).
- xhci: Use pm_runtime_get to prevent RPM on unsupported systems (git-fixes).
- xhci: tegra: fix checked USB2 port number (git-fixes).
- zonefs: Improve error handling (git-fixes).
Patchnames
SUSE-SLE-Micro-6.0-kernel-2
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2023-52778: mptcp: deal with large GSO size (bsc#1224948).\n- CVE-2023-52920: bpf: support non-r10 register spill/fill to/from stack in precision tracking (bsc#1232823).\n- CVE-2024-26596: net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events (bsc#1220355).\n- CVE-2024-26741: dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished() (bsc#1222587).\n- CVE-2024-26782: mptcp: fix double-free on socket dismantle (bsc#1222590).\n- CVE-2024-26953: net: esp: fix bad handling of pages from page_pool (bsc#1223656).\n- CVE-2024-27017: netfilter: nft_set_pipapo: walk over current view on netlink dump (bsc#1223733).\n- CVE-2024-35888: erspan: make sure erspan_base_hdr is present in skb-\u003ehead (bsc#1224518).\n- CVE-2024-36000: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (bsc#1224548).\n- CVE-2024-36244: net/sched: taprio: extend minimum interval restriction to entire cycle too (bsc#1226797).\n- CVE-2024-36883: net: fix out-of-bounds access in ops_init (bsc#1225725).\n- CVE-2024-36886: tipc: fix UAF in error path (bsc#1225730).\n- CVE-2024-36905: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (bsc#1225742).\n- CVE-2024-36927: ipv4: Fix uninit-value access in __ip_make_skb() (bsc#1225813).\n- CVE-2024-36954: tipc: fix a possible memleak in tipc_buf_append (bsc#1225764).\n- CVE-2024-36968: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() (bsc#1226130).\n- CVE-2024-38589: netrom: fix possible dead-lock in nr_rt_ioctl() (bsc#1226748).\n- CVE-2024-40914: mm/huge_memory: do not unpoison huge_zero_folio (bsc#1227842).\n- CVE-2024-41023: sched/deadline: Fix task_struct reference leak (bsc#1228430).\n- CVE-2024-41031: mm/filemap: skip to create PMD-sized page cache if needed (bsc#1228454).\n- CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620).\n- CVE-2024-42102: Revert \"mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again\" (bsc#1233132).\n- CVE-2024-44958: sched/smt: Fix unbalance sched_smt_present dec/inc (bsc#1230179).\n- CVE-2024-44995: net: hns3: fix a deadlock problem when config TC during resetting (bsc#1230231).\n- CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429).\n- CVE-2024-45025: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (bsc#1230456).\n- CVE-2024-46678: bonding: change ipsec_lock from spin lock to mutex (bsc#1230550).\n- CVE-2024-46680: Bluetooth: btnxpuart: Fix random crash seen while removing driver (bsc#1230557).\n- CVE-2024-46681: pktgen: use cpus_read_lock() in pg_net_init() (bsc#1230558).\n- CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710)\n- CVE-2024-46754: bpf: Remove tst_run from lwt_seg6local_prog_ops (bsc#1230801).\n- CVE-2024-46765: ice: protect XDP configuration with a mutex (bsc#1230807).\n- CVE-2024-46766: ice: move netif_queue_set_napi to rtnl-protected sections (bsc#1230762).\n- CVE-2024-46770: ice: Add netif_device_attach/detach into PF reset flow (bsc#1230763).\n- CVE-2024-46775: drm/amd/display: Validate function returns (bsc#1230774).\n- CVE-2024-46777: udf: Avoid excessive partition lengths (bsc#1230773).\n- CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827).\n- CVE-2024-46813: drm/amd/display: Check link_index before accessing dc-\u003elinks (bsc#1231191).\n- CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197).\n- CVE-2024-46826: ELF: fix kernel.randomize_va_space double read (bsc#1231115).\n- CVE-2024-46831: net: microchip: vcap: Fix use-after-free error in kunit test (bsc#1231117).\n- CVE-2024-46834: ethtool: fail closed if we can\u0027t get max channel used in indirection tables (bsc#1231096).\n- CVE-2024-46840: btrfs: clean up our handling of refs == 0 in snapshot delete (bsc#1231105).\n- CVE-2024-46841: btrfs: do not BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() (bsc#1231094).\n- CVE-2024-46843: scsi: ufs: core: Remove SCSI host only if added (bsc#1231100).\n- CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084).\n- CVE-2024-46855: netfilter: nft_socket: fix sk refcount leaks (bsc#1231085).\n- CVE-2024-46857: net/mlx5: Fix bridge mode operations when there are no VFs (bsc#1231087).\n- CVE-2024-46870: drm/amd/display: Disable DMCUB timeout for DCN35 (bsc#1231435).\n- CVE-2024-47658: crypto: stm32/cryp - call finalize with bh disabled (bsc#1231436).\n- CVE-2024-47660: fsnotify: clear PARENT_WATCHED flags lazily (bsc#1231439).\n- CVE-2024-47664: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware (bsc#1231442).\n- CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673).\n- CVE-2024-47679: vfs: fix race between evice_inodes() and find_inode()\u0026iput() (bsc#1231930).\n- CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987).\n- CVE-2024-47685: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (bsc#1231998).\n- CVE-2024-47687: vdpa/mlx5: Fix invalid mr resource destroy (bsc#1232003).\n- CVE-2024-47692: nfsd: return -EINVAL when namelen is 0 (bsc#1231857).\n- CVE-2024-47701: ext4: avoid OOB when system.data xattr changes underneath the filesystem (bsc#1231920).\n- CVE-2024-47703: bpf, lsm: add check for BPF LSM return value (bsc#1231946).\n- CVE-2024-47704: drm/amd/display: Check link_res-\u003ehpo_dp_link_enc before using it (bsc#1231944).\n- CVE-2024-47705: block: fix potential invalid pointer dereference in blk_add_partition (bsc#1231872).\n- CVE-2024-47706: block, bfq: fix possible UAF for bfqq-\u003ebic with merge chain (bsc#1231942).\n- CVE-2024-47707: ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (bsc#1231935).\n- CVE-2024-47710: sock_map: Add a cond_resched() in sock_hash_free() (bsc#1232049).\n- CVE-2024-47727: x86/tdx: Fix \"in-kernel MMIO\" check (bsc#1232116).\n- CVE-2024-47730: crypto: hisilicon/qm - inject error before stopping queue (bsc#1232075).\n- CVE-2024-47731: drivers/perf: Fix ali_drw_pmu driver interrupt status clearing (bsc#1232117).\n- CVE-2024-47739: padata: use integer wrap around to prevent deadlock on seq_nr overflow (bsc#1232124).\n- CVE-2024-47741: btrfs: fix race setting file private on concurrent lseek using same fd (bsc#1231869).\n- CVE-2024-47745: mm: call the security_mmap_file() LSM hook in remap_file_pages() (bsc#1232135).\n- CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145).\n- CVE-2024-47752: media: mediatek: vcodec: Fix H264 stateless decoder smatch warning (bsc#1232130).\n- CVE-2024-47753: media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning (bsc#1231868).\n- CVE-2024-47754: media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning (bsc#1232131).\n- CVE-2024-49852: scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() (bsc#1232819).\n- CVE-2024-49864: rxrpc: Fix a race between socket set up and I/O thread creation (bsc#1232256).\n- CVE-2024-49867: btrfs: wait for fixup workers before stopping cleaner kthread during umount (bsc#1232262).\n- CVE-2024-49868: btrfs: fix a NULL pointer dereference when failed to start a new trasacntion (bsc#1232272).\n- CVE-2024-49881: ext4: update orig_path in ext4_find_extent() (bsc#1232201).\n- CVE-2024-49882: ext4: fix double brelse() the buffer of the extents path (bsc#1232200).\n- CVE-2024-49883: ext4: aovid use-after-free in ext4_ext_insert_extent() (bsc#1232199).\n- CVE-2024-49888: bpf: Fix a sdiv overflow issue (bsc#1232208).\n- CVE-2024-49890: drm/amd/pm: ensure the fw_info is not null before using it (bsc#1232217).\n- CVE-2024-49892: drm/amd/display: Initialize get_bytes_per_element\u0027s default to 1 (bsc#1232220).\n- CVE-2024-49894: drm/amd/display: Fix index out of bounds in degamma hardware format translation (bsc#1232354).\n- CVE-2024-49895: drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation (bsc#1232352).\n- CVE-2024-49896: drm/amd/display: Check stream before comparing them (bsc#1232221).\n- CVE-2024-49897: drm/amd/display: Check phantom_stream before it is used (bsc#1232355).\n- CVE-2024-49898: drm/amd/display: Check null-initialized variables (bsc#1232222).\n- CVE-2024-49899: drm/amd/display: Initialize denominators\u0027 default to 1 (bsc#1232358).\n- CVE-2024-49901: drm/msm/adreno: Assign msm_gpu-\u003epdev earlier to avoid nullptrs (bsc#1232305).\n- CVE-2024-49906: drm/amd/display: Check null pointer before try to access it (bsc#1232332).\n- CVE-2024-49907: drm/amd/display: Check null pointers before using dc-\u003eclk_mgr (bsc#1232334).\n- CVE-2024-49909: drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func (bsc#1232337).\n- CVE-2024-49911: drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func (bsc#1232366).\n- CVE-2024-49912: drm/amd/display: Handle null \u0027stream_status\u0027 in \u0027planes_changed_for_existing_stream\u0027 (bsc#1232367).\n- CVE-2024-49913: drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream (bsc#1232307).\n- CVE-2024-49914: drm/amd/display: Add null check for pipe_ctx-\u003eplane_state in (bsc#1232369).\n- CVE-2024-49917: drm/amd/display: Add NULL check for clk_mgr and clk_mgr-\u003efuncs in dcn30_init_hw (bsc#1231965).\n- CVE-2024-49918: drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer (bsc#1231967).\n- CVE-2024-49919: drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer (bsc#1231968).\n- CVE-2024-49920: drm/amd/display: Check null pointers before multiple uses (bsc#1232313).\n- CVE-2024-49921: drm/amd/display: Check null pointers before used (bsc#1232371).\n- CVE-2024-49922: drm/amd/display: Check null pointers before using them (bsc#1232374).\n- CVE-2024-49923: drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags (bsc#1232361).\n- CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224)\n- CVE-2024-49933: blk_iocost: fix more out of bound shifts (bsc#1232368).\n- CVE-2024-49934: fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name (bsc#1232387).\n- CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424).\n- CVE-2024-49944: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start (bsc#1232166).\n- CVE-2024-49945: net/ncsi: Disable the ncsi work before freeing the associated structure (bsc#1232165).\n- CVE-2024-49946: ppp: do not assume bh is held in ppp_channel_bridge_input() (bsc#1232164).\n- CVE-2024-49949: net: avoid potential underflow in qdisc_pkt_len_init() with UFO (bsc#1232160).\n- CVE-2024-49950: Bluetooth: L2CAP: Fix uaf in l2cap_connect (bsc#1232159).\n- CVE-2024-49952: netfilter: nf_tables: prevent nf_skb_duplicated corruption (bsc#1232157).\n- CVE-2024-49953: net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice (bsc#1232156).\n- CVE-2024-49954: static_call: Replace pointless WARN_ON() in static_call_module_notify() (bsc#1232155).\n- CVE-2024-49958: ocfs2: reserve space for inline xattr before attaching reflink tree (bsc#1232151).\n- CVE-2024-49959: jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (bsc#1232149).\n- CVE-2024-49960: ext4: fix timer use-after-free on failed mount (bsc#1232395).\n- CVE-2024-49967: ext4: no need to continue when the number of entries is 1 (bsc#1232140).\n- CVE-2024-49968: ext4: filesystems without casefold feature cannot be mounted with siphash (bsc#1232264).\n- CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519).\n- CVE-2024-49972: drm/amd/display: Deallocate DML memory if allocation fails (bsc#1232315).\n- CVE-2024-49973: r8169: add tally counter fields added with RTL8125 (bsc#1232105).\n- CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383).\n- CVE-2024-49983: ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free (bsc#1232096).\n- CVE-2024-49986: platform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors (bsc#1232093).\n- CVE-2024-49987: bpftool: Fix undefined behavior in qsort(NULL, 0, ...) (bsc#1232258).\n- CVE-2024-49989: drm/amd/display: fix double free issue during amdgpu module unload (bsc#1232483).\n- CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282).\n- CVE-2024-49993: iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count (bsc#1232316).\n- CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432).\n- CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points (bsc#1232089).\n- CVE-2024-50000: net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (bsc#1232085).\n- CVE-2024-50001: net/mlx5: Fix error path in multi-packet WQE transmit (bsc#1232084).\n- CVE-2024-50002: static_call: Handle module init failure correctly in static_call_del_module() (bsc#1232083).\n- CVE-2024-50003: drm/amd/display: Fix system hang while resume with TBT monitor (bsc#1232385).\n- CVE-2024-50004: drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35 (bsc#1232396).\n- CVE-2024-50006: ext4: fix i_data_sem unlock order in ext4_ind_migrate() (bsc#1232442).\n- CVE-2024-50009: cpufreq: amd-pstate: add check for cpufreq_cpu_get\u0027s return value (bsc#1232318).\n- CVE-2024-50012: cpufreq: Avoid a bad reference count on CPU node (bsc#1232386).\n- CVE-2024-50014: ext4: fix access to uninitialised lock in fc replay path (bsc#1232446).\n- CVE-2024-50015: ext4: dax: fix overflowing extents beyond inode size when partially writing (bsc#1232079).\n- CVE-2024-50020: ice: Fix improper handling of refcount in ice_sriov_set_msix_vec_count() (bsc#1231989).\n- CVE-2024-50021: ice: Fix improper handling of refcount in ice_dpll_init_rclk_pins() (bsc#1231957).\n- CVE-2024-50022: device-dax: correct pgoff align in dax_set_mapping() (bsc#1231956).\n- CVE-2024-50024: net: Fix an unsafe loop on the list (bsc#1231954).\n- CVE-2024-50027: thermal: core: Free tzp copy along with the thermal zone (bsc#1231951).\n- CVE-2024-50028: thermal: core: Reference count the zone in thermal_zone_get_by_id() (bsc#1231950).\n- CVE-2024-50033: slip: make slhc_remember() more robust against malicious packets (bsc#1231914).\n- CVE-2024-50035: ppp: fix ppp_async_encode() illegal access (bsc#1232392).\n- CVE-2024-50040: igb: Do not bring the device up after non-fatal error (bsc#1231908).\n- CVE-2024-50041: i40e: Fix macvlan leak by synchronizing access to mac_filter_hash (bsc#1231907).\n- CVE-2024-50042: ice: Fix increasing MSI-X on VF (bsc#1231906).\n- CVE-2024-50045: netfilter: br_netfilter: fix panic with metadata_dst skb (bsc#1231903).\n- CVE-2024-50046: NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() (bsc#1231902).\n- CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418).\n- CVE-2024-50059: ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition (bsc#1232345).\n- CVE-2024-50060: io_uring: check if we need to reschedule during overflow flush (bsc#1232417).\n- CVE-2024-50063: bpf: Prevent tail call between progs attached to different hooks (bsc#1232435).\n- CVE-2024-50064: zram: free secondary algorithms names (bsc#1231901).\n- CVE-2024-50080: ublk: do not allow user copy for unprivileged device (bsc#1232502).\n- CVE-2024-50081: blk-mq: setup queue -\u003etag_set before initializing hctx (bsc#1232501).\n- CVE-2024-50082: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (bsc#1232500).\n- CVE-2024-50084: net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test() (bsc#1232494).\n- CVE-2024-50087: btrfs: fix uninitialized pointer free on read_alloc_one_name() error (bsc#1232499).\n- CVE-2024-50088: btrfs: fix uninitialized pointer free in add_inode_ref() (bsc#1232498).\n- CVE-2024-50098: scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down (bsc#1232881).\n- CVE-2024-50110: xfrm: fix one more kernel-infoleak in algo dumping (bsc#1232885).\n- CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919).\n- CVE-2024-50124: Bluetooth: ISO: Fix UAF on iso_sock_timeout (bsc#1232926).\n- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928).\n- CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907).\n- CVE-2024-50128: net: wwan: fix global oob in wwan_rtnl_policy (bsc#1232905).\n- CVE-2024-50130: netfilter: bpf: must hold reference on net namespace (bsc#1232894).\n- CVE-2024-50138: bpf: Use raw_spinlock_t in ringbuf (bsc#1232935).\n- CVE-2024-50139: KVM: arm64: Fix shift-out-of-bounds bug (bsc#1233062).\n- CVE-2024-50145: octeon_ep: add SKB allocation failures handling in __octep_oq_process_rx() (bsc#1233044).\n- CVE-2024-50153: scsi: target: core: Fix null-ptr-deref in target_alloc_device() (bsc#1233061).\n- CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233070).\n- CVE-2024-50166: fsl/fman: Fix refcount handling of fman-related devices (bsc#1233050).\n- CVE-2024-50167: be2net: fix potential memory leak in be_xmit() (bsc#1233049).\n- CVE-2024-50169: vsock: Update rx_bytes on read_skb() (bsc#1233320).\n- CVE-2024-50171: net: systemport: fix potential memory leak in bcm_sysport_xmit() (bsc#1233057).\n- CVE-2024-50177: drm/amd/display: fix a UBSAN warning in DML2.1 (bsc#1233115).\n- CVE-2024-50182: secretmem: disable memfd_secret() if arch cannot set direct map (bsc#1233129).\n- CVE-2024-50184: virtio_pmem: Check device status before requesting flush (bsc#1233135).\n- CVE-2024-50186: net: explicitly clear the sk pointer, when pf-\u003ecreate fails (bsc#1233110).\n- CVE-2024-50192: irqchip/gic-v4: Do not allow a VMOVP on a dying VPE (bsc#1233106).\n- CVE-2024-50225: btrfs: fix error propagation of split bios (bsc#1233193).\n- CVE-2024-50228: mm: shmem: fix data-race in shmem_getattr() (bsc#1233204).\n- CVE-2024-50230: nilfs2: fix kernel bug due to missing clearing of checked flag (bsc#1233206).\n- CVE-2024-50245: fs/ntfs3: Fix possible deadlock in mi_read (bsc#1233203).\n- CVE-2024-50246: fs/ntfs3: Add rough attr alloc_size check (bsc#1233207).\n- CVE-2024-50250: fsdax: dax_unshare_iter needs to copy entire blocks (bsc#1233226).\n- CVE-2024-50252: mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address (bsc#1233201).\n- CVE-2024-50257: netfilter: Fix use-after-free in get_info() (bsc#1233244).\n- CVE-2024-50261: macsec: Fix use-after-free while sending the offloading packet (bsc#1233253).\n- CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-\u003etrans (bsc#1233453).\n- CVE-2024-50271: signal: restore the override_rlimit logic (bsc#1233460).\n- CVE-2024-50273: btrfs: reinitialize delayed ref list after deleting it from the list (bsc#1233462).\n- CVE-2024-50274: idpf: avoid vport access in idpf_get_link_ksettings (bsc#1233463).\n- CVE-2024-50275: arm64/sve: Discard stale CPU state when handling SVE traps (bsc#1233464).\n- CVE-2024-50276: net: vertexcom: mse102x: Fix possible double free of TX skb (bsc#1233465).\n- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).\n- CVE-2024-50289: media: av7110: fix a spectre vulnerability (bsc#1233478).\n- CVE-2024-50295: net: arc: fix the device for dma_map_single/dma_unmap_single (bsc#1233484).\n- CVE-2024-50296: net: hns3: fix kernel crash when uninstalling driver (bsc#1233485).\n- CVE-2024-50298: net: enetc: allocate vf_state during PF probes (bsc#1233487).\n- CVE-2024-53042: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() (bsc#1233540).\n- CVE-2024-53043: mctp i2c: handle NULL header address (bsc#1233523).\n- CVE-2024-53048: ice: fix crash on probe for DPLL enabled E810 LOM (bsc#1233721).\n- CVE-2024-53051: drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability (bsc#1233547).\n- CVE-2024-53055: wifi: iwlwifi: mvm: fix 6 GHz scan construction (bsc#1233550).\n- CVE-2024-53056: drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy() (bsc#1233568).\n- CVE-2024-53058: net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data (bsc#1233552).\n- CVE-2024-53079: mm/thp: fix deferred split unqueue naming and locking (bsc#1233570).\n- CVE-2024-53082: virtio_net: Add hash_key_length check (bsc#1233573).\n- CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642).\n- CVE-2024-53110: vp_vdpa: fix id_table array not null terminated error (bsc#1234085).\n- CVE-2024-53121: net/mlx5: fs, lock FTE when checking if active (bsc#1234078).\n- CVE-2024-53138: net/mlx5e: kTLS, Fix incorrect page refcounting (bsc#1234223).\n\nThe following non-security bugs were fixed:\n\n- 9p: explicitly deny setlease attempts (git-fixes).\n- ACPI: CPPC: Add support for setting EPP register in FFH (stable-fixes).\n- ACPI: CPPC: Fix _CPC register setting issue (git-fixes).\n- ACPI: CPPC: Make rmw_lock a raw_spin_lock (git-fixes).\n- ACPI: EC: Do not release locks during operation region accesses (stable-fixes).\n- ACPI: PAD: fix crash in exit_round_robin() (stable-fixes).\n- ACPI: PRM: Clean up guid type in struct prm_handler_info (git-fixes).\n- ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context (git-fixes).\n- ACPI: battery: Fix possible crash when unregistering a battery hook (git-fixes).\n- ACPI: battery: Simplify battery hook locking (stable-fixes).\n- ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue (stable-fixes).\n- ACPI: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[] (stable-fixes).\n- ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[] (stable-fixes).\n- ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[] (stable-fixes).\n- ACPI: resource: Add another DMI match for the TongFang GMxXGxx (stable-fixes).\n- ACPI: video: Add force_vendor quirk for Panasonic Toughbook CF-18 (stable-fixes).\n- ACPICA: Fix memory leak if acpi_ps_get_next_field() fails (stable-fixes).\n- ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails (stable-fixes).\n- ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() (stable-fixes).\n- ACPICA: iasl: handle empty connection_node (stable-fixes).\n- ALSA/hda: intel-sdw-acpi: cleanup sdw_intel_scan_controller (stable-fixes).\n- ALSA/hda: intel-sdw-acpi: fetch fwnode once in sdw_intel_scan_controller() (stable-fixes).\n- ALSA/hda: intel-sdw-acpi: simplify sdw-master-count property read (stable-fixes).\n- ALSA: 6fire: Release resources at card release (git-fixes).\n- ALSA: Reorganize kerneldoc parameter names (stable-fixes).\n- ALSA: ac97: bus: Fix the mistake in the comment (git-fixes).\n- ALSA: asihpi: Fix potential OOB array access (stable-fixes).\n- ALSA: caiaq: Use snd_card_free_when_closed() at disconnection (git-fixes).\n- ALSA: core: add isascii() check to card ID generator (stable-fixes).\n- ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (git-fixes).\n- ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init() (git-fixes).\n- ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2 (stable-fixes).\n- ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne 1000 G2 (git-fixes).\n- ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin (git-fixes).\n- ALSA: hda/conexant: fix Z60MR100 startup pop issue (stable-fixes).\n- ALSA: hda/conexant: fix some typos (stable-fixes).\n- ALSA: hda/cs8409: Fix possible NULL dereference (git-fixes).\n- ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs (bsc#1219803).\n- ALSA: hda/realtek - Fixed Clevo platform headset Mic issue (stable-fixes).\n- ALSA: hda/realtek - update set GPIO3 to default for Thinkpad with ALC1318 (git-fixes).\n- ALSA: hda/realtek: Add a quirk for HP Pavilion 15z-ec200 (stable-fixes).\n- ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9 (stable-fixes).\n- ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593 (stable-fixes).\n- ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13 (stable-fixes).\n- ALSA: hda/realtek: Add support for Samsung Galaxy Book3 360 (NP730QFG) (stable-fixes).\n- ALSA: hda/realtek: Apply quirk for Medion E15433 (bsc#1233298).\n- ALSA: hda/realtek: Enable mic on Vaio VJFH52 (stable-fixes).\n- ALSA: hda/realtek: Enable mute and micmute LED on HP ProBook 430 G8 (stable-fixes).\n- ALSA: hda/realtek: Enable speaker pins for Medion E15443 platform (bsc#1233298).\n- ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max (bsc#1233298).\n- ALSA: hda/realtek: Fix headset mic on TUXEDO Gemini 17 Gen3 (stable-fixes).\n- ALSA: hda/realtek: Fix headset mic on TUXEDO Stellaris 16 Gen6 mb1 (stable-fixes).\n- ALSA: hda/realtek: Fix the push button function for the ALC257 (git-fixes).\n- ALSA: hda/realtek: Limit internal Mic boost on Dell platform (stable-fixes).\n- ALSA: hda/realtek: Refactor and simplify Samsung Galaxy Book init (stable-fixes).\n- ALSA: hda/realtek: Set PCBeep to default value for ALC274 (stable-fixes).\n- ALSA: hda/realtek: Update ALC225 depop procedure (git-fixes).\n- ALSA: hda/realtek: Update ALC256 depop procedure (git-fixes).\n- ALSA: hda/realtek: Update default depop procedure (git-fixes).\n- ALSA: hda/realtek: fix mute/micmute LED for HP mt645 G8 (stable-fixes).\n- ALSA: hda/realtek: fix mute/micmute LEDs for a HP EliteBook 645 G10 (stable-fixes).\n- ALSA: hda/realtek: tas2781: Fix ROG ALLY X audio (stable-fixes).\n- ALSA: hda/tas2781: Add new quirk for Lenovo Y990 Laptop (stable-fixes).\n- ALSA: hda/tas2781: Add new quirk for Lenovo, ASUS, Dell projects (stable-fixes).\n- ALSA: hda/tas2781: select CRC32 instead of CRC32_SARWATE (git-fixes).\n- ALSA: hda: Poll jack events for LS7A HD-Audio (stable-fixes).\n- ALSA: hda: Show the codec quirk info at probing (stable-fixes).\n- ALSA: hda: Sound support for HP Spectre x360 16 inch model 2024 (stable-fixes).\n- ALSA: hda: tas2781: Fix missing setup at runtime PM (bsc#1230132).\n- ALSA: hdsp: Break infinite MIDI input flush loop (stable-fixes).\n- ALSA: ice1712: Remove redundant code in stac9460_dac_vol_put (stable-fixes).\n- ALSA: line6: add hw monitor volume control to POD HD500X (stable-fixes).\n- ALSA: line6: update contact information (stable-fixes).\n- ALSA: mixer_oss: Remove some incorrect kfree_const() usages (git-fixes).\n- ALSA: pcm: Add sanity NULL check for the default mmap fault handler (stable-fixes).\n- ALSA: silence integer wrapping warning (stable-fixes).\n- ALSA: ump: Fix evaluation of MIDI 1.0 FB info (git-fixes).\n- ALSA: us122l: Use snd_card_free_when_closed() at disconnection (git-fixes).\n- ALSA: usb-audio: Add Pioneer DJ/AlphaTheta DJM-A9 Mixer (stable-fixes).\n- ALSA: usb-audio: Add delay quirk for VIVO USB-C HEADSET (stable-fixes).\n- ALSA: usb-audio: Add input value sanity checks for standard types (stable-fixes).\n- ALSA: usb-audio: Add logitech Audio profile quirk (stable-fixes).\n- ALSA: usb-audio: Add native DSD support for Luxman D-08u (stable-fixes).\n- ALSA: usb-audio: Add quirk for HP 320 FHD Webcam (bsc#1232768).\n- ALSA: usb-audio: Add quirks for Dell WD19 dock (stable-fixes).\n- ALSA: usb-audio: Define macros for quirk table entries (stable-fixes).\n- ALSA: usb-audio: Fix Yamaha P-125 Quirk Entry (stable-fixes).\n- ALSA: usb-audio: Fix a DMA to stack memory bug (git-fixes).\n- ALSA: usb-audio: Fix out of bounds reads when finding clock sources (stable-fixes).\n- ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices (git-fixes).\n- ALSA: usb-audio: Make mic volume workarounds globally applicable (stable-fixes).\n- ALSA: usb-audio: Replace complex quirk lines with macros (stable-fixes).\n- ALSA: usb-audio: Use snprintf instead of sprintf in build_mixer_unit_ctl (stable-fixes).\n- ALSA: usb-audio: add mixer mapping for Corsair HS80 (stable-fixes).\n- ALSA: usx2y: Use snd_card_free_when_closed() at disconnection (git-fixes).\n- ASoC: Intel: avs: da7219: Remove suspend_pre() and resume_post() (stable-fixes).\n- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet (stable-fixes).\n- ASoC: Intel: bytcr_rt5640: Add support for non ACPI instantiated codec (stable-fixes).\n- ASoC: Intel: sst: Fix used of uninitialized ctx to log an error (git-fixes).\n- ASoC: Intel: sst: Support LPE0F28 ACPI HID (stable-fixes).\n- ASoC: SOF: Add i2s bt dai configuration support for AMD platforms (bsc#1233305).\n- ASoC: SOF: Add support for configuring PDM interface from topology (bsc#1233305).\n- ASoC: SOF: Deprecate invalid enums in IPC3 (bsc#1233305).\n- ASoC: SOF: IPC4: get pipeline priority from topology (bsc#1233305).\n- ASoC: SOF: IPC4: synchronize fw_config_params with fw definitions (bsc#1233305).\n- ASoC: SOF: Refactor sof_i2s_tokens reading to update acpbt dai (bsc#1233305).\n- ASoC: SOF: Rename amd_bt sof_dai_type (bsc#1233305).\n- ASoC: SOF: Wire up buffer flags (bsc#1233305).\n- ASoC: SOF: add alignment for topology header file struct definition (bsc#1233305).\n- ASoC: SOF: align topology header file with sof topology header (bsc#1233305).\n- ASoC: SOF: ipc3-topology: Convert the topology pin index to ALH dai index (git-fixes).\n- ASoC: SOF: ipc3-topology: fix resource leaks in sof_ipc3_widget_setup_comp_dai() (git-fixes).\n- ASoC: SOF: ipc4-control: Add support for ALSA enum control (bsc#1233305).\n- ASoC: SOF: ipc4-control: Add support for ALSA switch control (bsc#1233305).\n- ASoC: SOF: ipc4-mtrace: move debug slot related definitions to header.h (bsc#1233305).\n- ASoC: SOF: ipc4-topology: Add deep buffer size to debug prints (bsc#1233305).\n- ASoC: SOF: ipc4-topology: Add definition for generic switch/enum control (bsc#1233305).\n- ASoC: SOF: ipc4-topology: Add module ID print during module set up (bsc#1233305).\n- ASoC: SOF: ipc4-topology: Helper to find an swidget by module/instance id (bsc#1233305).\n- ASoC: SOF: ipc4-topology: Only handle dai_config with HW_PARAMS for ChainDMA (bsc#1233305).\n- ASoC: SOF: ipc4-topology: change chain_dma handling in dai_config (bsc#1233305).\n- ASoC: SOF: ipc4-topology: export sof_ipc4_copier_is_single_format (bsc#1233305).\n- ASoC: SOF: ipc4-topology: set config_length based on device_count (bsc#1233305).\n- ASoC: SOF: ipc4: Add data struct for module notification message from firmware (bsc#1233305).\n- ASoC: SOF: ipc4: Add new message type: SOF_IPC4_GLB_LOAD_LIBRARY_PREPARE (bsc#1233305).\n- ASoC: SOF: sof-client-probes-ipc4: Set param_size extension bits (git-fixes).\n- ASoC: SOF: topology: Parse DAI type token for dspless mode (bsc#1233305).\n- ASoC: SOF: topology: dynamically allocate and store DAI widget-\u003eprivate (bsc#1233305).\n- ASoC: amd: yc: Add quirk for ASUS Vivobook S15 M3502RA (stable-fixes).\n- ASoC: amd: yc: Add quirk for HP Dragonfly pro one (stable-fixes).\n- ASoC: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry (git-fixes).\n- ASoC: amd: yc: Fix non-functional mic on ASUS E1404FA (stable-fixes).\n- ASoC: amd: yc: Support dmic on another model of Lenovo Thinkpad E14 Gen 6 (stable-fixes).\n- ASoC: amd: yc: fix internal mic on Xiaomi Book Pro 14 2022 (stable-fixes).\n- ASoC: atmel: mchp-pdmc: Skip ALSA restoration if substream runtime is uninitialized (git-fixes).\n- ASoC: audio-graph-card2: Purge absent supplies for device tree nodes (stable-fixes).\n- ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() (git-fixes).\n- ASoC: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to default regs values (stable-fixes).\n- ASoC: codecs: rt5640: Always disable IRQs from rt5640_cancel_work() (stable-fixes).\n- ASoC: codecs: wsa883x: Handle reading version failure (stable-fixes).\n- ASoC: cs42l51: Fix some error handling paths in cs42l51_probe() (git-fixes).\n- ASoC: dapm: fix bounds checker error in dapm_widget_list_create (git-fixes).\n- ASoC: fsl_micfil: Add sample rate constraint (stable-fixes).\n- ASoC: fsl_micfil: fix regmap_write_bits usage (git-fixes).\n- ASoC: fsl_sai: Enable \u0027FIFO continue on error\u0027 FCONT bit (stable-fixes).\n- ASoC: imx-card: Set card.owner to avoid a warning calltrace if SND=m (git-fixes).\n- ASoC: max98388: Fix missing increment of variable slot_found (git-fixes).\n- ASoC: mediatek: mt8188-mt6359: Remove hardcoded dmic codec (git-fixes).\n- ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() (git-fixes).\n- ASoC: qcom: sm8250: add qrb4210-rb2-sndcard compatible string (stable-fixes).\n- ASoC: rt722-sdca: Remove logically deadcode in rt722-sdca.c (git-fixes).\n- ASoC: rt722-sdca: increase clk_stop_timeout to fix clock stop issue (stable-fixes).\n- ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove (git-fixes).\n- ASoC: stm: Prevent potential division by zero in stm32_sai_get_clk_div() (stable-fixes).\n- ASoC: stm: Prevent potential division by zero in stm32_sai_mclk_round_rate() (stable-fixes).\n- ASoC: tas2781: Add new driver version for tas2563 \u0026 tas2781 qfn chip (stable-fixes).\n- ASoC: tas2781: Use of_property_read_reg() (stable-fixes).\n- Bluetooth: Call iso_exit() on module unload (git-fixes).\n- Bluetooth: ISO: Fix multiple init when debugfs is disabled (git-fixes).\n- Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync (git-fixes).\n- Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change (git-fixes).\n- Bluetooth: Remove debugfs directory on module init failure (git-fixes).\n- Bluetooth: bnep: fix wild-memory-access in proto_unregister (git-fixes).\n- Bluetooth: btintel: Direct exception event to bluetooth stack (git-fixes).\n- Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).\n- Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test (bsc#1230557)\n- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0489:0xe122 (stable-fixes).\n- Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 (git-fixes).\n- Bluetooth: fix use-after-free in device_for_each_child() (git-fixes).\n- Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs (git-fixes).\n- Bluetooth: hci_core: Fix calling mgmt_device_connected (git-fixes).\n- Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (git-fixes).\n- Documentation: kgdb: Correct parameter error (git-fixes).\n- HID: Ignore battery for all ELAN I2C-HID devices (stable-fixes).\n- HID: amd_sfh: Switch to device-managed dmam_alloc_coherent() (git-fixes).\n- HID: core: zero-initialize the report buffer (git-fixes).\n- HID: i2c-hid: Remove I2C_HID_QUIRK_SET_PWR_WAKEUP_DEV quirk (stable-fixes).\n- HID: lenovo: Add support for Thinkpad X1 Tablet Gen 3 keyboard (stable-fixes).\n- HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad (stable-fixes).\n- HID: multitouch: Add quirk for Logitech Bolt receiver w/ Casa touchpad (stable-fixes).\n- HID: multitouch: Add support for B2402FVA track point (stable-fixes).\n- HID: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio (stable-fixes).\n- HID: multitouch: Add support for lenovo Y9000P Touchpad (stable-fixes).\n- HID: plantronics: Workaround for an unexcepted opposite volume key (stable-fixes).\n- HID: wacom: Interpret tilt data from Intuos Pro BT as signed values (git-fixes).\n- HID: wacom: fix when get product name maybe null pointer (git-fixes).\n- Input: adp5589-keys - fix NULL pointer dereference (git-fixes).\n- Input: adp5589-keys - fix adp5589_gpio_get_value() (git-fixes).\n- Input: edt-ft5x06 - fix regmap leak when probe fails (git-fixes).\n- Input: hideep - add missing dependency on REGMAP_I2C (git-fixes).\n- Input: hycon-hy46xx - add missing dependency on REGMAP_I2C (git-fixes).\n- Input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk table (stable-fixes).\n- Input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk table (stable-fixes).\n- Input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD line (stable-fixes).\n- Input: xpad - add GameSir T4 Kaleid Controller support (git-fixes).\n- Input: xpad - add GameSir VID for Xbox One controllers (git-fixes).\n- Input: xpad - add support for 8BitDo Ultimate 2C Wireless Controller (git-fixes).\n- Input: xpad - add support for MSI Claw A1M (git-fixes).\n- Input: xpad - add support for Machenike G5 Pro Controller (git-fixes).\n- Input: xpad - fix support for some third-party controllers (git-fixes).\n- Input: xpad - sort xpad_device by vendor and product ID (git-fixes).\n- Input: xpad - spelling fixes for \"Xbox\" (git-fixes).\n- KVM: Fix coalesced_mmio_has_room() to avoid premature userspace exit (git-fixes).\n- KVM: PPC: Book3S HV: Avoid returning to nested hypervisor on pending doorbells (bsc#1215199).\n- KVM: PPC: Book3S HV: Stop using vc-\u003edpdes for nested KVM guests (bsc#1215199).\n- KVM: PPC: Book3S HV: remove unused varible (bsc#1194869).\n- KVM: SEV-ES: Fix svm_get_msr()/svm_set_msr() for KVM_SEV_ES_INIT guests (bsc#1232207).\n- KVM: SEV-ES: Prevent MSR access post VMSA encryption (bsc#1232207).\n- KVM: SVM: Disallow guest from changing userspace\u0027s MSR_AMD64_DE_CFG value (git-fixes).\n- KVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock (git-fixes).\n- KVM: VMX: Also clear SGX EDECCSSA in KVM CPU caps when SGX is disabled (git-fixes).\n- KVM: VMX: Set PFERR_GUEST_{FINAL,PAGE}_MASK if and only if the GVA is valid (git-fixes).\n- KVM: Write the per-page \"segment\" when clearing (part of) a guest page (git-fixes).\n- KVM: s390: Change virtual to physical address access in diag 0x258 handler (git-fixes bsc#1232626).\n- KVM: s390: Fix SORTL and DFLTCC instruction format error in __insn32_query (git-fixes bsc#1231276).\n- KVM: s390: gaccess: Check if guest address is in memslot (git-fixes bsc#1232623).\n- KVM: x86/mmu: Skip emulation on page fault iff 1+ SPs were unprotected (git-fixes).\n- KVM: x86/mmu: Trigger unprotect logic only on write-protection page faults (git-fixes).\n- KVM: x86: Dedup fastpath MSR post-handling logic (git-fixes).\n- KVM: x86: Enforce x2APIC\u0027s must-be-zero reserved ICR bits (git-fixes).\n- KVM: x86: Exit to userspace if fastpath triggers one on instruction skip (git-fixes).\n- KVM: x86: Move x2APIC ICR helper above kvm_apic_write_nodecode() (git-fixes).\n- KVM: x86: Re-enter guest if WRMSR(X2APIC_ICR) fastpath is successful (git-fixes).\n- KVM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC) (git-fixes).\n- NFS: Avoid unnecessary rescanning of the per-server delegation list (git-fixes).\n- NFS: remove revoked delegation from server\u0027s delegation list (git-fixes).\n- NFSD: Fix NFSv4\u0027s PUTPUBFH operation (git-fixes).\n- NFSD: Mark filecache \"down\" if init fails (git-fixes).\n- NFSv3: only use NFS timeout for MOUNT when protocols are compatible (bsc#1231016).\n- NFSv4: Fix clearing of layout segments in layoutreturn (git-fixes).\n- PCI: Add ACS quirk for Qualcomm SA8775P (stable-fixes).\n- PCI: Add T_PVPERL macro (git-fixes).\n- PCI: Add function 0 DMA alias quirk for Glenfly Arise chip (stable-fixes).\n- PCI: Fix pci_enable_acs() support for the ACS quirks (bsc#1229019).\n- PCI: Fix reset_method_store() memory leak (git-fixes).\n- PCI: Mark Creative Labs EMU20k2 INTx masking as broken (stable-fixes).\n- PCI: endpoint: Clear secondary (not primary) EPC in pci_epc_remove_epf() (git-fixes).\n- PCI: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds (git-fixes).\n- PCI: keystone: Add link up check to ks_pcie_other_map_bus() (git-fixes).\n- PCI: keystone: Set mode as Root Complex for \"ti,keystone-pcie\" compatible (git-fixes).\n- PCI: rockchip-ep: Fix address translation unit programming (git-fixes).\n- RAS/AMD/ATL: Add amd_atl pr_fmt() prefix (jsc#PED-10559).\n- RAS/AMD/ATL: Expand helpers for adding and removing base and hole (jsc#PED-10559).\n- RAS/AMD/ATL: Implement DF 4.5 NP2 denormalization (jsc#PED-10559).\n- RAS/AMD/ATL: Read DRAM hole base early (jsc#PED-10559).\n- RAS/AMD/ATL: Validate address map when information is gathered (jsc#PED-10559).\n- RDMA/bnxt_re: Add a check for memory allocation (git-fixes)\n- RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop (git-fixes)\n- RDMA/bnxt_re: Change the sequence of updating the CQ toggle value (git-fixes)\n- RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey (git-fixes)\n- RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (git-fixes)\n- RDMA/bnxt_re: Fix a possible memory leak (git-fixes)\n- RDMA/bnxt_re: Fix incorrect AVID type in WQE structure (git-fixes)\n- RDMA/bnxt_re: Fix incorrect dereference of srq in async event (git-fixes)\n- RDMA/bnxt_re: Fix out of bound check (git-fixes)\n- RDMA/bnxt_re: Fix the GID table length (git-fixes)\n- RDMA/bnxt_re: Fix the max CQ WQEs for older adapters (git-fixes)\n- RDMA/bnxt_re: Fix the usage of control path spin locks (git-fixes)\n- RDMA/bnxt_re: Return more meaningful error (git-fixes)\n- RDMA/bnxt_re: synchronize the qp-handle table array (git-fixes)\n- RDMA/core: Fix ENODEV error for iWARP test over vlan (git-fixes)\n- RDMA/cxgb4: Dump vendor specific QP details (git-fixes)\n- RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP (git-fixes)\n- RDMA/hns: Add mutex_destroy() (git-fixes)\n- RDMA/hns: Disassociate mmap pages for all uctx when HW is being reset (git-fixes)\n- RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (git-fixes)\n- RDMA/hns: Fix an AEQE overflow error caused by untimely update of eq_db_ci (git-fixes)\n- RDMA/hns: Fix cpu stuck caused by printings during reset (git-fixes)\n- RDMA/hns: Fix different dgids mapping to the same dip_idx (git-fixes)\n- RDMA/hns: Fix flush cqe error when racing with destroy qp (git-fixes)\n- RDMA/hns: Fix out-of-order issue of requester when setting FENCE (git-fixes)\n- RDMA/hns: Use dev_* printings in hem code instead of ibdev_* (git-fixes)\n- RDMA/hns: Use macro instead of magic number (git-fixes)\n- RDMA/irdma: Fix misspelling of \"accept*\" (git-fixes)\n- RDMA/mad: Improve handling of timed out WRs of mad agent (git-fixes)\n- RDMA/mana_ib: use the correct page size for mapping user-mode doorbell page (git-fixes).\n- RDMA/mana_ib: use the correct page table index based on hardware page size (git-fixes).\n- RDMA/mlx5: Enforce umem boundaries for explicit ODP page faults (git-fixes)\n- RDMA/mlx5: Move events notifier registration to be after device registration (git-fixes)\n- RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down (git-fixes)\n- RDMA/mlx5: Use sq timestamp as QP timestamp when RoCE is disabled (git-fixes).\n- RDMA/rtrs-srv: Avoid null pointer deref during path establishment (git-fixes)\n- RDMA/rxe: Fix the qp flush warnings in req (git-fixes)\n- RDMA/rxe: Set queue pair cur_qp_state when being queried (git-fixes)\n- RDMA/siw: Add sendpage_ok() check to disable MSG_SPLICE_PAGES (git-fixes)\n- RDMA/srpt: Make slab cache names unique (git-fixes)\n- Revert \"ALSA: hda/conexant: Mute speakers at suspend / shutdown\" (bsc#1228269).\n- Revert \"ALSA: hda: Conditionally use snooping for AMD HDMI\" (stable-fixes).\n- Revert \"KEYS: encrypted: Add check for strsep\" (git-fixes).\n- Revert \"KVM: PPC: Book3S HV Nested: Stop forwarding all HFUs to L1\" (bsc#1215199).\n- Revert \"RDMA/core: Fix ENODEV error for iWARP test over vlan\" (git-fixes)\n- Revert \"cgroup: Fix memory leak caused by missing cgroup_bpf_offline\" (bsc#1234108).\n- Revert \"cpufreq: brcmstb-avs-cpufreq: Fix initial command check\" (stable-fixes).\n- Revert \"driver core: Fix uevent_show() vs driver detach race\" (git-fixes).\n- Revert \"ixgbe: Manual AN-37 for troublesome link partners for X550 SFI\" (git-fixes).\n- Revert \"mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K\" (git-fixes).\n- Revert \"ubifs: ubifs_symlink: Fix memleak of inode-\u003ei_link in error path\" (git-fixes).\n- Revert \"usb: gadget: composite: fix OS descriptors w_value logic\" (git-fixes).\n- Revert \"wifi: iwlwifi: remove retry loops in start\" (git-fixes).\n- SUNRPC: Fix integer overflow in decode_rc_list() (git-fixes).\n- SUNRPC: Fixup gss_status tracepoint error output (git-fixes).\n- SUNRPC: Remove BUG_ON call sites (git-fixes).\n- SUNRPC: clnt.c: Remove misleading comment (git-fixes).\n- USB: appledisplay: close race between probe and completion handler (git-fixes).\n- USB: chaoskey: Fix possible deadlock chaoskey_list_lock (git-fixes).\n- USB: chaoskey: fail open after removal (git-fixes).\n- USB: gadget: dummy-hcd: Fix \"task hung\" problem (git-fixes).\n- USB: misc: cypress_cy7c63: check for short transfer (git-fixes).\n- USB: misc: yurex: fix race between read and write (git-fixes).\n- USB: serial: ftdi_sio: Fix atomicity violation in get_serial_info() (git-fixes).\n- USB: serial: io_edgeport: fix use after free in debug printk (git-fixes).\n- USB: serial: option: add Fibocom FG132 0x0112 composition (stable-fixes).\n- USB: serial: option: add Quectel RG650V (stable-fixes).\n- USB: serial: option: add Telit FN920C04 MBIM compositions (stable-fixes).\n- USB: serial: option: add support for Quectel EG916Q-GL (stable-fixes).\n- USB: serial: qcserial: add support for Sierra Wireless EM86xx (stable-fixes).\n- accel/qaic: Fix the for loop used to walk SG table (git-fixes).\n- accel: Use XArray instead of IDR for minors (jsc#PED-11580).\n- acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() (git-fixes).\n- ad7780: fix division by zero in ad7780_write_raw() (git-fixes).\n- aes-gcm-p10: Use the correct bit to test for P10 (bsc#1232704).\n- amd-pstate: Set min_perf to nominal_perf for active mode performance gov (git-fixes).\n- apparmor: fix \u0027Do simple duplicate message elimination\u0027 (git-fixes).\n- apparmor: test: Fix memory leak for aa_unpack_strdup() (git-fixes).\n- apparmor: use kvfree_sensitive to free data-\u003edata (git-fixes).\n- arm64: Subscribe Microsoft Azure Cobalt 100 to erratum 3194386 (git-fixes)\n- arm64: cputype: Add Neoverse-N3 definitions (git-fixes)\n- arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer (git-fixes)\n- arm64: dts: freescale: imx8mm-verdin: Fix SD regulator startup delay (git-fixes)\n- arm64: dts: freescale: imx8mp-verdin: Fix SD regulator startup delay (git-fixes)\n- arm64: dts: imx8-ss-vpu: Fix imx8qm VPU IRQs (git-fixes)\n- arm64: dts: imx8qxp: Add VPU subsystem file (git-fixes)\n- arm64: dts: imx93: add nvmem property for eqos (git-fixes)\n- arm64: dts: imx93: add nvmem property for fec1 (git-fixes)\n- arm64: dts: imx93: add ocotp node (git-fixes)\n- arm64: dts: rockchip: Add DTS for FriendlyARM NanoPi R2S Plus (git-fixes)\n- arm64: dts: rockchip: Correct GPIO polarity on brcm BT nodes (git-fixes)\n- arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc (git-fixes)\n- arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards (git-fixes)\n- arm64: dts: rockchip: Fix bluetooth properties on rk3566 box demo (git-fixes)\n- arm64: dts: rockchip: Fix reset-gpios property on brcm BT nodes (git-fixes)\n- arm64: dts: rockchip: Fix rt5651 compatible value on (git-fixes)\n- arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-eaidk-610 (git-fixes)\n- arm64: dts: rockchip: Fix wakeup prop names on PineNote BT node (git-fixes)\n- arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma (git-fixes)\n- arm64: dts: rockchip: Remove hdmi\u0027s 2nd interrupt on rk3328 (git-fixes)\n- arm64: dts: rockchip: Remove undocumented supports-emmc property (git-fixes)\n- arm64: dts: rockchip: fix i2c2 pinctrl-names property on (git-fixes)\n- arm64: dts: rockchip: remove num-slots property from (git-fixes)\n- arm64: dts: rockchip: remove orphaned pinctrl-names from pinephone (git-fixes)\n- arm64: errata: Enable the AC03_CPU_38 workaround for ampere1a (git-fixes).\n- arm64: errata: Expand speculative SSBS workaround once more (git-fixes)\n- arm64: esr: Define ESR_ELx_EC_* constants as UL (git-fixes)\n- arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG (git-fixes)\n- arm64: fix selection of HAVE_DYNAMIC_FTRACE_WITH_ARGS (git-fixes).\n- arm64: probes: Fix simulate_ldr*_literal() (git-fixes)\n- arm64: probes: Fix uprobes for big-endian kernels (git-fixes)\n- arm64: probes: Remove broken LDR (literal) uprobe support (git-fixes)\n- arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint (git-fixes)\n- arm64: smccc: replace custom COUNT_ARGS() \u0026 CONCATENATE() (git-fixes)\n- arm64: tegra: Move AGX Orin nodes to correct location (git-fixes)\n- arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled (git-fixes)\n- ata: libata: Set DID_TIME_OUT for commands that actually timed out (git-fixes).\n- ata: libata: avoid superfluous disk spin down + spin up during hibernation (git-fixes).\n- audit: do not WARN_ON_ONCE(!current-\u003emm) in audit_exe_compare() (git-fixes).\n- audit: do not take task_lock() in audit_exe_compare() code path (git-fixes).\n- block: print symbolic error name instead of error code (bsc#1231872).\n- block: sed-opal: add ioctl IOC_OPAL_SET_SID_PW (bsc#1229677).\n- bnxt_en: Cap the size of HWRM_PORT_PHY_QCFG forwarded response (git-fixes).\n- bnxt_en: Fix error recovery for 5760X (P7) chips (git-fixes).\n- bnxt_en: Fix the PCI-AER routines (git-fixes).\n- bnxt_en: Restore PTP tx_avail count in case of skb_pad() error (git-fixes).\n- bnxt_en: refactor reset close code (git-fixes).\n- bpf, arm64: Fix address emission with tag-based KASAN enabled (git-fixes)\n- bpf, arm64: Remove garbage frame for struct_ops trampoline (git-fixes)\n- bpf, lsm: Add disabled BPF LSM hook list (git-fixes).\n- bpf, net: Fix a potential race in do_sock_getsockopt() (git-fixes).\n- bpf, sockmap: SK_DROP on attempted redirects of unsupported af_vsock (git-fixes).\n- bpf, verifier: Correct tail_call_reachable for bpf prog (git-fixes).\n- bpf, vsock: Drop static vsock_bpf_prot initialization (git-fixes).\n- bpf, x64: Remove tail call detection (git-fixes).\n- bpf,perf: Fix perf_event_detach_bpf_prog error handling (git-fixes).\n- bpf: Fail verification for sign-extension of packet data/data_end/data_meta (git-fixes).\n- bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit (git-fixes).\n- bpf: Fix error message on kfunc arg type mismatch (git-fixes).\n- bpf: Fix helper writes to read-only maps (git-fixes).\n- bpf: Fix tailcall cases in test_bpf (git-fixes).\n- bpf: Fix truncation bug in coerce_reg_to_size_sx() (git-fixes).\n- bpf: Improve check_raw_mode_ok test for MEM_UNINIT-tagged types (git-fixes).\n- bpf: Remove truncation test in bpf_strtol and bpf_strtoul helpers (git-fixes).\n- bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error (git-fixes).\n- bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos (git-fixes).\n- btf, scripts: rust: drop is_rust_module.sh (bsc#1230414 bsc#1229450).\n- btrfs: merge btrfs_orig_bbio_end_io() into btrfs_bio_end_io() (bsc#1233193)\n- btrfs: send: fix invalid clone operation for file that got its size decreased (git-fixes).\n- can: c_can: c_can_handle_bus_err(): update statistics if skb allocation fails (git-fixes).\n- can: c_can: fix {rx,tx}_errors statistics (git-fixes).\n- can: dev: can_set_termination(): allow sleeping GPIOs (git-fixes).\n- can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics (git-fixes).\n- can: hi311x: hi3110_can_ist(): fix potential use-after-free (git-fixes).\n- can: hi311x: hi3110_can_ist(): fix {rx,tx}_errors statistics (git-fixes).\n- can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes).\n- can: j1939: j1939_session_new(): fix skb reference counting (git-fixes).\n- can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes).\n- can: mcp251xfd: mcp251xfd_get_tef_len(): fix length calculation (git-fixes).\n- can: mcp251xfd: mcp251xfd_get_tef_len(): work around erratum DS80000789E 6 (git-fixes).\n- can: mcp251xfd: mcp251xfd_ring_alloc(): fix coalescing configuration when switching CAN modes (git-fixes).\n- can: netlink: avoid call to do_set_data_bittiming callback with stale can_priv::ctrlmode (stable-fixes).\n- can: sja1000: sja1000_err(): fix {rx,tx}_errors statistics (git-fixes).\n- can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL (git-fixes).\n- can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics (git-fixes).\n- ceph: fix cap ref leak via netfs init_request (bsc#1231384).\n- cgroup/bpf: only cgroup v2 can be attached by bpf programs (bsc#1234108).\n- clk: bcm: bcm53573: fix OF node leak in init (stable-fixes).\n- clk: clk-apple-nco: Add NULL check in applnco_probe (git-fixes).\n- clk: clk-axi-clkgen: make sure to enable the AXI bus clock (git-fixes).\n- clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D (stable-fixes).\n- clk: imx: clk-scu: fix clk enable state save and restore (git-fixes).\n- clk: imx: fracn-gppll: correct PLL initialization flow (git-fixes).\n- clk: imx: fracn-gppll: fix pll power up (git-fixes).\n- clk: imx: lpcg-scu: SW workaround for errata (e10858) (git-fixes).\n- clk: qcom: clk-alpha-pll: drop lucid-evo pll enabled warning (git-fixes).\n- clk: qcom: clk-alpha-pll: fix lucid 5lpe pll enabled check (git-fixes).\n- clk: qcom: gcc-qcs404: fix initial rate of GPLL3 (git-fixes).\n- clk: renesas: rzg2l: Fix FOUTPOSTDIV clk (git-fixes).\n- clk: sunxi-ng: d1: Fix PLL_AUDIO0 preset (git-fixes).\n- comedi: Flush partial mappings in error case (git-fixes).\n- comedi: ni_routing: tools: Check when the file could not be opened (stable-fixes).\n- config s390x: build ultravisor userspace access into the kernel (bsc#1232090).\n- config.sh: Remove Arm build project, we do not build armv7 configs\n- config: Disable LAM on x86 (bsc#1217845).\n- cpufreq/amd-pstate: Fix amd_pstate mode switch on shared memory systems (git-fixes).\n- cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost() (git-fixes).\n- cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw() (git-fixes).\n- cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_cost() (git-fixes).\n- cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_power() (git-fixes).\n- cpufreq: loongson2: Unregister platform_driver on failure (git-fixes).\n- cpufreq: mediatek-hw: Fix wrong return value in mtk_cpufreq_get_cpu_power() (git-fixes).\n- crypto: aes-gcm-p10 - Use the correct bit to test for P10 (bsc#1232704).\n- crypto: api - Fix liveliness check in crypto_alg_tested (stable-fixes).\n- crypto: bcm - add error check in the ahash_hmac_init function (git-fixes).\n- crypto: caam - Fix the pointer passed to caam_qi_shutdown() (git-fixes).\n- crypto: caam - add error check to caam_rsa_set_priv_key_form (git-fixes).\n- crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() (git-fixes).\n- crypto: cavium - Fix the if condition to exit loop after timeout (git-fixes).\n- crypto: hisilicon/qm - flush all work before driver removed (bsc#1232075)\n- crypto: inside-secure - Fix the return value of safexcel_xcbcmac_cra_init() (git-fixes).\n- crypto: octeontx - Fix authenc setkey (stable-fixes).\n- crypto: octeontx* - Select CRYPTO_AUTHENC (git-fixes).\n- crypto: octeontx2 - Fix authenc setkey (stable-fixes).\n- crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY (git-fixes).\n- crypto: powerpc/p10-aes-gcm - Add dependency on CRYPTO_SIMD and re-enable CRYPTO_AES_GCM_P10 (bsc#1230501 ltc#208632).\n- crypto: powerpc/p10-aes-gcm - Disable CRYPTO_AES_GCM_P10 (bsc#1230501 ltc#208632).\n- crypto: powerpc/p10-aes-gcm - Re-write AES/GCM stitched implementation (bsc#1230501 ltc#208632).\n- crypto: powerpc/p10-aes-gcm - Register modules as SIMD (bsc#1230501 ltc#208632).\n- crypto: qat - remove check after debugfs_create_dir() (git-fixes).\n- crypto: qat - remove faulty arbiter config reset (git-fixes).\n- crypto: qat/qat_4xxx - fix off by one in uof_get_name() (git-fixes).\n- crypto: x86/aegis128 - access 32-bit arguments as 32-bit (git-fixes).\n- cxgb4: Properly lock TX queue for the selftest (git-fixes).\n- cxgb4: add forgotten u64 ivlan cast before shift (git-fixes).\n- cxgb4: unnecessary check for 0 in the free_sge_txq_uld() function (git-fixes).\n- cxl: downgrade a warning message to debug level in cxl_probe_component_regs() (bsc#1229165).\n- dcache: keep dentry_hashtable or d_hash_shift even when not used (git-fixes).\n- debugfs: fix automount d_fsdata usage (git-fixes).\n- devlink: Fix command annotation documentation (git-fixes).\n- dma-fence: Fix reference leak on fence merge failure path (git-fixes).\n- dma-fence: Use kernel\u0027s sort for merging fences (git-fixes).\n- dmaengine: sh: rz-dmac: handle configs where one address is zero (git-fixes).\n- dmaengine: ti: k3-udma: Set EOP for all TRs in cyclic BCDMA transfer (git-fixes).\n- doc: rcu: update printed dynticks counter bits (git-fixes).\n- driver core: bus: Fix double free in driver API bus_register() (stable-fixes).\n- driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute (stable-fixes).\n- drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend() (git-fixes).\n- drm/amd/amdgpu: Fix double unlock in amdgpu_mes_add_ring (git-fixes).\n- drm/amd/display: Add HDMI DSC native YCbCr422 support (stable-fixes).\n- drm/amd/display: Add disable timeout option (bsc#1231435)\n- drm/amd/display: Adjust VSDB parser for replay feature (stable-fixes).\n- drm/amd/display: Check link_res-\u003ehpo_dp_link_enc before using it (bsc#1231944)\n- drm/amd/display: Check null pointer before dereferencing se (stable-fixes).\n- drm/amd/display: Clean up dsc blocks in accelerated mode (stable-fixes).\n- drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too (stable-fixes).\n- drm/amd/display: Fix brightness level not retained over reboot (git-fixes).\n- drm/amd/display: Fix null check for pipe_ctx-\u003eplane_state in dcn20_program_pipe (git-fixes).\n- drm/amd/display: Fix null check for pipe_ctx-\u003eplane_state in hwss_setup_dpp (git-fixes).\n- drm/amd/display: Remove a redundant check in authenticated_dp (stable-fixes).\n- drm/amd/display: Revert \"Check HDCP returned status\" (stable-fixes).\n- drm/amd/display: Round calculated vtotal (stable-fixes).\n- drm/amd/display: Skip to enable dsc if it has been off (stable-fixes).\n- drm/amd/display: Validate backlight caps are sane (stable-fixes).\n- drm/amd/pm: Vangogh: Fix kernel memory out of bounds write (git-fixes).\n- drm/amd: Add some missing straps from NBIO 7.11.0 (git-fixes).\n- drm/amd: Fix initialization mistake for NBIO 7.7.0 (stable-fixes).\n- drm/amd: Guard against bad data for ATIF ACPI method (git-fixes).\n- drm/amdgpu/swsmu: Only force workload setup on init (git-fixes).\n- drm/amdgpu/vcn: enable AV1 on both instances (stable-fixes).\n- drm/amdgpu: Adjust debugfs eviction and IB access permissions (stable-fixes).\n- drm/amdgpu: Adjust debugfs register access permissions (stable-fixes).\n- drm/amdgpu: Fix DPX valid mode check on GC 9.4.3 (git-fixes).\n- drm/amdgpu: Fix JPEG v4.0.3 register write (git-fixes).\n- drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() (stable-fixes).\n- drm/amdgpu: fix check in gmc_v9_0_get_vm_pte() (git-fixes).\n- drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported (git-fixes).\n- drm/amdkfd: Accounting pdd vram_usage for svm (stable-fixes).\n- drm/amdkfd: Fix wrong usage of INIT_WORK() (git-fixes).\n- drm/bridge: anx7625: Drop EDID cache on bridge power off (git-fixes).\n- drm/bridge: it6505: Drop EDID cache on bridge power off (git-fixes).\n- drm/bridge: tc358767: Fix link properties discovery (git-fixes).\n- drm/bridge: tc358768: Fix DSI command tx (git-fixes).\n- drm/etnaviv: Request pages from DMA32 zone on addressing_limited (git-fixes).\n- drm/etnaviv: hold GPU lock across perfmon sampling (git-fixes).\n- drm/i915/gem: fix bitwise and logical AND mixup (git-fixes).\n- drm/i915/hdcp: fix connector refcounting (git-fixes).\n- drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).\n- drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).\n- drm/mediatek: Fix child node refcount handling in early exit (git-fixes).\n- drm/mediatek: Fix get efuse issue for MT8188 DPTX (git-fixes).\n- drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused (git-fixes).\n- drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).\n- drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk() (git-fixes).\n- drm/msm/dpu: check for overflow in _dpu_crtc_setup_lm_bounds() (git-fixes).\n- drm/msm/dpu: do not always program merge_3d block (git-fixes).\n- drm/msm/dpu: drop LM_3 / LM_4 on MSM8998 (git-fixes).\n- drm/msm/dpu: drop LM_3 / LM_4 on SDM845 (git-fixes).\n- drm/msm/dpu: make sure phys resources are properly initialized (git-fixes).\n- drm/msm/dpu: move CRTC resource assignment to dpu_encoder_virt_atomic_check (git-fixes).\n- drm/msm/dpu: on SDM845 move DSPP_3 to LM_5 block (git-fixes).\n- drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation (git-fixes).\n- drm/msm/dsi: improve/fix dsc pclk calculation (git-fixes).\n- drm/msm/gpu: Check the status of registration to PM QoS (git-fixes).\n- drm/msm: Allocate memory for disp snapshot with kvzalloc() (git-fixes).\n- drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() (git-fixes).\n- drm/msm: Fix some typos in comment (git-fixes).\n- drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new() (git-fixes).\n- drm/omap: Fix locking in omap_gem_new_dmabuf() (git-fixes).\n- drm/omap: Fix possible NULL dereference (git-fixes).\n- drm/panfrost: Add missing OPP table refcnt decremental (git-fixes).\n- drm/panfrost: Remove unused id_mask from struct panfrost_model (git-fixes).\n- drm/radeon: Fix encoder-\u003epossible_clones (git-fixes).\n- drm/rockchip: vop: Fix a dereferenced before check warning (git-fixes).\n- drm/sched: Add locking to drm_sched_entity_modify_sched (git-fixes).\n- drm/sched: Always wake up correct scheduler in drm_sched_entity_push_job (git-fixes).\n- drm/sti: Add __iomem for mixer_dbg_mxn\u0027s parameter (git-fixes).\n- drm/sti: avoid potential dereference of error pointers (git-fixes).\n- drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check (git-fixes).\n- drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check (git-fixes).\n- drm/v3d: Address race-condition in MMU flush (git-fixes).\n- drm/v3d: Enable Performance Counters before clearing them (git-fixes).\n- drm/v3d: Stop the active perfmon before being destroyed (git-fixes).\n- drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA (stable-fixes).\n- drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_atomic_flush (git-fixes).\n- drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_lut_load (git-fixes).\n- drm/vc4: Stop the active perfmon before being destroyed (git-fixes).\n- drm/vc4: hdmi: Avoid hang with debug registers when suspended (git-fixes).\n- drm/vc4: hvs: Correct logic on stopping an HVS channel (git-fixes).\n- drm/vc4: hvs: Do not write gamma luts on 2711 (git-fixes).\n- drm/vc4: hvs: Fix dlist debug not resetting the next entry pointer (git-fixes).\n- drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs function (git-fixes).\n- drm/vkms: Drop unnecessary call to drm_crtc_cleanup() (git-fixes).\n- drm/vmwgfx: Handle surface check failure correctly (git-fixes).\n- drm/vmwgfx: Limit display layout ioctl array size to VMWGFX_NUM_DISPLAY_UNITS (stable-fixes).\n- drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS (git-fixes).\n- drm: Expand max DRM device number to full MINORBITS (jsc#PED-11580).\n- drm: Use XArray instead of IDR for minors (jsc#PED-11580).\n- drm: use ATOMIC64_INIT() for atomic64_t (git-fixes).\n- drm: xlnx: zynqmp_dpsub: fix hotplug detection (git-fixes).\n- drm: zynqmp_kms: Unplug DRM device before removal (git-fixes).\n- dwc2: Drop USB dwc2 patch that caused a regression on RPi3 (bsc#1232342)\n- e1000e: Fix S0ix residency on corporate systems (git-fixes).\n- e1000e: Remove Meteor Lake SMBUS workarounds (git-fixes).\n- e1000e: change I219 (19) devices to ADP (git-fixes).\n- e1000e: fix force smbus during suspend flow (git-fixes).\n- e1000e: move force SMBUS near the end of enable_ulp function (git-fixes).\n- efi/libstub: Free correct pointer on failure (git-fixes).\n- efi/libstub: fix efi_parse_options() ignoring the default command line (git-fixes).\n- efi/libstub: zboot.lds: Discard .discard sections (stable-fixes).\n- efi/memattr: Ignore table if the size is clearly bogus (bsc#1231465).\n- efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption (stable-fixes).\n- eth: bnxt: fix counting packets discarded due to OOM and netpoll (git-fixes).\n- ext4: do not track ranges in fast_commit if inode has inlined data (bsc#1231635).\n- ext4: fix fast commit inode enqueueing during a full journal commit (bsc#1231636).\n- ext4: fix incorrect tid assumption in ext4_fc_mark_ineligible() (bsc#1231637).\n- ext4: fix possible tid_t sequence overflows (bsc#1231634).\n- ext4: fix slab-use-after-free in ext4_split_extent_at() (bsc#1232201)\n- ext4: fix unttached inode after power cut with orphan file feature enabled (bsc#1234009).\n- ext4: mark fc as ineligible using an handle in ext4_xattr_set() (bsc#1231640).\n- ext4: use handle to mark fc as ineligible in __track_dentry_update() (bsc#1231639).\n- f2fs: get out of a repeat loop when getting a locked data page (bsc#1234011).\n- fat: fix uninitialized variable (git-fixes).\n- fbcon: Fix a NULL pointer dereference issue in fbcon_putcs (stable-fixes).\n- fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() (git-fixes).\n- fbdev: sisfb: Fix strbuf array overflow (stable-fixes).\n- fgraph: Change the name of cpuhp state to \"fgraph:online\" (git-fixes).\n- fgraph: Fix missing unlock in register_ftrace_graph() (git-fixes).\n- fgraph: Use CPU hotplug mechanism to initialize idle shadow stacks (git-fixes).\n- filemap: remove use of wait bookmarks (bsc#1224088).\n- firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() (git-fixes).\n- firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup() (git-fixes).\n- firmware: arm_scpi: Check the DVFS OPP count returned by the firmware (git-fixes).\n- firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state() (git-fixes).\n- firmware: google: Unregister driver_info on failure (git-fixes).\n- firmware_loader: Fix possible resource leak in fw_log_firmware_info() (git-fixes).\n- fs/9p: drop inodes immediately on non-.L too (git-fixes).\n- fs/9p: fix the cache always being enabled on files with qid flags (git-fixes).\n- fs/ntfs3: Add more attributes checks in mi_enum_attr() (bsc#1233207)\n- fs/ntfs3: Fixed overflow check in mi_enum_attr() (bsc#1233207)\n- fs/ntfs3: Sequential field availability check in mi_enum_attr() (bsc#1233207)\n- fs: Fix uninitialized value issue in from_kuid and from_kgid (git-fixes).\n- genirq/msi: Fix off-by-one error in msi_domain_alloc() (git-fixes).\n- goldfish: Fix unused const variable \u0027goldfish_pipe_acpi_match\u0027 (git-fixes).\n- gpio: aspeed: Add the flush write to ensure the write complete (git-fixes).\n- gpio: aspeed: Use devm_clk api to manage clock source (git-fixes).\n- gpio: davinci: fix lazy disable (git-fixes).\n- gpio: exar: set value when external pull-up or pull-down is present (git-fixes).\n- gpio: zevio: Add missed label initialisation (git-fixes).\n- gve: Fix XDP TX completion handling when counters overflow (git-fixes).\n- gve: Fix an edge case for TSO skb validity check (git-fixes).\n- gve: ignore nonrelevant GSO type bits when processing TSO headers (git-fixes).\n- hid: intel-ish-hid: Fix uninitialized variable \u0027rv\u0027 in ish_fw_xfer_direct_dma (git-fixes).\n- hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event (git-fixes).\n- hv_sock: Initializing vsk-\u003etrans to NULL to prevent a dangling pointer (git-fixes).\n- hwmon: (adm9240) Add missing dependency on REGMAP_I2C (git-fixes).\n- hwmon: (adt7470) Add missing dependency on REGMAP_I2C (git-fixes).\n- hwmon: (max16065) Fix alarm attributes (git-fixes).\n- hwmon: (max16065) Remove use of i2c_match_id() (stable-fixes).\n- hwmon: (mc34vr500) Add missing dependency on REGMAP_I2C (git-fixes).\n- hwmon: (nct6775) add G15CF to ASUS WMI monitoring list (stable-fixes).\n- hwmon: (nct6775-core) Fix overflows seen when writing limit attributes (git-fixes).\n- hwmon: (tmp513) Add missing dependency on REGMAP_I2C (git-fixes).\n- hwmon: (tps23861) Fix reporting of negative temperatures (git-fixes).\n- hwmon: intel-m10-bmc-hwmon: relabel Columbiaville to CVL Die Temperature (git-fixes).\n- i2c: core: Setup i2c_adapter runtime-pm before calling device_add() (git-fixes).\n- i2c: core: fix lockdep warning for sparsely nested adapter chain (git-fixes).\n- i2c: cpm: Remove linux,i2c-index conversion from be32 (git-fixes).\n- i2c: designware: do not hold SCL low when I2C_DYNAMIC_TAR_UPDATE is not set (git-fixes).\n- i2c: exynos5: Calculate t_scl_l, t_scl_h according to i2c spec (git-fixes).\n- i2c: i801: Add lis3lv02d for Dell Precision 3540 (git-fixes).\n- i2c: i801: Add lis3lv02d for Dell XPS 15 7590 (git-fixes).\n- i2c: i801: Use a different adapter-name for IDF adapters (stable-fixes).\n- i2c: i801: add helper i801_restore_regs (git-fixes).\n- i2c: ismt: kill transaction in hardware on timeout (git-fixes).\n- i2c: ocores: Move system PM hooks to the NOIRQ phase (git-fixes).\n- i2c: ocores: Remove #ifdef guards for PM related functions (git-fixes).\n- i2c: omap: switch to NOIRQ_SYSTEM_SLEEP_PM_OPS() and RUNTIME_PM_OPS() (git-fixes).\n- i2c: omap: wakeup the controller during suspend() callback (git-fixes).\n- i2c: rcar: properly format a debug output (git-fixes).\n- i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume (git-fixes).\n- i2c: stm32f7: perform most of irq job in threaded handler (git-fixes).\n- i2c: synquacer: Deal with optional PCLK correctly (git-fixes).\n- i2c: synquacer: Remove a clk reference from struct synquacer_i2c (stable-fixes).\n- i2c: xiic: Try re-initialization on bus busy timeout (git-fixes).\n- i2c: xiic: improve error message when transfer fails to start (stable-fixes).\n- i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() (git-fixes).\n- i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition (stable-fixes).\n- i3c: master: svc: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).\n- i40e: Fix XDP program unloading while removing the driver (git-fixes).\n- i40e: Report MFS in decimal base instead of hex (git-fixes).\n- i40e: fix race condition by adding filter\u0027s intermediate sync state (git-fixes).\n- iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call (git-fixes).\n- iavf: Fix TC config comparison with existing adapter TC config (git-fixes).\n- ice: Fix VSI list rule with ICE_SW_LKUP_LAST type (git-fixes).\n- ice: Fix checking for unsupported keys on non-tunnel device (git-fixes).\n- ice: Fix lldp packets dropping after changing the number of channels (git-fixes).\n- ice: Fix netif_is_ice() in Safe Mode (git-fixes).\n- ice: Fix package download algorithm (git-fixes).\n- ice: Fix recipe read procedure (git-fixes).\n- ice: Fix reset handler (git-fixes).\n- ice: Flush FDB entries before reset (git-fixes).\n- ice: Interpret .set_channels() input differently (git-fixes).\n- ice: Rebuild TC queues on VSI queue reconfiguration (git-fixes).\n- ice: Reject pin requests with unsupported flags (git-fixes).\n- ice: add flag to distinguish reset from .ndo_bpf in XDP rings config (git-fixes).\n- ice: add missing WRITE_ONCE when clearing ice_rx_ring::xdp_prog (git-fixes).\n- ice: avoid IRQ collision to fix init failure on ACPI S3 resume (git-fixes).\n- ice: clear port vlan config during reset (git-fixes).\n- ice: disallow DPLL_PIN_STATE_SELECTABLE for dpll output pins (git-fixes).\n- ice: do not bring the VSI up, if it was down before the XDP setup (git-fixes).\n- ice: do not busy wait for Rx queue disable in ice_qp_dis() (git-fixes).\n- ice: fix 200G PHY types to link speed mapping (git-fixes).\n- ice: fix 200G link speed message log (git-fixes).\n- ice: fix ICE_LAST_OFFSET formula (git-fixes).\n- ice: fix VLAN replay after reset (git-fixes).\n- ice: fix VSI lists confusion when adding VLANs (git-fixes).\n- ice: fix accounting for filters shared by multiple VSIs (git-fixes).\n- ice: fix accounting if a VLAN already exists (git-fixes).\n- ice: fix iteration of TLVs in Preserved Fields Area (git-fixes).\n- ice: fix page reuse when PAGE_SIZE is over 8k (git-fixes).\n- ice: fix reads from NVM Shadow RAM on E830 and E825-C devices (git-fixes).\n- ice: fix truesize operations for PAGE_SIZE \u003e= 8192 (git-fixes).\n- ice: implement AQ download pkg retry (git-fixes).\n- ice: map XDP queues to vectors in ice_vsi_map_rings_to_vectors() (git-fixes).\n- ice: remove af_xdp_zc_qps bitmap (git-fixes).\n- ice: replace synchronize_rcu with synchronize_net (git-fixes).\n- ice: respect netif readiness in AF_XDP ZC related ndo\u0027s (git-fixes).\n- ice: set correct dst VSI in only LAN filters (git-fixes).\n- ice: tc: allow zero flags in parsing tc flower (git-fixes).\n- ice: tc: check src_vsi in case of traffic from VF (git-fixes).\n- ice: use proper macro for testing bit (git-fixes).\n- idpf: Interpret .set_channels() input differently (git-fixes).\n- idpf: avoid bloating \u0026idpf_q_vector with big %NR_CPUS (git-fixes).\n- idpf: do not enable NAPI and interrupts prior to allocating Rx buffers (git-fixes).\n- idpf: do not skip over ethtool tcp-data-split setting (git-fixes).\n- idpf: fix UAFs when destroying the queues (git-fixes).\n- idpf: fix memleak in vport interrupt configuration (git-fixes).\n- idpf: fix memory leaks and crashes while performing a soft reset (git-fixes).\n- ieee802154: Fix build error (git-fixes).\n- igb: Always call igb_xdp_ring_update_tail() under Tx lock (git-fixes).\n- igb: Disable threaded IRQ for igb_msix_other (git-fixes).\n- igb: Fix not clearing TimeSync interrupts for 82580 (git-fixes).\n- igc: Fix double reset adapter triggered from a single taprio cmd (git-fixes).\n- igc: Fix packet still tx after gate close by reducing i226 MAC retry buffer (git-fixes).\n- igc: Fix qbv tx latency by setting gtxoffset (git-fixes).\n- igc: Fix qbv_config_change_errors logics (git-fixes).\n- igc: Fix reset adapter logics when tx mode change (git-fixes).\n- igc: Unlock on error in igc_io_resume() (git-fixes).\n- iio: Fix fwnode_handle in __fwnode_iio_channel_get_by_name() (git-fixes).\n- iio: accel: bma400: Fix uninitialized variable field_value in tap event handling (git-fixes).\n- iio: accel: kx022a: Fix raw read format (git-fixes).\n- iio: accel: kx022a: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).\n- iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() (git-fixes).\n- iio: adc: ad7606: Fix typo in the driver name (git-fixes).\n- iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer (git-fixes).\n- iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).\n- iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).\n- iio: adc: ti-lmp92064: add missing select REGMAP_SPI in Kconfig (git-fixes).\n- iio: amplifiers: ada4250: add missing select REGMAP_SPI in Kconfig (git-fixes).\n- iio: dac: ad3552r: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).\n- iio: dac: ad5766: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).\n- iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig (git-fixes).\n- iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig (git-fixes).\n- iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig (git-fixes).\n- iio: frequency: adf4377: add missing select REMAP_SPI in Kconfig (git-fixes).\n- iio: frequency: admv4420: fix missing select REMAP_SPI in Kconfig (git-fixes).\n- iio: gts-helper: Fix memory leaks for the error path of iio_gts_build_avail_scale_table() (git-fixes).\n- iio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table() (git-fixes).\n- iio: gts: Fix uninitialized symbol \u0027ret\u0027 (git-fixes).\n- iio: gts: fix infinite loop for gain_to_scaletables() (git-fixes).\n- iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() (git-fixes).\n- iio: light: al3010: Fix an error handling path in al3010_probe() (git-fixes).\n- iio: light: opt3001: add missing full-scale range value (git-fixes).\n- iio: light: veml6030: fix ALS sensor resolution (git-fixes).\n- iio: light: veml6030: fix IIO device retrieval from embedded device (git-fixes).\n- iio: light: veml6030: fix microlux value calculation (git-fixes).\n- iio: magnetometer: ak8975: Convert enum-\u003epointer for data in the match tables (stable-fixes).\n- iio: magnetometer: ak8975: Fix \u0027Unexpected device\u0027 error (git-fixes).\n- iio: magnetometer: ak8975: drop incorrect AK09116 compatible (git-fixes).\n- iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).\n- ima: fix buffer overrun in ima_eventdigest_init_common (git-fixes).\n- initramfs: avoid filename buffer overrun (bsc#1232436).\n- intel_idle: add Granite Rapids Xeon support (bsc#1231630).\n- intel_idle: fix ACPI _CST matching for newer Xeon platforms (bsc#1231630).\n- io_uring/eventfd: move to more idiomatic RCU free usage (git-fixes).\n- io_uring/io-wq: do not allow pinning outside of cpuset (git-fixes).\n- io_uring/io-wq: inherit cpuset of cgroup in io worker (git-fixes).\n- io_uring/net: harden multishot termination case for recv (git-fixes).\n- io_uring/rw: fix cflags posting for single issue multishot read (git-fixes).\n- io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (git-fixes).\n- io_uring/rw: treat -EOPNOTSUPP for IOCB_NOWAIT like -EAGAIN (git-fixes).\n- io_uring/sqpoll: close race on waiting for sqring entries (git-fixes).\n- io_uring/sqpoll: do not allow pinning outside of cpuset (git-fixes).\n- io_uring/sqpoll: do not put cpumask on stack (git-fixes).\n- io_uring/sqpoll: retain test for whether the CPU is valid (git-fixes).\n- io_uring: check for presence of task_work rather than TIF_NOTIFY_SIGNAL (git-fixes).\n- iommu/amd: Allocate the page table root using GFP_KERNEL (git-fixes).\n- iommu/amd: Do not set the D bit on AMD v2 table entries (git-fixes).\n- iommu/amd: Fix typo of , instead of ; (git-fixes).\n- iommu/vt-d: Always reserve a domain ID for identity setup (git-fixes).\n- iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices (git-fixes).\n- iommufd: Check the domain owner of the parent before creating a nesting domain (git-fixes).\n- iommufd: Protect against overflow of ALIGN() during iova allocation (git-fixes).\n- irqchip/gic-v3-its: Avoid explicit cpumask allocation on stack (git-fixes).\n- jbd2: Move j_transaction_overhead_buffers into a hole (bsc#1234042).\n- jbd2: avoid infinite transaction commit loop (bsc#1234039).\n- jbd2: avoid memleak in jbd2_journal_write_metadata_buffer (bsc#1234043).\n- jbd2: avoid mount failed when commit block is partial submitted (bsc#1234040).\n- jbd2: correct the printing of write_flags in jbd2_write_superblock() (bsc#1234045).\n- jbd2: correctly compare tids with tid_geq function in jbd2_fc_begin_commit (bsc#1231638).\n- jbd2: fix kernel-doc for j_transaction_overhead_buffers (bsc#1234042).\n- jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev (bsc#1234044).\n- jbd2: fix soft lockup in journal_finish_inode_data_buffers() (bsc#1234046).\n- jbd2: make jbd2_journal_get_max_txn_bufs() internal (bsc#1234041).\n- jbd2: precompute number of transaction descriptor blocks (bsc#1234042).\n- jfs: Fix sanity check in dbMount (git-fixes).\n- jfs: Fix uaf in dbFreeBits (git-fixes).\n- jfs: Fix uninit-value access of new_ea in ea_buffer (git-fixes).\n- jfs: UBSAN: shift-out-of-bounds in dbFindBits (git-fixes).\n- jfs: check if leafidx greater than num leaves per dmap tree (git-fixes).\n- jump_label: Fix static_key_slow_dec() yet again (git-fixes).\n- kABI fix of VM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC) (git-fixes).\n- kABI workaround for ASoC SOF (bsc#1233305).\n- kABI: Restore exported __arm_smccc_sve_check (git-fixes)\n- kABI: bpf: enum bpf_{type_flag,arg_type} kABI workaround (git-fixes).\n- kABI: bpf: struct bpf_insn_acces_aux kABI workaround (git-fixes).\n- kabi, mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling (git-fixes kabi).\n- kasan: Fix Software Tag-Based KASAN with GCC (git-fixes).\n- kasan: move checks to do_strncpy_from_user (git-fixes).\n- kbuild, bpf: Use test-ge check for v1.25-only pahole (bsc#1230414 bsc#1229450).\n- kbuild,bpf: Add module-specific pahole flags for distilled base BTF (bsc#1230414 bsc#1229450).\n- kbuild,bpf: Switch to using --btf_features for pahole v1.26 and later (bsc#1230414 bsc#1229450).\n- kbuild: avoid too many execution of scripts/pahole-flags.sh (bsc#1230414 bsc#1229450).\n- kbuild: bpf: Tell pahole to DECL_TAG kfuncs (bsc#1230414 bsc#1229450).\n- kconfig: qconf: fix buffer overflow in debug links (git-fixes).\n- kernel-binary: Enable livepatch package only when livepatch is enabled Otherwise the filelist may be empty failing the build (bsc#1218644).\n- kexec_file: fix elfcorehdr digest exclusion when CONFIG_CRASH_HOTPLUG=y (git-fixes).\n- keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry (git-fixes).\n- keys: Fix overwrite of key expiration on instantiation (git-fixes).\n- kthread: unpark only parked kthread (git-fixes).\n- leds: lp55xx: Remove redundant test for invalid channel number (git-fixes).\n- lib/xarray: introduce a new helper xas_get_order (bsc#1231617).\n- lib: string_helpers: silence snprintf() output truncation warning (git-fixes).\n- mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING (git-fixes).\n- macsec: do not increment counters for an unrelated SA (git-fixes).\n- mailbox: arm_mhuv2: clean up loop in get_irq_chan_comb() (git-fixes).\n- maple_tree: correct tree corruption on spanning store (git-fixes).\n- maple_tree: fix alloc node fail issue (git-fixes).\n- maple_tree: refine mas_store_root() on storing NULL (git-fixes).\n- media: Drop the previous HD-audio TAS2781 fix (bsc#1230132)\n- media: adv7604: prevent underflow condition when reporting colorspace (git-fixes).\n- media: amphion: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).\n- media: amphion: Set video drvdata before register video device (git-fixes).\n- media: ar0521: do not overflow when checking PLL values (git-fixes).\n- media: atomisp: Add check for rgby_data memory allocation failure (git-fixes).\n- media: bttv: use audio defaults for winfast2000 (git-fixes).\n- media: core: v4l2-ioctl: check if ioctl is known to avoid NULL name (git-fixes).\n- media: cx24116: prevent overflows on SNR calculus (git-fixes).\n- media: dvb_frontend: do not play tricks with underflow values (git-fixes).\n- media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set (stable-fixes).\n- media: dvbdev: prevent the risk of out of memory access (git-fixes).\n- media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate() (git-fixes).\n- media: i2c: dw9768: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).\n- media: i2c: imx335: Enable regulator supplies (stable-fixes).\n- media: i2c: tc358743: Fix crash in the probe error path when using polling (git-fixes).\n- media: imx-jpeg: Ensure power suppliers be suspended before detach them (git-fixes).\n- media: imx-jpeg: Set video drvdata before register video device (git-fixes).\n- media: imx335: Fix reset-gpio handling (git-fixes).\n- media: mantis: remove orphan mantis_core.h (git-fixes).\n- media: mtk-jpeg: Fix null-ptr-deref during unload module (git-fixes).\n- media: pci: ipu3-cio2: Initialise timing struct to avoid a compiler warning (git-fixes).\n- media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() (git-fixes).\n- media: platform: exynos4-is: Fix an OF node reference leak in fimc_md_is_isp_available (git-fixes).\n- media: pulse8-cec: fix data timestamp at pulse8_setup() (git-fixes).\n- media: s5p-jpeg: prevent buffer overflows (git-fixes).\n- media: stb0899_algo: initialize cfr before using it (git-fixes).\n- media: ts2020: fix null-ptr-deref in ts2020_probe() (git-fixes).\n- media: uvcvideo: Require entities to have a non-zero unique ID (git-fixes).\n- media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (git-fixes).\n- media: uvcvideo: Stop stream during unregister (git-fixes).\n- media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl() (git-fixes).\n- media: v4l2-tpg: prevent the risk of a division by zero (git-fixes).\n- media: vb2: Fix comment (git-fixes).\n- media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).\n- media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() (stable-fixes).\n- media: videobuf2: fix typo: vb2_dbuf -\u003e vb2_qbuf (git-fixes).\n- media: wl128x: Fix atomicity violation in fmc_send_cmd() (git-fixes).\n- mei: use kvmalloc for read buffer (git-fixes).\n- mfd: intel_soc_pmic_chtwc: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes).\n- mfd: rt5033: Fix missing regmap_del_irq_chip() (git-fixes).\n- mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race (git-fixes).\n- minmax: avoid overly complex min()/max() macro arguments in xen (git-fixes).\n- minmax: scsi: fix mis-use of \u0027clamp()\u0027 in sr.c (git-fixes).\n- misc: apds990x: Fix missing pm_runtime_disable() (git-fixes).\n- mlx5: avoid truncating error message (git-fixes).\n- mlx5: stop warning for 64KB pages (git-fixes).\n- mlxbf_gige: disable RX filters until RX path initialized (git-fixes).\n- mm/filemap: optimize filemap folio adding (bsc#1231617).\n- mm/filemap: return early if failed to allocate memory for split (bsc#1231617).\n- mm/hugetlb: fix nodes huge page allocation when there are surplus pages (bsc#1234012).\n- mm: avoid unsafe VMA hook invocation when error arises on mmap hook (git-fixes).\n- mm: khugepaged: fix the arguments order in khugepaged_collapse_file trace point (git-fixes).\n- mm: mmap: no need to call khugepaged_enter_vma() for stack (jsc#PED-10978).\n- mm: move dummy_vm_ops out of a header (git-fixes prerequisity).\n- mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling (git-fixes).\n- mm: refactor map_deny_write_exec() (git-fixes).\n- mm: resolve faulty mmap_region() error path behaviour (git-fixes).\n- mm: unconditionally close VMAs on error (git-fixes).\n- mmc: core: Further prevent card detect during shutdown (git-fixes).\n- mmc: mmc_spi: drop buggy snprintf() (git-fixes).\n- mmc: sunxi-mmc: Fix A100 compatible description (git-fixes).\n- modpost: fix acpi MODULE_DEVICE_TABLE built with mismatched endianness (git-fixes).\n- modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host (git-fixes).\n- modpost: remove incorrect code in do_eisa_entry() (git-fixes).\n- module: abort module loading when sysfs setup suffer errors (git-fixes).\n- mtd: rawnand: atmel: Fix possible memory leak (git-fixes).\n- mtd: spi-nor: core: replace dummy buswidth from addr to data (git-fixes).\n- nbd: fix race between timeout and normal completion (bsc#1230918).\n- net/mlx5: Add missing masks and QoS bit masks for scheduling elements (git-fixes).\n- net/mlx5: Added cond_resched() to crdump collection (git-fixes).\n- net/mlx5: Check capability for fw_reset (git-fixes).\n- net/mlx5: Check for invalid vector index on EQ creation (git-fixes).\n- net/mlx5: Explicitly set scheduling element and TSAR type (git-fixes).\n- net/mlx5: Fix command bitmask initialization (git-fixes).\n- net/mlx5: Fix error handling in irq_pool_request_irq (git-fixes).\n- net/mlx5: Lag, do bond only if slaves agree on roce state (git-fixes).\n- net/mlx5: Lag, do not use the hardcoded value of the first port (git-fixes).\n- net/mlx5: Stop waiting for PCI if pci channel is offline (git-fixes).\n- net/mlx5: Unregister notifier on eswitch init failure (git-fixes).\n- net/mlx5: Update the list of the PCI supported devices (git-fixes).\n- net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys (git-fixes).\n- net/mlx5e: Add missing link mode to ptys2ext_ethtool_map (git-fixes).\n- net/mlx5e: Add missing link modes to ptys2ethtool_map (git-fixes).\n- net/mlx5e: Add mqprio_rl cleanup and free in mlx5e_priv_cleanup() (git-fixes).\n- net/mlx5e: Correctly report errors for ethtool rx flows (git-fixes).\n- net/mlx5e: Do not call cleanup on profile rollback failure (git-fixes).\n- net/mlx5e: Fix IPsec tunnel mode offload feature check (git-fixes).\n- net/mlx5e: Fix UDP GSO for encapsulated packets (git-fixes).\n- net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets (git-fixes).\n- net/mlx5e: Require mlx5 tc classifier action support for IPsec prio capability (git-fixes).\n- net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion (git-fixes).\n- net: mana: Implement get_ringparam/set_ringparam for mana (bsc#1229891).\n- net: mana: Improve mana_set_channels() in low mem conditions (bsc#1230289).\n- net: mdio-ipq4019: add missing error check (git-fixes).\n- net: phy: Remove LED entry from LEDs list on unregister (git-fixes).\n- net: phy: bcm84881: Fix some error handling paths (git-fixes).\n- net: phy: dp83822: Fix reset pin definitions (git-fixes).\n- net: phy: dp83869: fix memory corruption when enabling fiber (git-fixes).\n- net: phy: ti: add PHY_RST_AFTER_CLK_EN flag (git-fixes).\n- net: qede: sanitize \u0027rc\u0027 in qede_add_tc_flower_fltr() (git-fixes).\n- net: qede: use return from qede_parse_actions() (git-fixes).\n- net: qede: use return from qede_parse_flow_attr() for flow_spec (git-fixes).\n- net: qede: use return from qede_parse_flow_attr() for flower (git-fixes).\n- net: relax socket state check at accept time (git-fixes).\n- net: stmmac: dwmac-tegra: Fix link bring-up sequence (git-fixes)\n- net: sysfs: Fix /sys/class/net/\u0026lt;iface\u003e path for statistics (git-fixes).\n- net: test for not too small csum_start in virtio_net_hdr_to_skb() (git-fixes).\n- net: usb: lan78xx: Fix double free issue with interrupt buffer allocation (git-fixes).\n- net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device (git-fixes).\n- net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration (git-fixes).\n- net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition (stable-fixes).\n- net: usb: usbnet: fix name regression (get-fixes).\n- net: usb: usbnet: fix race in probe failure (git-fixes).\n- net: wwan: fix global oob in wwan_rtnl_policy (git-fixes).\n- net: wwan: t7xx: Fix off-by-one error in t7xx_dpmaif_rx_buf_alloc() (git-fixes).\n- net: xfrm: preserve kabi for xfrm_state (bsc#1233754).\n- netdevsim: copy addresses for both in and out paths (git-fixes).\n- netdevsim: use cond_resched() in nsim_dev_trap_report_work() (git-fixes).\n- netfilter: nf_tables: missing iterator type in lookup walk (git-fixes).\n- nfs: Fix KMSAN warning in decode_getfattr_attrs() (git-fixes).\n- nfs: avoid i_lock contention in nfs_clear_invalid_mapping (git-fixes).\n- nfs: fix memory leak in error path of nfs4_do_reclaim (git-fixes).\n- nfsd: call cache_put if xdr_reserve_space returns NULL (git-fixes).\n- nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net (git-fixes).\n- nfsd: fix delegation_blocked() to block correctly for at least 30 seconds (git-fixes).\n- nfsd: fix refcount leak when file is unhashed after being found (git-fixes).\n- nfsd: map the EBADMSG to nfserr_io to avoid warning (git-fixes).\n- nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire (git-fixes).\n- nfsd: remove unsafe BUG_ON from set_change_info (bsc#1234121).\n- nfsd: return -EINVAL when namelen is 0 (git-fixes).\n- nilfs2: fix kernel bug due to missing clearing of buffer delay flag (git-fixes).\n- nilfs2: fix potential deadlock with newly created symlinks (git-fixes).\n- nouveau/dmem: Fix privileged error in copy engine channel (git-fixes).\n- nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error (git-fixes).\n- nouveau/dp: handle retries for AUX CH transfers with GSP (git-fixes).\n- nouveau/gsp: Avoid addressing beyond end of rpc-\u003eentries (stable-fixes).\n- nouveau: fw: sync dma after setup is called (git-fixes).\n- nouveau: handle EBUSY and EAGAIN for GSP aux errors (git-fixes).\n- ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).\n- ntfs3: Add bounds checking to mi_enum_attr() (bsc#1233207)\n- nvme-fabrics: fix kernel crash while shutting down controller (git-fixes).\n- nvme-loop: flush off pending I/O while shutting down loop controller (git-fixes).\n- nvme-multipath: suppress partition scan until the disk is ready (bsc#1228244).\n- nvme-pci: fix freeing of the HMB descriptor table (git-fixes).\n- nvme-pci: fix race condition between reset and nvme_dev_disable() (git-fixes).\n- nvme-pci: qdepth 1 quirk (git-fixes).\n- nvme-pci: reverse request order in nvme_queue_rqs (git-fixes).\n- nvme-pci: set doorbell config before unquiescing (git-fixes).\n- nvme/host: Fix RCU list traversal to use SRCU primitive (git-fixes).\n- nvme: disable CC.CRIME (NVME_CC_CRIME) (jsc#PED-9901).\n- nvme: null terminate nvme_tls_attrs (git-fixes).\n- nvme: re-fix error-handling for io_uring nvme-passthrough (git-fixes).\n- nvme: tcp: avoid race between queue_lock lock and destroy (git-fixes).\n- nvmet-auth: assign dh_key to NULL after kfree_sensitive (git-fixes).\n- ocfs2: Drop OCFS2 patch causing a regression (bsc#1233255)\n- ocfs2: fix UBSAN warning in ocfs2_verify_volume() (git-fixes).\n- ocfs2: fix the la space leak when unmounting an ocfs2 volume (git-fixes).\n- ocfs2: fix uninit-value in ocfs2_get_block() (git-fixes).\n- ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow (git-fixes).\n- ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() (git-fixes).\n- ocfs2: uncache inode which has failed entering the group (git-fixes).\n- of: Add cleanup.h based auto release via __free(device_node) markings (bsc#1232386)\n- parport: Proper fix for array out-of-bounds access (git-fixes).\n- phy: freescale: imx8m-pcie: Do CMN_RST just before PHY PLL lock check (git-fixes).\n- phy: qcom: qmp-combo: move driver data initialisation earlier (git-fixes).\n- phy: qcom: qmp-usb: fix NULL-deref on runtime suspend (git-fixes).\n- phy: tegra: xusb: Add error pointer check in xusb.c (git-fixes).\n- phy: ti: phy-j721e-wiz: fix usxgmii configuration (git-fixes).\n- pinctrl: apple: check devm_kasprintf() returned value (git-fixes).\n- pinctrl: k210: Undef K210_PC_DEFAULT (git-fixes).\n- pinctrl: ocelot: fix system hang on level based interrupts (stable-fixes).\n- pinctrl: qcom: spmi: fix debugfs drive strength (git-fixes).\n- pinctrl: zynqmp: drop excess struct member description (git-fixes).\n- platform/chrome: cros_ec_typec: fix missing fwnode reference decrement (git-fixes).\n- platform/x86/amd/pmc: Detect when STB is not available (git-fixes).\n- platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug (git-fixes).\n- platform/x86: dell-sysman: add support for alienware products (stable-fixes).\n- platform/x86: dell-wmi: Ignore suspend notifications (stable-fixes).\n- platform/x86: lenovo-ymc: Ignore the 0x0 state (stable-fixes).\n- platform/x86: panasonic-laptop: Return errno correctly in show callback (git-fixes).\n- platform/x86: touchscreen_dmi: add nanote-next quirk (stable-fixes).\n- posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone (bsc#1234098).\n- power: reset: brcmstb: Do not go into infinite loop if reset fails (stable-fixes).\n- power: supply: bq27xxx: Fix registers of bq27426 (git-fixes).\n- power: supply: core: Remove might_sleep() from power_supply_put() (git-fixes).\n- power: supply: rt9471: Fix wrong WDT function regfield declaration (git-fixes).\n- power: supply: rt9471: Use IC status regfield to report real charger status (git-fixes).\n- powercap: intel_rapl: Fix off by one in get_rpi() (git-fixes).\n- powerpc/64: Convert patch_instruction() to patch_u32() (bsc#1194869).\n- powerpc/64s: Fix unnecessary copy to 0 when kernel is booted at address 0 (bsc#1215199).\n- powerpc/atomic: Use YZ constraints for DS-form instructions (bsc#1194869).\n- powerpc/boot: Handle allocation failure in simple_realloc() (bsc#1194869).\n- powerpc/boot: Only free if realloc() succeeds (bsc#1194869).\n- powerpc/code-patching: Add generic memory patching (bsc#1194869).\n- powerpc/code-patching: Perform hwsync in __patch_instruction() in case of failure (bsc#1194869).\n- powerpc/crypto: do not build aes-gcm-p10 by default (bsc#1230501 ltc#208632).\n- powerpc/crypto: fix missing skcipher dependency for aes-gcm-p10 (bsc#1230501 ltc#208632).\n- powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init() (bsc#1215199).\n- powerpc/fadump: Refactor and prepare fadump_cma_init for late init (bsc#1215199).\n- powerpc/kexec: Fix return of uninitialized variable (bsc#1194869).\n- powerpc/mm/fault: Fix kfence page fault reporting (bsc#1194869).\n- powerpc/mm: Fix boot crash with FLATMEM (bsc#1194869).\n- powerpc/mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL (bsc#1194869).\n- powerpc/powernv: Free name on error in opal_event_init() (bsc#1194869).\n- powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector (bsc#1194869).\n- powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore (bsc#1194869).\n- powerpc/pseries: Use correct data types from pseries_hp_errorlog struct (bsc#1215199).\n- powerpc/vdso: Fix VDSO data access when running in a non-root time namespace (bsc#1194869).\n- powerpc/vdso: Inconditionally use CFUNC macro (bsc#1215199).\n- powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu (bsc#1194869).\n- powerpc/xmon: Fix disassembly CPU feature checks (bsc#1065729).\n- printk: Add notation to console_srcu locking (bsc#1232183).\n- pwm: imx-tpm: Use correct MODULO value for EPWM mode (git-fixes).\n- qed: avoid truncating work queue length (git-fixes).\n- rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow (bsc#1226631).\n- rcu: Fix buffer overflow in print_cpu_stall_info() (bsc#1226623).\n- regmap: detach regmap from dev on regmap_exit (git-fixes).\n- regmap: irq: Set lockdep class for hierarchical IRQ domains (git-fixes).\n- rpm/check-for-config-changes: add HAVE_RUST and RUSTC_SUPPORTS_ to IGNORED_CONFIGS_RE They depend on SHADOW_CALL_STACK.\n- rpm/release-projects: Add SLFO projects (bsc#1231293).\n- rpm/scripts: Remove obsolete Symbols.list Symbols.list is not longer needed by the new klp-convert implementation. (bsc#1218644)\n- rpmsg: glink: Handle rejected intent request better (git-fixes).\n- rtc: ab-eoz9: do not fail temperature reads on undervoltage notification (git-fixes).\n- rtc: abx80x: Fix WDT bit position of the status register (git-fixes).\n- rtc: bbnsm: add remove hook (git-fixes).\n- rtc: check if __rtc_read_time was successful in rtc_timer_do_work() (git-fixes).\n- rtc: rzn1: fix BCD to rtc_time conversion errors (git-fixes).\n- rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).\n- runtime constants: add default dummy infrastructure (git-fixes).\n- runtime constants: add x86 architecture support (git-fixes).\n- s390/mm: Add cond_resched() to cmm_alloc/free_pages() (bsc#1228747).\n- s390/pci: Handle PCI error codes other than 0x3a (git-fixes bsc#1232629).\n- s390/sclp: Deactivate sclp after all its users (git-fixes bsc#1232628).\n- s390/sclp_vt220: Convert newlines to CRLF instead of LFCR (git-fixes bsc#1232627).\n- scsi: NCR5380: Check for phase match during PDMA fixup (git-fixes).\n- scsi: NCR5380: Initialize buffer for MSG IN and STATUS transfers (git-fixes).\n- scsi: Remove scsi device no_start_on_resume flag (git-fixes).\n- scsi: aacraid: Rearrange order of struct aac_srb_unit (git-fixes).\n- scsi: cdrom: kABI: fix cdrom_dev_ops change (git-fixes).\n- scsi: core: Disable CDL by default (git-fixes).\n- scsi: core: Fix handling of SCMD_FAIL_IF_RECOVERING (git-fixes).\n- scsi: core: Fix the return value of scsi_logical_block_count() (git-fixes).\n- scsi: core: Handle devices which return an unusually large VPD page count (git-fixes).\n- scsi: core: alua: I/O errors for ALUA state transitions (git-fixes).\n- scsi: fnic: Move flush_work initialization out of if block (bsc#1230055).\n- scsi: hisi_sas: Handle the NCQ error returned by D2H frame (git-fixes).\n- scsi: hpsa: Fix allocation size for Scsi_Host private data (git-fixes).\n- scsi: kABI: restore no_start_on_resume to scsi_device (git-fixes).\n- scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed (git-fixes).\n- scsi: libsas: Fix the failure of adding phy with zero-address to port (git-fixes).\n- scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in lpfc_els_flush_cmd() (bsc#1232757).\n- scsi: lpfc: Add cleanup of nvmels_wq after HBA reset (bsc#1233241 jsc#PED-9943).\n- scsi: lpfc: Call lpfc_sli4_queue_unset() in restart and rmmod paths (bsc#1233241 jsc#PED-9943).\n- scsi: lpfc: Change lpfc_nodelist nlp_flag member into a bitmask (bsc#1233241 jsc#PED-9943).\n- scsi: lpfc: Check SLI_ACTIVE flag in FDMI cmpl before submitting follow up FDMI (bsc#1233241 jsc#PED-9943).\n- scsi: lpfc: Check devloss callbk done flag for potential stale NDLP ptrs (bsc#1233241 jsc#PED-9943).\n- scsi: lpfc: Copyright updates for 14.4.0.6 patches (bsc#1233241 jsc#PED-9943).\n- scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance (bsc#1232757).\n- scsi: lpfc: Fix kref imbalance on fabric ndlps from dev_loss_tmo handler (bsc#1232757).\n- scsi: lpfc: Modify CGN warning signal calculation based on EDC response (bsc#1233241 jsc#PED-9943).\n- scsi: lpfc: Prevent NDLP reference count underflow in dev_loss_tmo callback (bsc#1233241 jsc#PED-9943).\n- scsi: lpfc: Remove NLP_RELEASE_RPI flag from nodelist structure (bsc#1233241 jsc#PED-9943).\n- scsi: lpfc: Remove trailing space after \\n newline (bsc#1232757).\n- scsi: lpfc: Restrict support for 32 byte CDBs to specific HBAs (bsc#1232757 bsc#1228119).\n- scsi: lpfc: Revise TRACE_EVENT log flag severities from KERN_ERR to KERN_WARNING (bsc#1232757).\n- scsi: lpfc: Support loopback tests with VMID enabled (bsc#1232757).\n- scsi: lpfc: Update lpfc version to 14.4.0.5 (bsc#1232757).\n- scsi: lpfc: Update lpfc version to 14.4.0.6 (bsc#1233241 jsc#PED-9943).\n- scsi: lpfc: Update lpfc_els_flush_cmd() to check for SLI_ACTIVE before BSG flag (bsc#1233241 jsc#PED-9943).\n- scsi: lpfc: Update phba link state conditional before sending CMF_SYNC_WQE (bsc#1232757).\n- scsi: mac_scsi: Disallow bus errors during PDMA send (git-fixes).\n- scsi: mac_scsi: Refactor polling loop (git-fixes).\n- scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages (git-fixes).\n- scsi: mpi3mr: Avoid IOMMU page faults on REPORT ZONES (git-fixes).\n- scsi: mpi3mr: Avoid memcpy field-spanning write WARNING (git-fixes).\n- scsi: mpi3mr: Avoid possible run-time warning with long manufacturer strings (git-fixes).\n- scsi: mpi3mr: Fix ATA NCQ priority support (git-fixes).\n- scsi: mpi3mr: Validate SAS port assignments (git-fixes).\n- scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES (git-fixes).\n- scsi: pm8001: Do not overwrite PCI queue mapping (git-fixes).\n- scsi: pm80xx: Set phy-\u003eenable_completion only when we wait for it (git-fixes).\n- scsi: qedf: Set qed_slowpath_params to zero before use (git-fixes).\n- scsi: scsi_transport_fc: Allow setting rport state to current state (git-fixes).\n- scsi: sd: Ignore command SYNCHRONIZE CACHE error if format in progress (git-fixes).\n- scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer (git-fixes).\n- scsi: smartpqi: correct stream detection (git-fixes).\n- scsi: smartpqi: revert propagate-the-multipath-failure-to-SML-quickly (git-fixes).\n- scsi: spi: Fix sshdr use (git-fixes).\n- scsi: sr: Fix unintentional arithmetic wraparound (git-fixes).\n- scsi: wd33c93: Do not use stale scsi_pointer value (git-fixes).\n- security/keys: fix slab-out-of-bounds in key_task_permission (git-fixes).\n- selftests/bpf: Add a test case to write mtu result into .rodata (git-fixes).\n- selftests/bpf: Add a test case to write strtol result into .rodata (git-fixes).\n- selftests/bpf: Add test for sign extension in coerce_subreg_to_size_sx() (git-fixes).\n- selftests/bpf: Add test for truncation after sign extension in coerce_reg_to_size_sx() (git-fixes).\n- selftests/bpf: Add tests for ldsx of pkt data/data_end/data_meta accesses (git-fixes).\n- selftests/bpf: Fix ARG_PTR_TO_LONG {half-,}uninitialized test (git-fixes).\n- selftests/bpf: Rename ARG_PTR_TO_LONG test description (git-fixes).\n- selftests/bpf: test for malformed BPF_CORE_TYPE_ID_LOCAL relocation (git-fixes).\n- serial: 8250: omap: Move pm_runtime_get_sync (git-fixes).\n- serial: imx: Update mctrl old_status on RTSD interrupt (git-fixes).\n- serial: protect uart_port_dtr_rts() in uart_shutdown() too (stable-fixes).\n- signal: Replace BUG_ON()s (bsc#1234093).\n- soc: fsl: rcpm: fix missing of_node_put() in copy_ippdexpcr1_setting() (git-fixes).\n- soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() (git-fixes).\n- soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).\n- soundwire: intel_bus_common: enable interrupts before exiting reset (stable-fixes).\n- spi: Fix acpi deferred irq probe (git-fixes).\n- spi: atmel-quadspi: Fix register name in verbose logging function (git-fixes).\n- spi: atmel-quadspi: Fix wrong register value written to MR (git-fixes).\n- spi: mpc52xx: Add cancel_work_sync before module remove (git-fixes).\n- spi: mtk-snfi: fix kerneldoc for mtk_snand_is_page_ops() (git-fixes).\n- spi: s3c64xx: fix timeout counters in flush_fifo (git-fixes).\n- spi: spi-fsl-dspi: Fix crash when not using GPIO chip select (git-fixes).\n- spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).\n- spi: tegra210-quad: Avoid shift-out-of-bounds (git-fixes).\n- splice: always fsnotify_access(in), fsnotify_modify(out) on success (git-fixes).\n- splice: fsnotify_access(fd)/fsnotify_modify(fd) in vmsplice (git-fixes).\n- splice: fsnotify_access(in), fsnotify_modify(out) on success in tee (git-fixes).\n- srcu: Fix callbacks acceleration mishandling (git-fixes).\n- staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() (git-fixes).\n- sumversion: Fix a memory leak in get_src_version() (git-fixes).\n- supported.conf: mark nhpoly1305 module as supported (bsc#1231035).\n- supported.conf: mark ultravisor userspace access as supported (bsc#1232090).\n- task_work: add kerneldoc annotation for \u0027data\u0027 argument (git-fixes).\n- tcp: Fix refcnt handling in __inet_hash_connect() (git-fixes).\n- thermal: core: Initialize thermal zones before registering them (git-fixes).\n- thermal: int3400: Fix reading of current_uuid for active policy (git-fixes).\n- thermal: intel: int340x: processor: Fix warning during module unload (git-fixes).\n- thunderbolt: Honor TMU requirements in the domain when setting TMU mode (stable-fixes).\n- thunderbolt: Improve DisplayPort tunnel setup process to be more robust (stable-fixes).\n- tools/lib/thermal: Fix sampling handler context ptr (git-fixes).\n- tools/power turbostat: Fix trailing \u0027\\n\u0027 parsing (git-fixes).\n- tools/power turbostat: Increase the limit for fd opened (bsc#1233119).\n- tools: hv: rm .*.cmd when make clean (git-fixes).\n- tpm: Lock TPM chip in tpm_pm_suspend() first (bsc#1082555 git-fixes).\n- tpm: fix signed/unsigned bug when checking event logs (git-fixes).\n- tracing/hwlat: Fix a race during cpuhp processing (git-fixes).\n- tracing/osnoise: Fix build when timerlat is not enabled (git-fixes).\n- tracing/osnoise: Skip running osnoise if all instances are off (git-fixes).\n- tracing/osnoise: Switch from PF_NO_SETAFFINITY to migrate_disable (git-fixes).\n- tracing/osnoise: Use a cpumask to know what threads are kthreads (git-fixes).\n- tracing/timerlat: Add interface_lock around clearing of kthread in stop_kthread() (git-fixes).\n- tracing/timerlat: Add user-space interface (git-fixes).\n- tracing/timerlat: Drop interface_lock in stop_kthread() (git-fixes).\n- tracing/timerlat: Fix a race during cpuhp processing (git-fixes).\n- tracing/timerlat: Fix duplicated kthread creation due to CPU online/offline (git-fixes).\n- tracing/timerlat: Move hrtimer_init to timerlat_fd open() (git-fixes).\n- tracing/timerlat: Only clear timer if a kthread exists (git-fixes).\n- tracing: Consider the NULL character when validating the event length (git-fixes).\n- tty: ldsic: fix tty_ldisc_autoload sysctl\u0027s proc_handler (git-fixes).\n- tty: n_gsm: Fix use-after-free in gsm_cleanup_mux (stable-fixes).\n- u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file (git-fixes).\n- ubifs: Fix adding orphan entry twice for the same inode (git-fixes).\n- ubifs: Fix unattached xattr inode if powercut happens after deleting (git-fixes).\n- ubifs: add check for crypto_shash_tfm_digest (git-fixes).\n- ubifs: dbg_orphan_check: Fix missed key type checking (git-fixes).\n- ucounts: fix counter leak in inc_rlimit_get_ucounts() (bsc#1233460).\n- unicode: Do not special case ignorable code points (stable-fixes).\n- unicode: Fix utf8_load() error path (git-fixes).\n- uprobe: avoid out-of-bounds memory access of fetching args (git-fixes).\n- uprobes: encapsulate preparation of uprobe args buffer (git-fixes).\n- uprobes: introduce the global struct vm_special_mapping xol_mapping (bsc#1231114).\n- uprobes: turn xol_area-\u003epages into xol_area-\u003epage (bsc#1231114).\n- usb: chipidea: udc: enable suspend interrupt after usb reset (stable-fixes).\n- usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the Crashkernel Scenario (stable-fixes).\n- usb: dwc3: Wait for EndXfer completion before restoring GUSB2PHYCFG (git-fixes).\n- usb: dwc3: core: Stop processing of pending events if controller is halted (git-fixes).\n- usb: dwc3: gadget: Add missing check for single port RAM in TxFIFO resizing logic (git-fixes).\n- usb: dwc3: gadget: Fix checking for number of TRBs left (git-fixes).\n- usb: dwc3: gadget: Fix looping of queued SG entries (git-fixes).\n- usb: ehci-spear: fix call balance of sehci clk handling routines (git-fixes).\n- usb: gadget: core: force synchronous registration (git-fixes).\n- usb: gadget: dummy_hcd: Set transfer interval to 1 microframe (stable-fixes).\n- usb: gadget: dummy_hcd: Switch to hrtimer transfer scheduler (stable-fixes).\n- usb: gadget: dummy_hcd: execute hrtimer callback in softirq context (git-fixes).\n- usb: gadget: f_uac2: Replace snprintf() with the safer scnprintf() variant (stable-fixes).\n- usb: gadget: f_uac2: fix non-newline-terminated function name (stable-fixes).\n- usb: gadget: f_uac2: fix return value for UAC2_ATTRIBUTE_STRING store (git-fixes).\n- usb: musb: Fix hardware lockup on first Rx endpoint request (git-fixes).\n- usb: musb: sunxi: Fix accessing an released usb phy (git-fixes).\n- usb: phy: Fix API devm_usb_put_phy() can not release the phy (git-fixes).\n- usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip (stable-fixes).\n- usb: typec: altmode should keep reference to parent (git-fixes).\n- usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() (git-fixes).\n- usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes() (git-fixes).\n- usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() (git-fixes).\n- usb: xhci: Fix TD invalidation under pending Set TR Dequeue (git-fixes).\n- usb: xhci: Fix problem with xhci resume from suspend (stable-fixes).\n- usb: xhci: fix loss of data on Cadence xHC (git-fixes).\n- usb: yurex: make waiting on yurex_write interruptible (git-fixes).\n- usbip: tools: Fix detach_port() invalid port error path (git-fixes).\n- usbnet: fix cyclical race on disconnect with work queue (git-fixes).\n- vdpa: Fix an error handling path in eni_vdpa_probe() (git-fixes).\n- vdpa_sim_blk: Fix the potential leak of mgmt_dev (git-fixes).\n- vdpa_sim_blk: allocate the buffer zeroed (git-fixes).\n- vduse: avoid using __GFP_NOFAIL (git-fixes).\n- vfs: dcache: move hashlen_hash() from callers into d_hash() (git-fixes).\n- vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (git-fixes).\n- vhost_vdpa: assign irq bypass producer token correctly (git-fixes).\n- virtio_console: fix misc probe bugs (git-fixes).\n- vmalloc: modify the alloc_vmap_area() error message for better diagnostics (jsc#PED-10978).\n- vmxnet3: Add XDP support (bsc#1226498).\n- vmxnet3: Fix missing reserved tailroom (bsc#1226498).\n- vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame (bsc#1226498).\n- vmxnet3: add command to allow disabling of offloads (bsc#1226498).\n- vmxnet3: add latency measurement support in vmxnet3 (bsc#1226498).\n- vmxnet3: prepare for version 9 changes (bsc#1226498).\n- vmxnet3: update to version 9 (bsc#1226498).\n- vsock: Update msg_count on read_skb() (git-fixes).\n- vt: prevent kernel-infoleak in con_font_get() (git-fixes).\n- watchdog: apple: Actually flush writes after requesting watchdog restart (git-fixes).\n- watchdog: mediatek: Make sure system reset gets asserted in mtk_wdt_restart() (git-fixes).\n- watchdog: rti: of: honor timeout-sec property (git-fixes).\n- wifi: ath10k: Fix memory leak in management tx (git-fixes).\n- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1 (git-fixes).\n- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2 (git-fixes).\n- wifi: ath11k: Fix CE offset address calculation for WCN6750 in SSR (git-fixes).\n- wifi: ath11k: Fix invalid ring usage in full monitor mode (git-fixes).\n- wifi: ath11k: fix array out-of-bound access in SoC stats (stable-fixes).\n- wifi: ath12k: Skip Rx TID cleanup for self peer (git-fixes).\n- wifi: ath12k: fix array out-of-bound access in SoC stats (stable-fixes).\n- wifi: ath12k: fix crash when unbinding (git-fixes).\n- wifi: ath12k: fix warning when unbinding (git-fixes).\n- wifi: ath12k: remove msdu_end structure for WCN7850 (git-fixes).\n- wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (git-fixes).\n- wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() (stable-fixes).\n- wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit (stable-fixes).\n- wifi: brcm80211: BRCM_TRACING should depend on TRACING (git-fixes).\n- wifi: brcmfmac: release \u0027root\u0027 node in all execution paths (git-fixes).\n- wifi: cfg80211: Set correct chandef when starting CAC (stable-fixes).\n- wifi: cfg80211: clear wdev-\u003ecqm_config pointer on free (git-fixes).\n- wifi: cw1200: Fix potential NULL dereference (git-fixes).\n- wifi: iwlegacy: Clear stale interrupts before resuming device (stable-fixes).\n- wifi: iwlegacy: Fix \"field-spanning write\" warning in il_enqueue_hcmd() (git-fixes).\n- wifi: iwlwifi: allow only CN mcc from WRDD (stable-fixes).\n- wifi: iwlwifi: config: label \u0027gl\u0027 devices as discrete (git-fixes).\n- wifi: iwlwifi: mvm: Fix a race in scan abort flow (stable-fixes).\n- wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() (git-fixes).\n- wifi: iwlwifi: mvm: avoid NULL pointer dereference (stable-fixes).\n- wifi: iwlwifi: mvm: do not add default link in fw restart flow (git-fixes).\n- wifi: iwlwifi: mvm: do not leak a link on AP removal (git-fixes).\n- wifi: iwlwifi: mvm: drop wrong STA selection in TX (stable-fixes).\n- wifi: iwlwifi: mvm: use correct key iteration (stable-fixes).\n- wifi: iwlwifi: remove AX101, AX201 and AX203 support from LNL (stable-fixes).\n- wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower (git-fixes).\n- wifi: mac80211: fix RCU list iterations (stable-fixes).\n- wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys (git-fixes).\n- wifi: mt76: mt7915: add dummy HW offload of IEEE 802.11 fragmentation (stable-fixes).\n- wifi: mt76: mt7915: disable tx worker during tx BA session enable/disable (stable-fixes).\n- wifi: mt76: mt7915: hold dev-\u003emt76.mutex while disabling tx worker (stable-fixes).\n- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() (stable-fixes).\n- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (git-fixes).\n- wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).\n- wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).\n- wifi: rtw88: 8821cu: Remove VID/PID 0bda:c82c (stable-fixes).\n- wifi: rtw88: Fix USB/SDIO devices not transmitting beacons (git-fixes).\n- wifi: rtw88: select WANT_DEV_COREDUMP (stable-fixes).\n- wifi: rtw89: avoid reading out of bounds when loading TX power FW elements (stable-fixes).\n- wifi: rtw89: avoid to add interface to list twice when SER (stable-fixes).\n- wifi: rtw89: correct base HT rate mask for firmware (stable-fixes).\n- wifi: wfx: Fix error handling in wfx_core_init() (git-fixes).\n- x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client (bsc#1233443).\n- x86/CPU/AMD: Only apply Zenbleed fix for Zen2 during late microcode load (git-fixes).\n- x86/Documentation: Indent \u0027note::\u0027 directive for protocol version number note (git-fixes).\n- x86/PCI: Check pcie_find_root_port() return for NULL (git-fixes).\n- x86/amd_nb: Add new PCI IDs for AMD family 1Ah model 60h (git-fixes).\n- x86/apic: Always explicitly disarm TSC-deadline timer (git-fixes).\n- x86/apic: Make x2apic_disable() work correctly (git-fixes).\n- x86/bugs: Do not use UNTRAIN_RET with IBPB on entry (git-fixes).\n- x86/bugs: Skip RSB fill at VMEXIT (git-fixes).\n- x86/cpufeatures: Add a IBPB_NO_RET BUG flag (git-fixes).\n- x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET (git-fixes).\n- x86/entry: Have entry_ibpb() invalidate return predictions (git-fixes).\n- x86/entry: Remove unwanted instrumentation in common_interrupt() (git-fixes).\n- x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency (git-fixes).\n- x86/microcode/intel: Remove unnecessary cache writeback and invalidation (git-fixes).\n- x86/mm: Use IPIs to synchronize LAM enablement (git-fixes).\n- x86/resctrl: Annotate get_mem_config() functions as __init (git-fixes).\n- x86/resctrl: Avoid overflow in MB settings in bw_validate() (git-fixes).\n- x86/resctrl: Remove hard-coded memory bandwidth limit (git-fixes).\n- x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler (git-fixes).\n- x86/syscall: Avoid memcpy() for ia32 syscall_get_arguments() (git-fixes).\n- x86/tdx: Dynamically disable SEPT violations from causing #VEs (git-fixes).\n- x86/tdx: Enable CPU topology enumeration (git-fixes).\n- x86/tdx: Introduce wrappers to read and write TD metadata (git-fixes).\n- x86/tdx: Rename tdx_parse_tdinfo() to tdx_setup() (git-fixes).\n- x86/traps: move kmsan check after instrumentation_begin (git-fixes).\n- x86: Increase brk randomness entropy for 64-bit systems (git-fixes).\n- x86: do the user address masking outside the user access area (git-fixes).\n- x86: fix off-by-one in access_ok() (git-fixes).\n- x86: fix user address masking non-canonical speculation issue (git-fixes).\n- x86: make the masked_user_access_begin() macro use its argument only once (git-fixes).\n- x86: support user address masking instead of non-speculative conditional (git-fixes).\n- xfrm: Export symbol xfrm_dev_state_delete (bsc#1233754).\n- xfrm: Fix unregister netdevice hang on hardware offload (bsc#1233754).\n- xfs: check opcode and iovec count match in xlog_recover_attri_commit_pass2 (git-fixes).\n- xfs: check shortform attr entry flags specifically (git-fixes).\n- xfs: convert delayed extents to unwritten when zeroing post eof blocks (git-fixes).\n- xfs: fix finding a last resort AG in xfs_filestream_pick_ag (git-fixes).\n- xfs: fix freeing speculative preallocations for preallocated files (git-fixes).\n- xfs: make sure sb_fdblocks is non-negative (git-fixes).\n- xfs: make the seq argument to xfs_bmapi_convert_delalloc() optional (git-fixes).\n- xfs: make xfs_bmapi_convert_delalloc() to allocate the target offset (git-fixes).\n- xfs: remove a racy if_bytes check in xfs_reflink_end_cow_extent (git-fixes).\n- xfs: validate recovered name buffers when recovering xattr items (git-fixes).\n- xhci: Add a quirk for writing ERST in high-low order (git-fixes).\n- xhci: Fix Link TRB DMA in command ring stopped completion event (git-fixes).\n- xhci: Fix incorrect stream context type macro (git-fixes).\n- xhci: Mitigate failed set dequeue pointer commands (git-fixes).\n- xhci: Use pm_runtime_get to prevent RPM on unsupported systems (git-fixes).\n- xhci: tegra: fix checked USB2 port number (git-fixes).\n- zonefs: Improve error handling (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-kernel-2",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20163-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20163-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520163-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20163-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021187.html"
},
{
"category": "self",
"summary": "SUSE Bug 1012628",
"url": "https://bugzilla.suse.com/1012628"
},
{
"category": "self",
"summary": "SUSE Bug 1065729",
"url": "https://bugzilla.suse.com/1065729"
},
{
"category": "self",
"summary": "SUSE Bug 1082555",
"url": "https://bugzilla.suse.com/1082555"
},
{
"category": "self",
"summary": "SUSE Bug 1194869",
"url": "https://bugzilla.suse.com/1194869"
},
{
"category": "self",
"summary": "SUSE Bug 1215199",
"url": "https://bugzilla.suse.com/1215199"
},
{
"category": "self",
"summary": "SUSE Bug 1217845",
"url": "https://bugzilla.suse.com/1217845"
},
{
"category": "self",
"summary": "SUSE Bug 1218562",
"url": "https://bugzilla.suse.com/1218562"
},
{
"category": "self",
"summary": "SUSE Bug 1218644",
"url": "https://bugzilla.suse.com/1218644"
},
{
"category": "self",
"summary": "SUSE Bug 1219596",
"url": "https://bugzilla.suse.com/1219596"
},
{
"category": "self",
"summary": "SUSE Bug 1219803",
"url": "https://bugzilla.suse.com/1219803"
},
{
"category": "self",
"summary": "SUSE Bug 1220355",
"url": "https://bugzilla.suse.com/1220355"
},
{
"category": "self",
"summary": "SUSE Bug 1220382",
"url": "https://bugzilla.suse.com/1220382"
},
{
"category": "self",
"summary": "SUSE Bug 1221309",
"url": "https://bugzilla.suse.com/1221309"
},
{
"category": "self",
"summary": "SUSE Bug 1222423",
"url": "https://bugzilla.suse.com/1222423"
},
{
"category": "self",
"summary": "SUSE Bug 1222587",
"url": "https://bugzilla.suse.com/1222587"
},
{
"category": "self",
"summary": "SUSE Bug 1222590",
"url": "https://bugzilla.suse.com/1222590"
},
{
"category": "self",
"summary": "SUSE Bug 1223112",
"url": "https://bugzilla.suse.com/1223112"
},
{
"category": "self",
"summary": "SUSE Bug 1223384",
"url": "https://bugzilla.suse.com/1223384"
},
{
"category": "self",
"summary": "SUSE Bug 1223656",
"url": "https://bugzilla.suse.com/1223656"
},
{
"category": "self",
"summary": "SUSE Bug 1223700",
"url": "https://bugzilla.suse.com/1223700"
},
{
"category": "self",
"summary": "SUSE Bug 1223733",
"url": "https://bugzilla.suse.com/1223733"
},
{
"category": "self",
"summary": "SUSE Bug 1223824",
"url": "https://bugzilla.suse.com/1223824"
},
{
"category": "self",
"summary": "SUSE Bug 1223848",
"url": "https://bugzilla.suse.com/1223848"
},
{
"category": "self",
"summary": "SUSE Bug 1224088",
"url": "https://bugzilla.suse.com/1224088"
},
{
"category": "self",
"summary": "SUSE Bug 1224429",
"url": "https://bugzilla.suse.com/1224429"
},
{
"category": "self",
"summary": "SUSE Bug 1224518",
"url": "https://bugzilla.suse.com/1224518"
},
{
"category": "self",
"summary": "SUSE Bug 1224548",
"url": "https://bugzilla.suse.com/1224548"
},
{
"category": "self",
"summary": "SUSE Bug 1224574",
"url": "https://bugzilla.suse.com/1224574"
},
{
"category": "self",
"summary": "SUSE Bug 1224948",
"url": "https://bugzilla.suse.com/1224948"
},
{
"category": "self",
"summary": "SUSE Bug 1225611",
"url": "https://bugzilla.suse.com/1225611"
},
{
"category": "self",
"summary": "SUSE Bug 1225713",
"url": "https://bugzilla.suse.com/1225713"
},
{
"category": "self",
"summary": "SUSE Bug 1225725",
"url": "https://bugzilla.suse.com/1225725"
},
{
"category": "self",
"summary": "SUSE Bug 1225730",
"url": "https://bugzilla.suse.com/1225730"
},
{
"category": "self",
"summary": "SUSE Bug 1225742",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "self",
"summary": "SUSE Bug 1225764",
"url": "https://bugzilla.suse.com/1225764"
},
{
"category": "self",
"summary": "SUSE Bug 1225768",
"url": "https://bugzilla.suse.com/1225768"
},
{
"category": "self",
"summary": "SUSE Bug 1225813",
"url": "https://bugzilla.suse.com/1225813"
},
{
"category": "self",
"summary": "SUSE Bug 1225903",
"url": "https://bugzilla.suse.com/1225903"
},
{
"category": "self",
"summary": "SUSE Bug 1226003",
"url": "https://bugzilla.suse.com/1226003"
},
{
"category": "self",
"summary": "SUSE Bug 1226130",
"url": "https://bugzilla.suse.com/1226130"
},
{
"category": "self",
"summary": "SUSE Bug 1226498",
"url": "https://bugzilla.suse.com/1226498"
},
{
"category": "self",
"summary": "SUSE Bug 1226623",
"url": "https://bugzilla.suse.com/1226623"
},
{
"category": "self",
"summary": "SUSE Bug 1226631",
"url": "https://bugzilla.suse.com/1226631"
},
{
"category": "self",
"summary": "SUSE Bug 1226748",
"url": "https://bugzilla.suse.com/1226748"
},
{
"category": "self",
"summary": "SUSE Bug 1226797",
"url": "https://bugzilla.suse.com/1226797"
},
{
"category": "self",
"summary": "SUSE Bug 1226848",
"url": "https://bugzilla.suse.com/1226848"
},
{
"category": "self",
"summary": "SUSE Bug 1226872",
"url": "https://bugzilla.suse.com/1226872"
},
{
"category": "self",
"summary": "SUSE Bug 1227726",
"url": "https://bugzilla.suse.com/1227726"
},
{
"category": "self",
"summary": "SUSE Bug 1227842",
"url": "https://bugzilla.suse.com/1227842"
},
{
"category": "self",
"summary": "SUSE Bug 1228119",
"url": "https://bugzilla.suse.com/1228119"
},
{
"category": "self",
"summary": "SUSE Bug 1228244",
"url": "https://bugzilla.suse.com/1228244"
},
{
"category": "self",
"summary": "SUSE Bug 1228269",
"url": "https://bugzilla.suse.com/1228269"
},
{
"category": "self",
"summary": "SUSE Bug 1228410",
"url": "https://bugzilla.suse.com/1228410"
},
{
"category": "self",
"summary": "SUSE Bug 1228430",
"url": "https://bugzilla.suse.com/1228430"
},
{
"category": "self",
"summary": "SUSE Bug 1228454",
"url": "https://bugzilla.suse.com/1228454"
},
{
"category": "self",
"summary": "SUSE Bug 1228537",
"url": "https://bugzilla.suse.com/1228537"
},
{
"category": "self",
"summary": "SUSE Bug 1228620",
"url": "https://bugzilla.suse.com/1228620"
},
{
"category": "self",
"summary": "SUSE Bug 1228743",
"url": "https://bugzilla.suse.com/1228743"
},
{
"category": "self",
"summary": "SUSE Bug 1228747",
"url": "https://bugzilla.suse.com/1228747"
},
{
"category": "self",
"summary": "SUSE Bug 1228850",
"url": "https://bugzilla.suse.com/1228850"
},
{
"category": "self",
"summary": "SUSE Bug 1228857",
"url": "https://bugzilla.suse.com/1228857"
},
{
"category": "self",
"summary": "SUSE Bug 1229019",
"url": "https://bugzilla.suse.com/1229019"
},
{
"category": "self",
"summary": "SUSE Bug 1229165",
"url": "https://bugzilla.suse.com/1229165"
},
{
"category": "self",
"summary": "SUSE Bug 1229429",
"url": "https://bugzilla.suse.com/1229429"
},
{
"category": "self",
"summary": "SUSE Bug 1229450",
"url": "https://bugzilla.suse.com/1229450"
},
{
"category": "self",
"summary": "SUSE Bug 1229585",
"url": "https://bugzilla.suse.com/1229585"
},
{
"category": "self",
"summary": "SUSE Bug 1229677",
"url": "https://bugzilla.suse.com/1229677"
},
{
"category": "self",
"summary": "SUSE Bug 1229769",
"url": "https://bugzilla.suse.com/1229769"
},
{
"category": "self",
"summary": "SUSE Bug 1229808",
"url": "https://bugzilla.suse.com/1229808"
},
{
"category": "self",
"summary": "SUSE Bug 1229891",
"url": "https://bugzilla.suse.com/1229891"
},
{
"category": "self",
"summary": "SUSE Bug 1230055",
"url": "https://bugzilla.suse.com/1230055"
},
{
"category": "self",
"summary": "SUSE Bug 1230132",
"url": "https://bugzilla.suse.com/1230132"
},
{
"category": "self",
"summary": "SUSE Bug 1230179",
"url": "https://bugzilla.suse.com/1230179"
},
{
"category": "self",
"summary": "SUSE Bug 1230220",
"url": "https://bugzilla.suse.com/1230220"
},
{
"category": "self",
"summary": "SUSE Bug 1230231",
"url": "https://bugzilla.suse.com/1230231"
},
{
"category": "self",
"summary": "SUSE Bug 1230289",
"url": "https://bugzilla.suse.com/1230289"
},
{
"category": "self",
"summary": "SUSE Bug 1230295",
"url": "https://bugzilla.suse.com/1230295"
},
{
"category": "self",
"summary": "SUSE Bug 1230339",
"url": "https://bugzilla.suse.com/1230339"
},
{
"category": "self",
"summary": "SUSE Bug 1230341",
"url": "https://bugzilla.suse.com/1230341"
},
{
"category": "self",
"summary": "SUSE Bug 1230375",
"url": "https://bugzilla.suse.com/1230375"
},
{
"category": "self",
"summary": "SUSE Bug 1230414",
"url": "https://bugzilla.suse.com/1230414"
},
{
"category": "self",
"summary": "SUSE Bug 1230429",
"url": "https://bugzilla.suse.com/1230429"
},
{
"category": "self",
"summary": "SUSE Bug 1230456",
"url": "https://bugzilla.suse.com/1230456"
},
{
"category": "self",
"summary": "SUSE Bug 1230501",
"url": "https://bugzilla.suse.com/1230501"
},
{
"category": "self",
"summary": "SUSE Bug 1230527",
"url": "https://bugzilla.suse.com/1230527"
},
{
"category": "self",
"summary": "SUSE Bug 1230550",
"url": "https://bugzilla.suse.com/1230550"
},
{
"category": "self",
"summary": "SUSE Bug 1230557",
"url": "https://bugzilla.suse.com/1230557"
},
{
"category": "self",
"summary": "SUSE Bug 1230558",
"url": "https://bugzilla.suse.com/1230558"
},
{
"category": "self",
"summary": "SUSE Bug 1230600",
"url": "https://bugzilla.suse.com/1230600"
},
{
"category": "self",
"summary": "SUSE Bug 1230620",
"url": "https://bugzilla.suse.com/1230620"
},
{
"category": "self",
"summary": "SUSE Bug 1230710",
"url": "https://bugzilla.suse.com/1230710"
},
{
"category": "self",
"summary": "SUSE Bug 1230733",
"url": "https://bugzilla.suse.com/1230733"
},
{
"category": "self",
"summary": "SUSE Bug 1230762",
"url": "https://bugzilla.suse.com/1230762"
},
{
"category": "self",
"summary": "SUSE Bug 1230763",
"url": "https://bugzilla.suse.com/1230763"
},
{
"category": "self",
"summary": "SUSE Bug 1230773",
"url": "https://bugzilla.suse.com/1230773"
},
{
"category": "self",
"summary": "SUSE Bug 1230774",
"url": "https://bugzilla.suse.com/1230774"
},
{
"category": "self",
"summary": "SUSE Bug 1230801",
"url": "https://bugzilla.suse.com/1230801"
},
{
"category": "self",
"summary": "SUSE Bug 1230807",
"url": "https://bugzilla.suse.com/1230807"
},
{
"category": "self",
"summary": "SUSE Bug 1230817",
"url": "https://bugzilla.suse.com/1230817"
},
{
"category": "self",
"summary": "SUSE Bug 1230827",
"url": "https://bugzilla.suse.com/1230827"
},
{
"category": "self",
"summary": "SUSE Bug 1230831",
"url": "https://bugzilla.suse.com/1230831"
},
{
"category": "self",
"summary": "SUSE Bug 1230914",
"url": "https://bugzilla.suse.com/1230914"
},
{
"category": "self",
"summary": "SUSE Bug 1230918",
"url": "https://bugzilla.suse.com/1230918"
},
{
"category": "self",
"summary": "SUSE Bug 1230971",
"url": "https://bugzilla.suse.com/1230971"
},
{
"category": "self",
"summary": "SUSE Bug 1231016",
"url": "https://bugzilla.suse.com/1231016"
},
{
"category": "self",
"summary": "SUSE Bug 1231035",
"url": "https://bugzilla.suse.com/1231035"
},
{
"category": "self",
"summary": "SUSE Bug 1231072",
"url": "https://bugzilla.suse.com/1231072"
},
{
"category": "self",
"summary": "SUSE Bug 1231073",
"url": "https://bugzilla.suse.com/1231073"
},
{
"category": "self",
"summary": "SUSE Bug 1231075",
"url": "https://bugzilla.suse.com/1231075"
},
{
"category": "self",
"summary": "SUSE Bug 1231076",
"url": "https://bugzilla.suse.com/1231076"
},
{
"category": "self",
"summary": "SUSE Bug 1231081",
"url": "https://bugzilla.suse.com/1231081"
},
{
"category": "self",
"summary": "SUSE Bug 1231082",
"url": "https://bugzilla.suse.com/1231082"
},
{
"category": "self",
"summary": "SUSE Bug 1231083",
"url": "https://bugzilla.suse.com/1231083"
},
{
"category": "self",
"summary": "SUSE Bug 1231084",
"url": "https://bugzilla.suse.com/1231084"
},
{
"category": "self",
"summary": "SUSE Bug 1231085",
"url": "https://bugzilla.suse.com/1231085"
},
{
"category": "self",
"summary": "SUSE Bug 1231087",
"url": "https://bugzilla.suse.com/1231087"
},
{
"category": "self",
"summary": "SUSE Bug 1231089",
"url": "https://bugzilla.suse.com/1231089"
},
{
"category": "self",
"summary": "SUSE Bug 1231092",
"url": "https://bugzilla.suse.com/1231092"
},
{
"category": "self",
"summary": "SUSE Bug 1231093",
"url": "https://bugzilla.suse.com/1231093"
},
{
"category": "self",
"summary": "SUSE Bug 1231094",
"url": "https://bugzilla.suse.com/1231094"
},
{
"category": "self",
"summary": "SUSE Bug 1231096",
"url": "https://bugzilla.suse.com/1231096"
},
{
"category": "self",
"summary": "SUSE Bug 1231098",
"url": "https://bugzilla.suse.com/1231098"
},
{
"category": "self",
"summary": "SUSE Bug 1231100",
"url": "https://bugzilla.suse.com/1231100"
},
{
"category": "self",
"summary": "SUSE Bug 1231101",
"url": "https://bugzilla.suse.com/1231101"
},
{
"category": "self",
"summary": "SUSE Bug 1231102",
"url": "https://bugzilla.suse.com/1231102"
},
{
"category": "self",
"summary": "SUSE Bug 1231105",
"url": "https://bugzilla.suse.com/1231105"
},
{
"category": "self",
"summary": "SUSE Bug 1231108",
"url": "https://bugzilla.suse.com/1231108"
},
{
"category": "self",
"summary": "SUSE Bug 1231111",
"url": "https://bugzilla.suse.com/1231111"
},
{
"category": "self",
"summary": "SUSE Bug 1231114",
"url": "https://bugzilla.suse.com/1231114"
},
{
"category": "self",
"summary": "SUSE Bug 1231115",
"url": "https://bugzilla.suse.com/1231115"
},
{
"category": "self",
"summary": "SUSE Bug 1231116",
"url": "https://bugzilla.suse.com/1231116"
},
{
"category": "self",
"summary": "SUSE Bug 1231117",
"url": "https://bugzilla.suse.com/1231117"
},
{
"category": "self",
"summary": "SUSE Bug 1231131",
"url": "https://bugzilla.suse.com/1231131"
},
{
"category": "self",
"summary": "SUSE Bug 1231132",
"url": "https://bugzilla.suse.com/1231132"
},
{
"category": "self",
"summary": "SUSE Bug 1231135",
"url": "https://bugzilla.suse.com/1231135"
},
{
"category": "self",
"summary": "SUSE Bug 1231136",
"url": "https://bugzilla.suse.com/1231136"
},
{
"category": "self",
"summary": "SUSE Bug 1231138",
"url": "https://bugzilla.suse.com/1231138"
},
{
"category": "self",
"summary": "SUSE Bug 1231148",
"url": "https://bugzilla.suse.com/1231148"
},
{
"category": "self",
"summary": "SUSE Bug 1231169",
"url": "https://bugzilla.suse.com/1231169"
},
{
"category": "self",
"summary": "SUSE Bug 1231170",
"url": "https://bugzilla.suse.com/1231170"
},
{
"category": "self",
"summary": "SUSE Bug 1231171",
"url": "https://bugzilla.suse.com/1231171"
},
{
"category": "self",
"summary": "SUSE Bug 1231178",
"url": "https://bugzilla.suse.com/1231178"
},
{
"category": "self",
"summary": "SUSE Bug 1231179",
"url": "https://bugzilla.suse.com/1231179"
},
{
"category": "self",
"summary": "SUSE Bug 1231182",
"url": "https://bugzilla.suse.com/1231182"
},
{
"category": "self",
"summary": "SUSE Bug 1231183",
"url": "https://bugzilla.suse.com/1231183"
},
{
"category": "self",
"summary": "SUSE Bug 1231187",
"url": "https://bugzilla.suse.com/1231187"
},
{
"category": "self",
"summary": "SUSE Bug 1231191",
"url": "https://bugzilla.suse.com/1231191"
},
{
"category": "self",
"summary": "SUSE Bug 1231193",
"url": "https://bugzilla.suse.com/1231193"
},
{
"category": "self",
"summary": "SUSE Bug 1231195",
"url": "https://bugzilla.suse.com/1231195"
},
{
"category": "self",
"summary": "SUSE Bug 1231197",
"url": "https://bugzilla.suse.com/1231197"
},
{
"category": "self",
"summary": "SUSE Bug 1231200",
"url": "https://bugzilla.suse.com/1231200"
},
{
"category": "self",
"summary": "SUSE Bug 1231202",
"url": "https://bugzilla.suse.com/1231202"
},
{
"category": "self",
"summary": "SUSE Bug 1231203",
"url": "https://bugzilla.suse.com/1231203"
},
{
"category": "self",
"summary": "SUSE Bug 1231276",
"url": "https://bugzilla.suse.com/1231276"
},
{
"category": "self",
"summary": "SUSE Bug 1231293",
"url": "https://bugzilla.suse.com/1231293"
},
{
"category": "self",
"summary": "SUSE Bug 1231384",
"url": "https://bugzilla.suse.com/1231384"
},
{
"category": "self",
"summary": "SUSE Bug 1231434",
"url": "https://bugzilla.suse.com/1231434"
},
{
"category": "self",
"summary": "SUSE Bug 1231435",
"url": "https://bugzilla.suse.com/1231435"
},
{
"category": "self",
"summary": "SUSE Bug 1231436",
"url": "https://bugzilla.suse.com/1231436"
},
{
"category": "self",
"summary": "SUSE Bug 1231439",
"url": "https://bugzilla.suse.com/1231439"
},
{
"category": "self",
"summary": "SUSE Bug 1231440",
"url": "https://bugzilla.suse.com/1231440"
},
{
"category": "self",
"summary": "SUSE Bug 1231441",
"url": "https://bugzilla.suse.com/1231441"
},
{
"category": "self",
"summary": "SUSE Bug 1231442",
"url": "https://bugzilla.suse.com/1231442"
},
{
"category": "self",
"summary": "SUSE Bug 1231452",
"url": "https://bugzilla.suse.com/1231452"
},
{
"category": "self",
"summary": "SUSE Bug 1231453",
"url": "https://bugzilla.suse.com/1231453"
},
{
"category": "self",
"summary": "SUSE Bug 1231465",
"url": "https://bugzilla.suse.com/1231465"
},
{
"category": "self",
"summary": "SUSE Bug 1231474",
"url": "https://bugzilla.suse.com/1231474"
},
{
"category": "self",
"summary": "SUSE Bug 1231481",
"url": "https://bugzilla.suse.com/1231481"
},
{
"category": "self",
"summary": "SUSE Bug 1231496",
"url": "https://bugzilla.suse.com/1231496"
},
{
"category": "self",
"summary": "SUSE Bug 1231502",
"url": "https://bugzilla.suse.com/1231502"
},
{
"category": "self",
"summary": "SUSE Bug 1231537",
"url": "https://bugzilla.suse.com/1231537"
},
{
"category": "self",
"summary": "SUSE Bug 1231539",
"url": "https://bugzilla.suse.com/1231539"
},
{
"category": "self",
"summary": "SUSE Bug 1231540",
"url": "https://bugzilla.suse.com/1231540"
},
{
"category": "self",
"summary": "SUSE Bug 1231541",
"url": "https://bugzilla.suse.com/1231541"
},
{
"category": "self",
"summary": "SUSE Bug 1231617",
"url": "https://bugzilla.suse.com/1231617"
},
{
"category": "self",
"summary": "SUSE Bug 1231630",
"url": "https://bugzilla.suse.com/1231630"
},
{
"category": "self",
"summary": "SUSE Bug 1231634",
"url": "https://bugzilla.suse.com/1231634"
},
{
"category": "self",
"summary": "SUSE Bug 1231635",
"url": "https://bugzilla.suse.com/1231635"
},
{
"category": "self",
"summary": "SUSE Bug 1231636",
"url": "https://bugzilla.suse.com/1231636"
},
{
"category": "self",
"summary": "SUSE Bug 1231637",
"url": "https://bugzilla.suse.com/1231637"
},
{
"category": "self",
"summary": "SUSE Bug 1231638",
"url": "https://bugzilla.suse.com/1231638"
},
{
"category": "self",
"summary": "SUSE Bug 1231639",
"url": "https://bugzilla.suse.com/1231639"
},
{
"category": "self",
"summary": "SUSE Bug 1231640",
"url": "https://bugzilla.suse.com/1231640"
},
{
"category": "self",
"summary": "SUSE Bug 1231673",
"url": "https://bugzilla.suse.com/1231673"
},
{
"category": "self",
"summary": "SUSE Bug 1231828",
"url": "https://bugzilla.suse.com/1231828"
},
{
"category": "self",
"summary": "SUSE Bug 1231849",
"url": "https://bugzilla.suse.com/1231849"
},
{
"category": "self",
"summary": "SUSE Bug 1231855",
"url": "https://bugzilla.suse.com/1231855"
},
{
"category": "self",
"summary": "SUSE Bug 1231856",
"url": "https://bugzilla.suse.com/1231856"
},
{
"category": "self",
"summary": "SUSE Bug 1231857",
"url": "https://bugzilla.suse.com/1231857"
},
{
"category": "self",
"summary": "SUSE Bug 1231858",
"url": "https://bugzilla.suse.com/1231858"
},
{
"category": "self",
"summary": "SUSE Bug 1231859",
"url": "https://bugzilla.suse.com/1231859"
},
{
"category": "self",
"summary": "SUSE Bug 1231860",
"url": "https://bugzilla.suse.com/1231860"
},
{
"category": "self",
"summary": "SUSE Bug 1231861",
"url": "https://bugzilla.suse.com/1231861"
},
{
"category": "self",
"summary": "SUSE Bug 1231864",
"url": "https://bugzilla.suse.com/1231864"
},
{
"category": "self",
"summary": "SUSE Bug 1231865",
"url": "https://bugzilla.suse.com/1231865"
},
{
"category": "self",
"summary": "SUSE Bug 1231868",
"url": "https://bugzilla.suse.com/1231868"
},
{
"category": "self",
"summary": "SUSE Bug 1231869",
"url": "https://bugzilla.suse.com/1231869"
},
{
"category": "self",
"summary": "SUSE Bug 1231871",
"url": "https://bugzilla.suse.com/1231871"
},
{
"category": "self",
"summary": "SUSE Bug 1231872",
"url": "https://bugzilla.suse.com/1231872"
},
{
"category": "self",
"summary": "SUSE Bug 1231901",
"url": "https://bugzilla.suse.com/1231901"
},
{
"category": "self",
"summary": "SUSE Bug 1231902",
"url": "https://bugzilla.suse.com/1231902"
},
{
"category": "self",
"summary": "SUSE Bug 1231903",
"url": "https://bugzilla.suse.com/1231903"
},
{
"category": "self",
"summary": "SUSE Bug 1231904",
"url": "https://bugzilla.suse.com/1231904"
},
{
"category": "self",
"summary": "SUSE Bug 1231906",
"url": "https://bugzilla.suse.com/1231906"
},
{
"category": "self",
"summary": "SUSE Bug 1231907",
"url": "https://bugzilla.suse.com/1231907"
},
{
"category": "self",
"summary": "SUSE Bug 1231908",
"url": "https://bugzilla.suse.com/1231908"
},
{
"category": "self",
"summary": "SUSE Bug 1231914",
"url": "https://bugzilla.suse.com/1231914"
},
{
"category": "self",
"summary": "SUSE Bug 1231916",
"url": "https://bugzilla.suse.com/1231916"
},
{
"category": "self",
"summary": "SUSE Bug 1231920",
"url": "https://bugzilla.suse.com/1231920"
},
{
"category": "self",
"summary": "SUSE Bug 1231924",
"url": "https://bugzilla.suse.com/1231924"
},
{
"category": "self",
"summary": "SUSE Bug 1231926",
"url": "https://bugzilla.suse.com/1231926"
},
{
"category": "self",
"summary": "SUSE Bug 1231930",
"url": "https://bugzilla.suse.com/1231930"
},
{
"category": "self",
"summary": "SUSE Bug 1231931",
"url": "https://bugzilla.suse.com/1231931"
},
{
"category": "self",
"summary": "SUSE Bug 1231935",
"url": "https://bugzilla.suse.com/1231935"
},
{
"category": "self",
"summary": "SUSE Bug 1231942",
"url": "https://bugzilla.suse.com/1231942"
},
{
"category": "self",
"summary": "SUSE Bug 1231944",
"url": "https://bugzilla.suse.com/1231944"
},
{
"category": "self",
"summary": "SUSE Bug 1231946",
"url": "https://bugzilla.suse.com/1231946"
},
{
"category": "self",
"summary": "SUSE Bug 1231947",
"url": "https://bugzilla.suse.com/1231947"
},
{
"category": "self",
"summary": "SUSE Bug 1231950",
"url": "https://bugzilla.suse.com/1231950"
},
{
"category": "self",
"summary": "SUSE Bug 1231951",
"url": "https://bugzilla.suse.com/1231951"
},
{
"category": "self",
"summary": "SUSE Bug 1231952",
"url": "https://bugzilla.suse.com/1231952"
},
{
"category": "self",
"summary": "SUSE Bug 1231953",
"url": "https://bugzilla.suse.com/1231953"
},
{
"category": "self",
"summary": "SUSE Bug 1231954",
"url": "https://bugzilla.suse.com/1231954"
},
{
"category": "self",
"summary": "SUSE Bug 1231955",
"url": "https://bugzilla.suse.com/1231955"
},
{
"category": "self",
"summary": "SUSE Bug 1231956",
"url": "https://bugzilla.suse.com/1231956"
},
{
"category": "self",
"summary": "SUSE Bug 1231957",
"url": "https://bugzilla.suse.com/1231957"
},
{
"category": "self",
"summary": "SUSE Bug 1231965",
"url": "https://bugzilla.suse.com/1231965"
},
{
"category": "self",
"summary": "SUSE Bug 1231967",
"url": "https://bugzilla.suse.com/1231967"
},
{
"category": "self",
"summary": "SUSE Bug 1231968",
"url": "https://bugzilla.suse.com/1231968"
},
{
"category": "self",
"summary": "SUSE Bug 1231987",
"url": "https://bugzilla.suse.com/1231987"
},
{
"category": "self",
"summary": "SUSE Bug 1231988",
"url": "https://bugzilla.suse.com/1231988"
},
{
"category": "self",
"summary": "SUSE Bug 1231989",
"url": "https://bugzilla.suse.com/1231989"
},
{
"category": "self",
"summary": "SUSE Bug 1231990",
"url": "https://bugzilla.suse.com/1231990"
},
{
"category": "self",
"summary": "SUSE Bug 1231998",
"url": "https://bugzilla.suse.com/1231998"
},
{
"category": "self",
"summary": "SUSE Bug 1232000",
"url": "https://bugzilla.suse.com/1232000"
},
{
"category": "self",
"summary": "SUSE Bug 1232003",
"url": "https://bugzilla.suse.com/1232003"
},
{
"category": "self",
"summary": "SUSE Bug 1232009",
"url": "https://bugzilla.suse.com/1232009"
},
{
"category": "self",
"summary": "SUSE Bug 1232013",
"url": "https://bugzilla.suse.com/1232013"
},
{
"category": "self",
"summary": "SUSE Bug 1232015",
"url": "https://bugzilla.suse.com/1232015"
},
{
"category": "self",
"summary": "SUSE Bug 1232016",
"url": "https://bugzilla.suse.com/1232016"
},
{
"category": "self",
"summary": "SUSE Bug 1232017",
"url": "https://bugzilla.suse.com/1232017"
},
{
"category": "self",
"summary": "SUSE Bug 1232018",
"url": "https://bugzilla.suse.com/1232018"
},
{
"category": "self",
"summary": "SUSE Bug 1232033",
"url": "https://bugzilla.suse.com/1232033"
},
{
"category": "self",
"summary": "SUSE Bug 1232034",
"url": "https://bugzilla.suse.com/1232034"
},
{
"category": "self",
"summary": "SUSE Bug 1232036",
"url": "https://bugzilla.suse.com/1232036"
},
{
"category": "self",
"summary": "SUSE Bug 1232043",
"url": "https://bugzilla.suse.com/1232043"
},
{
"category": "self",
"summary": "SUSE Bug 1232047",
"url": "https://bugzilla.suse.com/1232047"
},
{
"category": "self",
"summary": "SUSE Bug 1232048",
"url": "https://bugzilla.suse.com/1232048"
},
{
"category": "self",
"summary": "SUSE Bug 1232049",
"url": "https://bugzilla.suse.com/1232049"
},
{
"category": "self",
"summary": "SUSE Bug 1232050",
"url": "https://bugzilla.suse.com/1232050"
},
{
"category": "self",
"summary": "SUSE Bug 1232056",
"url": "https://bugzilla.suse.com/1232056"
},
{
"category": "self",
"summary": "SUSE Bug 1232075",
"url": "https://bugzilla.suse.com/1232075"
},
{
"category": "self",
"summary": "SUSE Bug 1232076",
"url": "https://bugzilla.suse.com/1232076"
},
{
"category": "self",
"summary": "SUSE Bug 1232079",
"url": "https://bugzilla.suse.com/1232079"
},
{
"category": "self",
"summary": "SUSE Bug 1232080",
"url": "https://bugzilla.suse.com/1232080"
},
{
"category": "self",
"summary": "SUSE Bug 1232083",
"url": "https://bugzilla.suse.com/1232083"
},
{
"category": "self",
"summary": "SUSE Bug 1232084",
"url": "https://bugzilla.suse.com/1232084"
},
{
"category": "self",
"summary": "SUSE Bug 1232085",
"url": "https://bugzilla.suse.com/1232085"
},
{
"category": "self",
"summary": "SUSE Bug 1232089",
"url": "https://bugzilla.suse.com/1232089"
},
{
"category": "self",
"summary": "SUSE Bug 1232090",
"url": "https://bugzilla.suse.com/1232090"
},
{
"category": "self",
"summary": "SUSE Bug 1232093",
"url": "https://bugzilla.suse.com/1232093"
},
{
"category": "self",
"summary": "SUSE Bug 1232094",
"url": "https://bugzilla.suse.com/1232094"
},
{
"category": "self",
"summary": "SUSE Bug 1232096",
"url": "https://bugzilla.suse.com/1232096"
},
{
"category": "self",
"summary": "SUSE Bug 1232097",
"url": "https://bugzilla.suse.com/1232097"
},
{
"category": "self",
"summary": "SUSE Bug 1232098",
"url": "https://bugzilla.suse.com/1232098"
},
{
"category": "self",
"summary": "SUSE Bug 1232103",
"url": "https://bugzilla.suse.com/1232103"
},
{
"category": "self",
"summary": "SUSE Bug 1232104",
"url": "https://bugzilla.suse.com/1232104"
},
{
"category": "self",
"summary": "SUSE Bug 1232105",
"url": "https://bugzilla.suse.com/1232105"
},
{
"category": "self",
"summary": "SUSE Bug 1232109",
"url": "https://bugzilla.suse.com/1232109"
},
{
"category": "self",
"summary": "SUSE Bug 1232111",
"url": "https://bugzilla.suse.com/1232111"
},
{
"category": "self",
"summary": "SUSE Bug 1232114",
"url": "https://bugzilla.suse.com/1232114"
},
{
"category": "self",
"summary": "SUSE Bug 1232116",
"url": "https://bugzilla.suse.com/1232116"
},
{
"category": "self",
"summary": "SUSE Bug 1232117",
"url": "https://bugzilla.suse.com/1232117"
},
{
"category": "self",
"summary": "SUSE Bug 1232124",
"url": "https://bugzilla.suse.com/1232124"
},
{
"category": "self",
"summary": "SUSE Bug 1232126",
"url": "https://bugzilla.suse.com/1232126"
},
{
"category": "self",
"summary": "SUSE Bug 1232127",
"url": "https://bugzilla.suse.com/1232127"
},
{
"category": "self",
"summary": "SUSE Bug 1232129",
"url": "https://bugzilla.suse.com/1232129"
},
{
"category": "self",
"summary": "SUSE Bug 1232130",
"url": "https://bugzilla.suse.com/1232130"
},
{
"category": "self",
"summary": "SUSE Bug 1232131",
"url": "https://bugzilla.suse.com/1232131"
},
{
"category": "self",
"summary": "SUSE Bug 1232132",
"url": "https://bugzilla.suse.com/1232132"
},
{
"category": "self",
"summary": "SUSE Bug 1232134",
"url": "https://bugzilla.suse.com/1232134"
},
{
"category": "self",
"summary": "SUSE Bug 1232135",
"url": "https://bugzilla.suse.com/1232135"
},
{
"category": "self",
"summary": "SUSE Bug 1232140",
"url": "https://bugzilla.suse.com/1232140"
},
{
"category": "self",
"summary": "SUSE Bug 1232141",
"url": "https://bugzilla.suse.com/1232141"
},
{
"category": "self",
"summary": "SUSE Bug 1232142",
"url": "https://bugzilla.suse.com/1232142"
},
{
"category": "self",
"summary": "SUSE Bug 1232145",
"url": "https://bugzilla.suse.com/1232145"
},
{
"category": "self",
"summary": "SUSE Bug 1232147",
"url": "https://bugzilla.suse.com/1232147"
},
{
"category": "self",
"summary": "SUSE Bug 1232148",
"url": "https://bugzilla.suse.com/1232148"
},
{
"category": "self",
"summary": "SUSE Bug 1232149",
"url": "https://bugzilla.suse.com/1232149"
},
{
"category": "self",
"summary": "SUSE Bug 1232151",
"url": "https://bugzilla.suse.com/1232151"
},
{
"category": "self",
"summary": "SUSE Bug 1232152",
"url": "https://bugzilla.suse.com/1232152"
},
{
"category": "self",
"summary": "SUSE Bug 1232154",
"url": "https://bugzilla.suse.com/1232154"
},
{
"category": "self",
"summary": "SUSE Bug 1232155",
"url": "https://bugzilla.suse.com/1232155"
},
{
"category": "self",
"summary": "SUSE Bug 1232156",
"url": "https://bugzilla.suse.com/1232156"
},
{
"category": "self",
"summary": "SUSE Bug 1232157",
"url": "https://bugzilla.suse.com/1232157"
},
{
"category": "self",
"summary": "SUSE Bug 1232159",
"url": "https://bugzilla.suse.com/1232159"
},
{
"category": "self",
"summary": "SUSE Bug 1232160",
"url": "https://bugzilla.suse.com/1232160"
},
{
"category": "self",
"summary": "SUSE Bug 1232162",
"url": "https://bugzilla.suse.com/1232162"
},
{
"category": "self",
"summary": "SUSE Bug 1232164",
"url": "https://bugzilla.suse.com/1232164"
},
{
"category": "self",
"summary": "SUSE Bug 1232165",
"url": "https://bugzilla.suse.com/1232165"
},
{
"category": "self",
"summary": "SUSE Bug 1232166",
"url": "https://bugzilla.suse.com/1232166"
},
{
"category": "self",
"summary": "SUSE Bug 1232174",
"url": "https://bugzilla.suse.com/1232174"
},
{
"category": "self",
"summary": "SUSE Bug 1232180",
"url": "https://bugzilla.suse.com/1232180"
},
{
"category": "self",
"summary": "SUSE Bug 1232182",
"url": "https://bugzilla.suse.com/1232182"
},
{
"category": "self",
"summary": "SUSE Bug 1232183",
"url": "https://bugzilla.suse.com/1232183"
},
{
"category": "self",
"summary": "SUSE Bug 1232185",
"url": "https://bugzilla.suse.com/1232185"
},
{
"category": "self",
"summary": "SUSE Bug 1232187",
"url": "https://bugzilla.suse.com/1232187"
},
{
"category": "self",
"summary": "SUSE Bug 1232189",
"url": "https://bugzilla.suse.com/1232189"
},
{
"category": "self",
"summary": "SUSE Bug 1232192",
"url": "https://bugzilla.suse.com/1232192"
},
{
"category": "self",
"summary": "SUSE Bug 1232195",
"url": "https://bugzilla.suse.com/1232195"
},
{
"category": "self",
"summary": "SUSE Bug 1232196",
"url": "https://bugzilla.suse.com/1232196"
},
{
"category": "self",
"summary": "SUSE Bug 1232198",
"url": "https://bugzilla.suse.com/1232198"
},
{
"category": "self",
"summary": "SUSE Bug 1232199",
"url": "https://bugzilla.suse.com/1232199"
},
{
"category": "self",
"summary": "SUSE Bug 1232200",
"url": "https://bugzilla.suse.com/1232200"
},
{
"category": "self",
"summary": "SUSE Bug 1232201",
"url": "https://bugzilla.suse.com/1232201"
},
{
"category": "self",
"summary": "SUSE Bug 1232207",
"url": "https://bugzilla.suse.com/1232207"
},
{
"category": "self",
"summary": "SUSE Bug 1232208",
"url": "https://bugzilla.suse.com/1232208"
},
{
"category": "self",
"summary": "SUSE Bug 1232217",
"url": "https://bugzilla.suse.com/1232217"
},
{
"category": "self",
"summary": "SUSE Bug 1232218",
"url": "https://bugzilla.suse.com/1232218"
},
{
"category": "self",
"summary": "SUSE Bug 1232220",
"url": "https://bugzilla.suse.com/1232220"
},
{
"category": "self",
"summary": "SUSE Bug 1232221",
"url": "https://bugzilla.suse.com/1232221"
},
{
"category": "self",
"summary": "SUSE Bug 1232222",
"url": "https://bugzilla.suse.com/1232222"
},
{
"category": "self",
"summary": "SUSE Bug 1232224",
"url": "https://bugzilla.suse.com/1232224"
},
{
"category": "self",
"summary": "SUSE Bug 1232232",
"url": "https://bugzilla.suse.com/1232232"
},
{
"category": "self",
"summary": "SUSE Bug 1232250",
"url": "https://bugzilla.suse.com/1232250"
},
{
"category": "self",
"summary": "SUSE Bug 1232251",
"url": "https://bugzilla.suse.com/1232251"
},
{
"category": "self",
"summary": "SUSE Bug 1232253",
"url": "https://bugzilla.suse.com/1232253"
},
{
"category": "self",
"summary": "SUSE Bug 1232254",
"url": "https://bugzilla.suse.com/1232254"
},
{
"category": "self",
"summary": "SUSE Bug 1232255",
"url": "https://bugzilla.suse.com/1232255"
},
{
"category": "self",
"summary": "SUSE Bug 1232256",
"url": "https://bugzilla.suse.com/1232256"
},
{
"category": "self",
"summary": "SUSE Bug 1232258",
"url": "https://bugzilla.suse.com/1232258"
},
{
"category": "self",
"summary": "SUSE Bug 1232259",
"url": "https://bugzilla.suse.com/1232259"
},
{
"category": "self",
"summary": "SUSE Bug 1232260",
"url": "https://bugzilla.suse.com/1232260"
},
{
"category": "self",
"summary": "SUSE Bug 1232262",
"url": "https://bugzilla.suse.com/1232262"
},
{
"category": "self",
"summary": "SUSE Bug 1232263",
"url": "https://bugzilla.suse.com/1232263"
},
{
"category": "self",
"summary": "SUSE Bug 1232264",
"url": "https://bugzilla.suse.com/1232264"
},
{
"category": "self",
"summary": "SUSE Bug 1232272",
"url": "https://bugzilla.suse.com/1232272"
},
{
"category": "self",
"summary": "SUSE Bug 1232275",
"url": "https://bugzilla.suse.com/1232275"
},
{
"category": "self",
"summary": "SUSE Bug 1232279",
"url": "https://bugzilla.suse.com/1232279"
},
{
"category": "self",
"summary": "SUSE Bug 1232282",
"url": "https://bugzilla.suse.com/1232282"
},
{
"category": "self",
"summary": "SUSE Bug 1232285",
"url": "https://bugzilla.suse.com/1232285"
},
{
"category": "self",
"summary": "SUSE Bug 1232287",
"url": "https://bugzilla.suse.com/1232287"
},
{
"category": "self",
"summary": "SUSE Bug 1232295",
"url": "https://bugzilla.suse.com/1232295"
},
{
"category": "self",
"summary": "SUSE Bug 1232305",
"url": "https://bugzilla.suse.com/1232305"
},
{
"category": "self",
"summary": "SUSE Bug 1232307",
"url": "https://bugzilla.suse.com/1232307"
},
{
"category": "self",
"summary": "SUSE Bug 1232309",
"url": "https://bugzilla.suse.com/1232309"
},
{
"category": "self",
"summary": "SUSE Bug 1232310",
"url": "https://bugzilla.suse.com/1232310"
},
{
"category": "self",
"summary": "SUSE Bug 1232312",
"url": "https://bugzilla.suse.com/1232312"
},
{
"category": "self",
"summary": "SUSE Bug 1232313",
"url": "https://bugzilla.suse.com/1232313"
},
{
"category": "self",
"summary": "SUSE Bug 1232314",
"url": "https://bugzilla.suse.com/1232314"
},
{
"category": "self",
"summary": "SUSE Bug 1232315",
"url": "https://bugzilla.suse.com/1232315"
},
{
"category": "self",
"summary": "SUSE Bug 1232316",
"url": "https://bugzilla.suse.com/1232316"
},
{
"category": "self",
"summary": "SUSE Bug 1232317",
"url": "https://bugzilla.suse.com/1232317"
},
{
"category": "self",
"summary": "SUSE Bug 1232318",
"url": "https://bugzilla.suse.com/1232318"
},
{
"category": "self",
"summary": "SUSE Bug 1232329",
"url": "https://bugzilla.suse.com/1232329"
},
{
"category": "self",
"summary": "SUSE Bug 1232332",
"url": "https://bugzilla.suse.com/1232332"
},
{
"category": "self",
"summary": "SUSE Bug 1232333",
"url": "https://bugzilla.suse.com/1232333"
},
{
"category": "self",
"summary": "SUSE Bug 1232334",
"url": "https://bugzilla.suse.com/1232334"
},
{
"category": "self",
"summary": "SUSE Bug 1232335",
"url": "https://bugzilla.suse.com/1232335"
},
{
"category": "self",
"summary": "SUSE Bug 1232337",
"url": "https://bugzilla.suse.com/1232337"
},
{
"category": "self",
"summary": "SUSE Bug 1232339",
"url": "https://bugzilla.suse.com/1232339"
},
{
"category": "self",
"summary": "SUSE Bug 1232340",
"url": "https://bugzilla.suse.com/1232340"
},
{
"category": "self",
"summary": "SUSE Bug 1232342",
"url": "https://bugzilla.suse.com/1232342"
},
{
"category": "self",
"summary": "SUSE Bug 1232345",
"url": "https://bugzilla.suse.com/1232345"
},
{
"category": "self",
"summary": "SUSE Bug 1232349",
"url": "https://bugzilla.suse.com/1232349"
},
{
"category": "self",
"summary": "SUSE Bug 1232352",
"url": "https://bugzilla.suse.com/1232352"
},
{
"category": "self",
"summary": "SUSE Bug 1232354",
"url": "https://bugzilla.suse.com/1232354"
},
{
"category": "self",
"summary": "SUSE Bug 1232355",
"url": "https://bugzilla.suse.com/1232355"
},
{
"category": "self",
"summary": "SUSE Bug 1232357",
"url": "https://bugzilla.suse.com/1232357"
},
{
"category": "self",
"summary": "SUSE Bug 1232358",
"url": "https://bugzilla.suse.com/1232358"
},
{
"category": "self",
"summary": "SUSE Bug 1232359",
"url": "https://bugzilla.suse.com/1232359"
},
{
"category": "self",
"summary": "SUSE Bug 1232361",
"url": "https://bugzilla.suse.com/1232361"
},
{
"category": "self",
"summary": "SUSE Bug 1232362",
"url": "https://bugzilla.suse.com/1232362"
},
{
"category": "self",
"summary": "SUSE Bug 1232366",
"url": "https://bugzilla.suse.com/1232366"
},
{
"category": "self",
"summary": "SUSE Bug 1232367",
"url": "https://bugzilla.suse.com/1232367"
},
{
"category": "self",
"summary": "SUSE Bug 1232368",
"url": "https://bugzilla.suse.com/1232368"
},
{
"category": "self",
"summary": "SUSE Bug 1232369",
"url": "https://bugzilla.suse.com/1232369"
},
{
"category": "self",
"summary": "SUSE Bug 1232370",
"url": "https://bugzilla.suse.com/1232370"
},
{
"category": "self",
"summary": "SUSE Bug 1232371",
"url": "https://bugzilla.suse.com/1232371"
},
{
"category": "self",
"summary": "SUSE Bug 1232374",
"url": "https://bugzilla.suse.com/1232374"
},
{
"category": "self",
"summary": "SUSE Bug 1232378",
"url": "https://bugzilla.suse.com/1232378"
},
{
"category": "self",
"summary": "SUSE Bug 1232381",
"url": "https://bugzilla.suse.com/1232381"
},
{
"category": "self",
"summary": "SUSE Bug 1232383",
"url": "https://bugzilla.suse.com/1232383"
},
{
"category": "self",
"summary": "SUSE Bug 1232385",
"url": "https://bugzilla.suse.com/1232385"
},
{
"category": "self",
"summary": "SUSE Bug 1232386",
"url": "https://bugzilla.suse.com/1232386"
},
{
"category": "self",
"summary": "SUSE Bug 1232387",
"url": "https://bugzilla.suse.com/1232387"
},
{
"category": "self",
"summary": "SUSE Bug 1232392",
"url": "https://bugzilla.suse.com/1232392"
},
{
"category": "self",
"summary": "SUSE Bug 1232394",
"url": "https://bugzilla.suse.com/1232394"
},
{
"category": "self",
"summary": "SUSE Bug 1232395",
"url": "https://bugzilla.suse.com/1232395"
},
{
"category": "self",
"summary": "SUSE Bug 1232396",
"url": "https://bugzilla.suse.com/1232396"
},
{
"category": "self",
"summary": "SUSE Bug 1232413",
"url": "https://bugzilla.suse.com/1232413"
},
{
"category": "self",
"summary": "SUSE Bug 1232416",
"url": "https://bugzilla.suse.com/1232416"
},
{
"category": "self",
"summary": "SUSE Bug 1232417",
"url": "https://bugzilla.suse.com/1232417"
},
{
"category": "self",
"summary": "SUSE Bug 1232418",
"url": "https://bugzilla.suse.com/1232418"
},
{
"category": "self",
"summary": "SUSE Bug 1232424",
"url": "https://bugzilla.suse.com/1232424"
},
{
"category": "self",
"summary": "SUSE Bug 1232427",
"url": "https://bugzilla.suse.com/1232427"
},
{
"category": "self",
"summary": "SUSE Bug 1232432",
"url": "https://bugzilla.suse.com/1232432"
},
{
"category": "self",
"summary": "SUSE Bug 1232435",
"url": "https://bugzilla.suse.com/1232435"
},
{
"category": "self",
"summary": "SUSE Bug 1232436",
"url": "https://bugzilla.suse.com/1232436"
},
{
"category": "self",
"summary": "SUSE Bug 1232442",
"url": "https://bugzilla.suse.com/1232442"
},
{
"category": "self",
"summary": "SUSE Bug 1232446",
"url": "https://bugzilla.suse.com/1232446"
},
{
"category": "self",
"summary": "SUSE Bug 1232483",
"url": "https://bugzilla.suse.com/1232483"
},
{
"category": "self",
"summary": "SUSE Bug 1232494",
"url": "https://bugzilla.suse.com/1232494"
},
{
"category": "self",
"summary": "SUSE Bug 1232498",
"url": "https://bugzilla.suse.com/1232498"
},
{
"category": "self",
"summary": "SUSE Bug 1232499",
"url": "https://bugzilla.suse.com/1232499"
},
{
"category": "self",
"summary": "SUSE Bug 1232500",
"url": "https://bugzilla.suse.com/1232500"
},
{
"category": "self",
"summary": "SUSE Bug 1232501",
"url": "https://bugzilla.suse.com/1232501"
},
{
"category": "self",
"summary": "SUSE Bug 1232502",
"url": "https://bugzilla.suse.com/1232502"
},
{
"category": "self",
"summary": "SUSE Bug 1232503",
"url": "https://bugzilla.suse.com/1232503"
},
{
"category": "self",
"summary": "SUSE Bug 1232504",
"url": "https://bugzilla.suse.com/1232504"
},
{
"category": "self",
"summary": "SUSE Bug 1232505",
"url": "https://bugzilla.suse.com/1232505"
},
{
"category": "self",
"summary": "SUSE Bug 1232506",
"url": "https://bugzilla.suse.com/1232506"
},
{
"category": "self",
"summary": "SUSE Bug 1232507",
"url": "https://bugzilla.suse.com/1232507"
},
{
"category": "self",
"summary": "SUSE Bug 1232511",
"url": "https://bugzilla.suse.com/1232511"
},
{
"category": "self",
"summary": "SUSE Bug 1232519",
"url": "https://bugzilla.suse.com/1232519"
},
{
"category": "self",
"summary": "SUSE Bug 1232520",
"url": "https://bugzilla.suse.com/1232520"
},
{
"category": "self",
"summary": "SUSE Bug 1232529",
"url": "https://bugzilla.suse.com/1232529"
},
{
"category": "self",
"summary": "SUSE Bug 1232552",
"url": "https://bugzilla.suse.com/1232552"
},
{
"category": "self",
"summary": "SUSE Bug 1232623",
"url": "https://bugzilla.suse.com/1232623"
},
{
"category": "self",
"summary": "SUSE Bug 1232626",
"url": "https://bugzilla.suse.com/1232626"
},
{
"category": "self",
"summary": "SUSE Bug 1232627",
"url": "https://bugzilla.suse.com/1232627"
},
{
"category": "self",
"summary": "SUSE Bug 1232628",
"url": "https://bugzilla.suse.com/1232628"
},
{
"category": "self",
"summary": "SUSE Bug 1232629",
"url": "https://bugzilla.suse.com/1232629"
},
{
"category": "self",
"summary": "SUSE Bug 1232704",
"url": "https://bugzilla.suse.com/1232704"
},
{
"category": "self",
"summary": "SUSE Bug 1232757",
"url": "https://bugzilla.suse.com/1232757"
},
{
"category": "self",
"summary": "SUSE Bug 1232768",
"url": "https://bugzilla.suse.com/1232768"
},
{
"category": "self",
"summary": "SUSE Bug 1232819",
"url": "https://bugzilla.suse.com/1232819"
},
{
"category": "self",
"summary": "SUSE Bug 1232823",
"url": "https://bugzilla.suse.com/1232823"
},
{
"category": "self",
"summary": "SUSE Bug 1232860",
"url": "https://bugzilla.suse.com/1232860"
},
{
"category": "self",
"summary": "SUSE Bug 1232869",
"url": "https://bugzilla.suse.com/1232869"
},
{
"category": "self",
"summary": "SUSE Bug 1232870",
"url": "https://bugzilla.suse.com/1232870"
},
{
"category": "self",
"summary": "SUSE Bug 1232873",
"url": "https://bugzilla.suse.com/1232873"
},
{
"category": "self",
"summary": "SUSE Bug 1232876",
"url": "https://bugzilla.suse.com/1232876"
},
{
"category": "self",
"summary": "SUSE Bug 1232877",
"url": "https://bugzilla.suse.com/1232877"
},
{
"category": "self",
"summary": "SUSE Bug 1232878",
"url": "https://bugzilla.suse.com/1232878"
},
{
"category": "self",
"summary": "SUSE Bug 1232880",
"url": "https://bugzilla.suse.com/1232880"
},
{
"category": "self",
"summary": "SUSE Bug 1232881",
"url": "https://bugzilla.suse.com/1232881"
},
{
"category": "self",
"summary": "SUSE Bug 1232884",
"url": "https://bugzilla.suse.com/1232884"
},
{
"category": "self",
"summary": "SUSE Bug 1232885",
"url": "https://bugzilla.suse.com/1232885"
},
{
"category": "self",
"summary": "SUSE Bug 1232887",
"url": "https://bugzilla.suse.com/1232887"
},
{
"category": "self",
"summary": "SUSE Bug 1232888",
"url": "https://bugzilla.suse.com/1232888"
},
{
"category": "self",
"summary": "SUSE Bug 1232890",
"url": "https://bugzilla.suse.com/1232890"
},
{
"category": "self",
"summary": "SUSE Bug 1232892",
"url": "https://bugzilla.suse.com/1232892"
},
{
"category": "self",
"summary": "SUSE Bug 1232894",
"url": "https://bugzilla.suse.com/1232894"
},
{
"category": "self",
"summary": "SUSE Bug 1232896",
"url": "https://bugzilla.suse.com/1232896"
},
{
"category": "self",
"summary": "SUSE Bug 1232897",
"url": "https://bugzilla.suse.com/1232897"
},
{
"category": "self",
"summary": "SUSE Bug 1232905",
"url": "https://bugzilla.suse.com/1232905"
},
{
"category": "self",
"summary": "SUSE Bug 1232907",
"url": "https://bugzilla.suse.com/1232907"
},
{
"category": "self",
"summary": "SUSE Bug 1232914",
"url": "https://bugzilla.suse.com/1232914"
},
{
"category": "self",
"summary": "SUSE Bug 1232919",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "self",
"summary": "SUSE Bug 1232925",
"url": "https://bugzilla.suse.com/1232925"
},
{
"category": "self",
"summary": "SUSE Bug 1232926",
"url": "https://bugzilla.suse.com/1232926"
},
{
"category": "self",
"summary": "SUSE Bug 1232928",
"url": "https://bugzilla.suse.com/1232928"
},
{
"category": "self",
"summary": "SUSE Bug 1232935",
"url": "https://bugzilla.suse.com/1232935"
},
{
"category": "self",
"summary": "SUSE Bug 1233029",
"url": "https://bugzilla.suse.com/1233029"
},
{
"category": "self",
"summary": "SUSE Bug 1233032",
"url": "https://bugzilla.suse.com/1233032"
},
{
"category": "self",
"summary": "SUSE Bug 1233035",
"url": "https://bugzilla.suse.com/1233035"
},
{
"category": "self",
"summary": "SUSE Bug 1233036",
"url": "https://bugzilla.suse.com/1233036"
},
{
"category": "self",
"summary": "SUSE Bug 1233041",
"url": "https://bugzilla.suse.com/1233041"
},
{
"category": "self",
"summary": "SUSE Bug 1233044",
"url": "https://bugzilla.suse.com/1233044"
},
{
"category": "self",
"summary": "SUSE Bug 1233049",
"url": "https://bugzilla.suse.com/1233049"
},
{
"category": "self",
"summary": "SUSE Bug 1233050",
"url": "https://bugzilla.suse.com/1233050"
},
{
"category": "self",
"summary": "SUSE Bug 1233051",
"url": "https://bugzilla.suse.com/1233051"
},
{
"category": "self",
"summary": "SUSE Bug 1233056",
"url": "https://bugzilla.suse.com/1233056"
},
{
"category": "self",
"summary": "SUSE Bug 1233057",
"url": "https://bugzilla.suse.com/1233057"
},
{
"category": "self",
"summary": "SUSE Bug 1233061",
"url": "https://bugzilla.suse.com/1233061"
},
{
"category": "self",
"summary": "SUSE Bug 1233062",
"url": "https://bugzilla.suse.com/1233062"
},
{
"category": "self",
"summary": "SUSE Bug 1233063",
"url": "https://bugzilla.suse.com/1233063"
},
{
"category": "self",
"summary": "SUSE Bug 1233065",
"url": "https://bugzilla.suse.com/1233065"
},
{
"category": "self",
"summary": "SUSE Bug 1233067",
"url": "https://bugzilla.suse.com/1233067"
},
{
"category": "self",
"summary": "SUSE Bug 1233070",
"url": "https://bugzilla.suse.com/1233070"
},
{
"category": "self",
"summary": "SUSE Bug 1233073",
"url": "https://bugzilla.suse.com/1233073"
},
{
"category": "self",
"summary": "SUSE Bug 1233074",
"url": "https://bugzilla.suse.com/1233074"
},
{
"category": "self",
"summary": "SUSE Bug 1233088",
"url": "https://bugzilla.suse.com/1233088"
},
{
"category": "self",
"summary": "SUSE Bug 1233091",
"url": "https://bugzilla.suse.com/1233091"
},
{
"category": "self",
"summary": "SUSE Bug 1233092",
"url": "https://bugzilla.suse.com/1233092"
},
{
"category": "self",
"summary": "SUSE Bug 1233097",
"url": "https://bugzilla.suse.com/1233097"
},
{
"category": "self",
"summary": "SUSE Bug 1233100",
"url": "https://bugzilla.suse.com/1233100"
},
{
"category": "self",
"summary": "SUSE Bug 1233103",
"url": "https://bugzilla.suse.com/1233103"
},
{
"category": "self",
"summary": "SUSE Bug 1233104",
"url": "https://bugzilla.suse.com/1233104"
},
{
"category": "self",
"summary": "SUSE Bug 1233105",
"url": "https://bugzilla.suse.com/1233105"
},
{
"category": "self",
"summary": "SUSE Bug 1233106",
"url": "https://bugzilla.suse.com/1233106"
},
{
"category": "self",
"summary": "SUSE Bug 1233107",
"url": "https://bugzilla.suse.com/1233107"
},
{
"category": "self",
"summary": "SUSE Bug 1233108",
"url": "https://bugzilla.suse.com/1233108"
},
{
"category": "self",
"summary": "SUSE Bug 1233110",
"url": "https://bugzilla.suse.com/1233110"
},
{
"category": "self",
"summary": "SUSE Bug 1233111",
"url": "https://bugzilla.suse.com/1233111"
},
{
"category": "self",
"summary": "SUSE Bug 1233113",
"url": "https://bugzilla.suse.com/1233113"
},
{
"category": "self",
"summary": "SUSE Bug 1233114",
"url": "https://bugzilla.suse.com/1233114"
},
{
"category": "self",
"summary": "SUSE Bug 1233115",
"url": "https://bugzilla.suse.com/1233115"
},
{
"category": "self",
"summary": "SUSE Bug 1233117",
"url": "https://bugzilla.suse.com/1233117"
},
{
"category": "self",
"summary": "SUSE Bug 1233119",
"url": "https://bugzilla.suse.com/1233119"
},
{
"category": "self",
"summary": "SUSE Bug 1233123",
"url": "https://bugzilla.suse.com/1233123"
},
{
"category": "self",
"summary": "SUSE Bug 1233125",
"url": "https://bugzilla.suse.com/1233125"
},
{
"category": "self",
"summary": "SUSE Bug 1233127",
"url": "https://bugzilla.suse.com/1233127"
},
{
"category": "self",
"summary": "SUSE Bug 1233129",
"url": "https://bugzilla.suse.com/1233129"
},
{
"category": "self",
"summary": "SUSE Bug 1233130",
"url": "https://bugzilla.suse.com/1233130"
},
{
"category": "self",
"summary": "SUSE Bug 1233132",
"url": "https://bugzilla.suse.com/1233132"
},
{
"category": "self",
"summary": "SUSE Bug 1233135",
"url": "https://bugzilla.suse.com/1233135"
},
{
"category": "self",
"summary": "SUSE Bug 1233176",
"url": "https://bugzilla.suse.com/1233176"
},
{
"category": "self",
"summary": "SUSE Bug 1233179",
"url": "https://bugzilla.suse.com/1233179"
},
{
"category": "self",
"summary": "SUSE Bug 1233185",
"url": "https://bugzilla.suse.com/1233185"
},
{
"category": "self",
"summary": "SUSE Bug 1233188",
"url": "https://bugzilla.suse.com/1233188"
},
{
"category": "self",
"summary": "SUSE Bug 1233189",
"url": "https://bugzilla.suse.com/1233189"
},
{
"category": "self",
"summary": "SUSE Bug 1233191",
"url": "https://bugzilla.suse.com/1233191"
},
{
"category": "self",
"summary": "SUSE Bug 1233193",
"url": "https://bugzilla.suse.com/1233193"
},
{
"category": "self",
"summary": "SUSE Bug 1233197",
"url": "https://bugzilla.suse.com/1233197"
},
{
"category": "self",
"summary": "SUSE Bug 1233201",
"url": "https://bugzilla.suse.com/1233201"
},
{
"category": "self",
"summary": "SUSE Bug 1233203",
"url": "https://bugzilla.suse.com/1233203"
},
{
"category": "self",
"summary": "SUSE Bug 1233204",
"url": "https://bugzilla.suse.com/1233204"
},
{
"category": "self",
"summary": "SUSE Bug 1233205",
"url": "https://bugzilla.suse.com/1233205"
},
{
"category": "self",
"summary": "SUSE Bug 1233206",
"url": "https://bugzilla.suse.com/1233206"
},
{
"category": "self",
"summary": "SUSE Bug 1233207",
"url": "https://bugzilla.suse.com/1233207"
},
{
"category": "self",
"summary": "SUSE Bug 1233208",
"url": "https://bugzilla.suse.com/1233208"
},
{
"category": "self",
"summary": "SUSE Bug 1233209",
"url": "https://bugzilla.suse.com/1233209"
},
{
"category": "self",
"summary": "SUSE Bug 1233210",
"url": "https://bugzilla.suse.com/1233210"
},
{
"category": "self",
"summary": "SUSE Bug 1233211",
"url": "https://bugzilla.suse.com/1233211"
},
{
"category": "self",
"summary": "SUSE Bug 1233212",
"url": "https://bugzilla.suse.com/1233212"
},
{
"category": "self",
"summary": "SUSE Bug 1233216",
"url": "https://bugzilla.suse.com/1233216"
},
{
"category": "self",
"summary": "SUSE Bug 1233217",
"url": "https://bugzilla.suse.com/1233217"
},
{
"category": "self",
"summary": "SUSE Bug 1233219",
"url": "https://bugzilla.suse.com/1233219"
},
{
"category": "self",
"summary": "SUSE Bug 1233226",
"url": "https://bugzilla.suse.com/1233226"
},
{
"category": "self",
"summary": "SUSE Bug 1233238",
"url": "https://bugzilla.suse.com/1233238"
},
{
"category": "self",
"summary": "SUSE Bug 1233241",
"url": "https://bugzilla.suse.com/1233241"
},
{
"category": "self",
"summary": "SUSE Bug 1233244",
"url": "https://bugzilla.suse.com/1233244"
},
{
"category": "self",
"summary": "SUSE Bug 1233253",
"url": "https://bugzilla.suse.com/1233253"
},
{
"category": "self",
"summary": "SUSE Bug 1233255",
"url": "https://bugzilla.suse.com/1233255"
},
{
"category": "self",
"summary": "SUSE Bug 1233293",
"url": "https://bugzilla.suse.com/1233293"
},
{
"category": "self",
"summary": "SUSE Bug 1233298",
"url": "https://bugzilla.suse.com/1233298"
},
{
"category": "self",
"summary": "SUSE Bug 1233305",
"url": "https://bugzilla.suse.com/1233305"
},
{
"category": "self",
"summary": "SUSE Bug 1233320",
"url": "https://bugzilla.suse.com/1233320"
},
{
"category": "self",
"summary": "SUSE Bug 1233350",
"url": "https://bugzilla.suse.com/1233350"
},
{
"category": "self",
"summary": "SUSE Bug 1233443",
"url": "https://bugzilla.suse.com/1233443"
},
{
"category": "self",
"summary": "SUSE Bug 1233452",
"url": "https://bugzilla.suse.com/1233452"
},
{
"category": "self",
"summary": "SUSE Bug 1233453",
"url": "https://bugzilla.suse.com/1233453"
},
{
"category": "self",
"summary": "SUSE Bug 1233454",
"url": "https://bugzilla.suse.com/1233454"
},
{
"category": "self",
"summary": "SUSE Bug 1233456",
"url": "https://bugzilla.suse.com/1233456"
},
{
"category": "self",
"summary": "SUSE Bug 1233457",
"url": "https://bugzilla.suse.com/1233457"
},
{
"category": "self",
"summary": "SUSE Bug 1233458",
"url": "https://bugzilla.suse.com/1233458"
},
{
"category": "self",
"summary": "SUSE Bug 1233460",
"url": "https://bugzilla.suse.com/1233460"
},
{
"category": "self",
"summary": "SUSE Bug 1233462",
"url": "https://bugzilla.suse.com/1233462"
},
{
"category": "self",
"summary": "SUSE Bug 1233463",
"url": "https://bugzilla.suse.com/1233463"
},
{
"category": "self",
"summary": "SUSE Bug 1233464",
"url": "https://bugzilla.suse.com/1233464"
},
{
"category": "self",
"summary": "SUSE Bug 1233465",
"url": "https://bugzilla.suse.com/1233465"
},
{
"category": "self",
"summary": "SUSE Bug 1233468",
"url": "https://bugzilla.suse.com/1233468"
},
{
"category": "self",
"summary": "SUSE Bug 1233471",
"url": "https://bugzilla.suse.com/1233471"
},
{
"category": "self",
"summary": "SUSE Bug 1233476",
"url": "https://bugzilla.suse.com/1233476"
},
{
"category": "self",
"summary": "SUSE Bug 1233478",
"url": "https://bugzilla.suse.com/1233478"
},
{
"category": "self",
"summary": "SUSE Bug 1233479",
"url": "https://bugzilla.suse.com/1233479"
},
{
"category": "self",
"summary": "SUSE Bug 1233481",
"url": "https://bugzilla.suse.com/1233481"
},
{
"category": "self",
"summary": "SUSE Bug 1233484",
"url": "https://bugzilla.suse.com/1233484"
},
{
"category": "self",
"summary": "SUSE Bug 1233485",
"url": "https://bugzilla.suse.com/1233485"
},
{
"category": "self",
"summary": "SUSE Bug 1233487",
"url": "https://bugzilla.suse.com/1233487"
},
{
"category": "self",
"summary": "SUSE Bug 1233490",
"url": "https://bugzilla.suse.com/1233490"
},
{
"category": "self",
"summary": "SUSE Bug 1233491",
"url": "https://bugzilla.suse.com/1233491"
},
{
"category": "self",
"summary": "SUSE Bug 1233523",
"url": "https://bugzilla.suse.com/1233523"
},
{
"category": "self",
"summary": "SUSE Bug 1233524",
"url": "https://bugzilla.suse.com/1233524"
},
{
"category": "self",
"summary": "SUSE Bug 1233540",
"url": "https://bugzilla.suse.com/1233540"
},
{
"category": "self",
"summary": "SUSE Bug 1233547",
"url": "https://bugzilla.suse.com/1233547"
},
{
"category": "self",
"summary": "SUSE Bug 1233548",
"url": "https://bugzilla.suse.com/1233548"
},
{
"category": "self",
"summary": "SUSE Bug 1233550",
"url": "https://bugzilla.suse.com/1233550"
},
{
"category": "self",
"summary": "SUSE Bug 1233552",
"url": "https://bugzilla.suse.com/1233552"
},
{
"category": "self",
"summary": "SUSE Bug 1233553",
"url": "https://bugzilla.suse.com/1233553"
},
{
"category": "self",
"summary": "SUSE Bug 1233554",
"url": "https://bugzilla.suse.com/1233554"
},
{
"category": "self",
"summary": "SUSE Bug 1233555",
"url": "https://bugzilla.suse.com/1233555"
},
{
"category": "self",
"summary": "SUSE Bug 1233557",
"url": "https://bugzilla.suse.com/1233557"
},
{
"category": "self",
"summary": "SUSE Bug 1233560",
"url": "https://bugzilla.suse.com/1233560"
},
{
"category": "self",
"summary": "SUSE Bug 1233561",
"url": "https://bugzilla.suse.com/1233561"
},
{
"category": "self",
"summary": "SUSE Bug 1233564",
"url": "https://bugzilla.suse.com/1233564"
},
{
"category": "self",
"summary": "SUSE Bug 1233566",
"url": "https://bugzilla.suse.com/1233566"
},
{
"category": "self",
"summary": "SUSE Bug 1233567",
"url": "https://bugzilla.suse.com/1233567"
},
{
"category": "self",
"summary": "SUSE Bug 1233568",
"url": "https://bugzilla.suse.com/1233568"
},
{
"category": "self",
"summary": "SUSE Bug 1233570",
"url": "https://bugzilla.suse.com/1233570"
},
{
"category": "self",
"summary": "SUSE Bug 1233572",
"url": "https://bugzilla.suse.com/1233572"
},
{
"category": "self",
"summary": "SUSE Bug 1233573",
"url": "https://bugzilla.suse.com/1233573"
},
{
"category": "self",
"summary": "SUSE Bug 1233577",
"url": "https://bugzilla.suse.com/1233577"
},
{
"category": "self",
"summary": "SUSE Bug 1233580",
"url": "https://bugzilla.suse.com/1233580"
},
{
"category": "self",
"summary": "SUSE Bug 1233640",
"url": "https://bugzilla.suse.com/1233640"
},
{
"category": "self",
"summary": "SUSE Bug 1233641",
"url": "https://bugzilla.suse.com/1233641"
},
{
"category": "self",
"summary": "SUSE Bug 1233642",
"url": "https://bugzilla.suse.com/1233642"
},
{
"category": "self",
"summary": "SUSE Bug 1233721",
"url": "https://bugzilla.suse.com/1233721"
},
{
"category": "self",
"summary": "SUSE Bug 1233754",
"url": "https://bugzilla.suse.com/1233754"
},
{
"category": "self",
"summary": "SUSE Bug 1233756",
"url": "https://bugzilla.suse.com/1233756"
},
{
"category": "self",
"summary": "SUSE Bug 1233769",
"url": "https://bugzilla.suse.com/1233769"
},
{
"category": "self",
"summary": "SUSE Bug 1233771",
"url": "https://bugzilla.suse.com/1233771"
},
{
"category": "self",
"summary": "SUSE Bug 1233977",
"url": "https://bugzilla.suse.com/1233977"
},
{
"category": "self",
"summary": "SUSE Bug 1234009",
"url": "https://bugzilla.suse.com/1234009"
},
{
"category": "self",
"summary": "SUSE Bug 1234011",
"url": "https://bugzilla.suse.com/1234011"
},
{
"category": "self",
"summary": "SUSE Bug 1234012",
"url": "https://bugzilla.suse.com/1234012"
},
{
"category": "self",
"summary": "SUSE Bug 1234025",
"url": "https://bugzilla.suse.com/1234025"
},
{
"category": "self",
"summary": "SUSE Bug 1234039",
"url": "https://bugzilla.suse.com/1234039"
},
{
"category": "self",
"summary": "SUSE Bug 1234040",
"url": "https://bugzilla.suse.com/1234040"
},
{
"category": "self",
"summary": "SUSE Bug 1234041",
"url": "https://bugzilla.suse.com/1234041"
},
{
"category": "self",
"summary": "SUSE Bug 1234042",
"url": "https://bugzilla.suse.com/1234042"
},
{
"category": "self",
"summary": "SUSE Bug 1234043",
"url": "https://bugzilla.suse.com/1234043"
},
{
"category": "self",
"summary": "SUSE Bug 1234044",
"url": "https://bugzilla.suse.com/1234044"
},
{
"category": "self",
"summary": "SUSE Bug 1234045",
"url": "https://bugzilla.suse.com/1234045"
},
{
"category": "self",
"summary": "SUSE Bug 1234046",
"url": "https://bugzilla.suse.com/1234046"
},
{
"category": "self",
"summary": "SUSE Bug 1234072",
"url": "https://bugzilla.suse.com/1234072"
},
{
"category": "self",
"summary": "SUSE Bug 1234078",
"url": "https://bugzilla.suse.com/1234078"
},
{
"category": "self",
"summary": "SUSE Bug 1234081",
"url": "https://bugzilla.suse.com/1234081"
},
{
"category": "self",
"summary": "SUSE Bug 1234083",
"url": "https://bugzilla.suse.com/1234083"
},
{
"category": "self",
"summary": "SUSE Bug 1234085",
"url": "https://bugzilla.suse.com/1234085"
},
{
"category": "self",
"summary": "SUSE Bug 1234087",
"url": "https://bugzilla.suse.com/1234087"
},
{
"category": "self",
"summary": "SUSE Bug 1234093",
"url": "https://bugzilla.suse.com/1234093"
},
{
"category": "self",
"summary": "SUSE Bug 1234098",
"url": "https://bugzilla.suse.com/1234098"
},
{
"category": "self",
"summary": "SUSE Bug 1234108",
"url": "https://bugzilla.suse.com/1234108"
},
{
"category": "self",
"summary": "SUSE Bug 1234121",
"url": "https://bugzilla.suse.com/1234121"
},
{
"category": "self",
"summary": "SUSE Bug 1234223",
"url": "https://bugzilla.suse.com/1234223"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52766 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52766/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52778 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52778/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52800 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52800/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52881 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52917 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52917/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52918 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52918/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52919 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52919/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52920 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52920/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52921 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52921/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52922 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52922/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-6270 page",
"url": "https://www.suse.com/security/cve/CVE-2023-6270/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26596 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26596/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26703 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26741 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26741/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26758 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26758/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26761 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26761/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26767 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26767/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26782 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26864 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26943 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26943/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26953 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26953/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27017 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27017/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27026 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27026/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27043 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27043/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27407 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27407/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35888 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35888/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35980 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36000 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36000/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36031 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36031/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36244 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36244/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36484 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36484/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36883 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36883/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36886 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36886/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36905 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36920 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36920/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36927 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36927/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36954 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36954/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36968 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36968/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38576 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38576/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38577 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38577/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38589 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38589/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38599 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38599/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40914 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41016 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41016/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41023 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41023/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41031 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41031/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41047 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41047/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41082 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41082/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42102 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42102/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42145 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42145/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44932 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44932/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44958 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44958/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44964 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44964/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44995 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44995/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45016 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45016/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45025 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45025/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46678 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46678/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46680 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46681 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46721 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46721/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46754 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46765 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46765/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46766 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46766/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46770 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46770/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46775 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46775/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46777 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46777/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46788 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46788/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46797 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46800 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46800/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46802 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46802/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46803 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46803/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46804 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46804/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46805 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46805/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46806 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46806/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46807 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46807/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46809 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46809/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46810 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46811 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46811/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46812 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46812/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46813 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46814 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46815 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46815/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46816 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46816/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46817 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46817/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46818 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46818/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46819 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46819/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46821 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46825 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46825/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46826 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46826/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46827 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46828 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46830 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46831 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46834 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46835 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46836 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46836/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46840 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46840/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46841 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46841/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46842 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46842/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46843 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46843/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46845 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46845/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46846 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46846/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46848 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46848/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46849 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46849/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46851 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46851/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46852 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46852/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46853 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46853/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46854 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46854/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46855 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46855/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46857 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46857/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46859 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46859/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46860 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46860/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46861 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46864 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46870 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46871 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46871/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47658 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47658/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47660 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47660/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47661 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47661/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47662 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47662/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47663 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47663/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47664 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47664/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47665 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47665/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47666 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47666/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47667 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47667/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47668 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47669 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47669/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47670 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47671 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47671/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47672 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47672/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47673 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47674 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47674/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47675 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47675/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47679 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47679/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47681 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47682 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47682/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47684 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47684/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47685 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47685/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47686 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47686/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47687 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47688 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47688/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47692 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47692/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47693 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47695 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47695/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47696 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47696/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47697 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47698 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47698/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47699 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47701 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47702 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47703 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47704 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47704/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47705 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47705/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47706 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47706/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47707 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47707/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47709 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47709/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47710 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47710/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47712 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47712/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47713 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47714 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47715 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47718 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47719 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47720 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47720/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47723 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47727 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47728 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47730 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47730/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47731 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47731/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47732 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47735 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47737 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47737/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47738 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47739 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47741 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47741/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47742 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47742/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47743 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47743/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47744 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47744/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47745 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47745/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47747 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47747/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47748 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47748/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47749 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47749/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47750 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47750/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47751 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47751/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47752 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47753 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47754 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47756 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47756/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47757 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47757/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49850 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49850/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49851 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49851/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49852 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49852/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49853 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49853/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49855 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49855/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49858 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49860 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49860/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49861 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49862 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49862/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49863 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49863/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49864 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49866 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49866/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49867 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49867/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49868 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49868/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49870 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49871 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49871/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49874 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49875 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49877 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49877/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49878 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49878/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49879 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49879/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49881 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49882 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49882/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49883 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49883/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49884 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49886 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49886/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49888 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49888/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49890 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49891 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49891/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49892 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49892/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49894 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49894/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49895 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49895/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49896 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49896/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49897 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49897/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49898 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49898/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49899 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49899/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49900 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49900/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49901 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49901/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49902 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49902/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49903 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49903/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49905 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49906 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49906/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49907 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49907/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49908 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49908/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49909 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49909/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49911 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49912 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49912/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49913 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49914 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49917 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49917/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49918 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49918/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49919 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49919/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49920 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49920/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49921 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49921/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49922 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49922/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49923 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49923/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49925 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49925/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49928 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49928/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49929 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49929/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49930 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49930/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49931 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49931/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49933 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49933/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49934 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49935 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49935/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49936 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49936/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49937 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49937/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49938 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49938/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49939 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49939/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49944 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49944/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49945 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49945/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49946 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49946/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49947 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49949 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49949/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49950 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49950/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49952 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49952/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49953 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49953/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49954 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49954/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49955 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49955/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49957 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49957/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49958 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49958/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49959 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49959/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49960 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49960/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49961 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49961/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49962 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49962/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49963 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49963/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49965 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49965/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49966 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49966/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49967 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49967/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49968 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49968/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49969 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49969/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49972 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49972/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49973 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49973/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49974 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49975 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49975/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49976 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49976/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49981 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49981/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49982 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49982/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49983 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49983/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49985 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49985/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49986 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49986/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49987 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49987/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49989 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49989/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49991 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49991/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49993 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49993/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49995 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49995/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49996 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50000 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50000/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50001 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50001/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50002 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50002/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50003 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50003/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50004 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50004/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50006 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50006/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50007 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50007/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50008 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50008/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50009 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50012 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50012/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50013 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50014 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50014/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50015 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50015/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50017 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50017/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50019 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50019/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50020 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50020/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50021 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50021/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50022 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50022/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50023 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50023/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50024 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50024/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50025 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50025/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50026 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50026/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50027 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50027/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50028 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50028/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50031 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50031/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50033 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50033/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50035 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50035/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50040 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50040/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50041 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50041/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50042 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50042/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50044 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50044/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50045 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50045/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50046 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50046/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50047 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50047/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50048 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50048/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50049 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50049/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50055 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50058 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50059 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50059/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50060 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50061 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50062 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50062/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50063 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50064 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50064/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50067 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50067/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50069 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50069/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50073 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50073/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50074 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50074/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50075 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50075/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50076 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50077 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50077/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50078 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50080 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50081 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50081/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50082 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50082/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50084 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50084/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50087 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50087/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50088 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50089 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50089/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50093 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50093/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50095 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50095/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50096 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50098 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50098/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50099 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50099/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50100 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50100/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50101 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50101/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50102 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50102/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50103 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50103/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50108 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50108/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50110 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50110/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50115 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50116 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50116/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50117 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50117/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50121 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50121/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50124 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50124/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50125 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50127 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50127/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50128 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50128/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50130 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50130/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50131 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50131/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50134 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50134/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50135 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50136 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50138 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50138/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50139 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50139/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50141 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50141/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50145 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50145/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50146 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50146/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50147 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50147/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50148 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50148/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50150 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50150/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50153 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50153/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50154 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50155 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50155/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50156 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50156/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50157 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50157/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50158 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50158/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50159 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50160 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50160/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50166 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50166/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50167 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50167/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50169 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50169/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50171 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50171/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50172 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50172/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50175 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50175/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50176 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50176/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50177 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50179 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50179/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50180 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50180/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50181 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50182 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50182/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50183 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50183/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50184 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50184/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50186 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50187 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50187/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50188 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50188/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50189 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50189/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50192 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50192/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50194 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50194/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50195 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50195/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50196 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50196/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50198 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50198/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50200 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50200/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50201 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50201/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50205 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50205/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50208 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50208/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50209 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50209/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50210 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50210/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50215 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50215/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50216 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50216/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50218 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50218/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50221 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50221/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50224/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50225 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50225/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50228 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50228/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50229 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50229/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50230 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50230/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50231 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50231/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50232 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50232/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50233 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50233/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50234 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50234/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50235 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50235/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50236 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50236/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50237 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50237/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50240 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50240/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50245 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50245/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50246 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50246/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50248 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50248/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50249 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50249/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50250 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50250/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50252 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50252/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50255 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50255/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50257 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50257/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50261 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50261/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50264 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50264/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50265 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50265/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50267 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50267/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50268 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50268/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50269 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50269/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50271 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50271/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50273 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50273/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50274 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50274/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50275 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50275/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50276 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50276/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50279 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50279/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50282 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50282/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50287 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50287/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50289 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50289/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50290 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50290/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50292 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50292/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50295 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50295/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50296 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50296/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50298 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50298/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50301 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50301/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50302 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50302/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53042 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53042/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53043 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53043/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53045 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53045/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53048 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53048/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53051 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53052 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53055 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53056 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53058 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53059 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53059/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53060 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53061 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53063 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53066 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53066/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53068 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53072 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53072/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53074 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53074/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53076 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53079 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53081 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53081/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53082 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53082/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53085 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53088 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53093 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53093/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53094 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53094/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53095 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53095/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53096 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53100 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53100/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53101 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53101/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53104 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53104/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53106 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53106/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53108 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53108/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53110 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53110/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53112 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53112/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53114 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53114/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53121 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53121/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53138 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53138/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-03-27T12:56:22Z",
"generator": {
"date": "2025-03-27T12:56:22Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20163-1",
"initial_release_date": "2025-03-27T12:56:22Z",
"revision_history": [
{
"date": "2025-03-27T12:56:22Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-6.4.0-22.1.noarch",
"product": {
"name": "kernel-devel-rt-6.4.0-22.1.noarch",
"product_id": "kernel-devel-rt-6.4.0-22.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-6.4.0-22.1.noarch",
"product": {
"name": "kernel-source-rt-6.4.0-22.1.noarch",
"product_id": "kernel-source-rt-6.4.0-22.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-6.4.0-22.1.x86_64",
"product": {
"name": "kernel-rt-6.4.0-22.1.x86_64",
"product_id": "kernel-rt-6.4.0-22.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-6.4.0-22.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-6.4.0-22.1.x86_64",
"product_id": "kernel-rt-livepatch-6.4.0-22.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-rt-6.4.0-22.1.noarch as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch"
},
"product_reference": "kernel-devel-rt-6.4.0-22.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-6.4.0-22.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64"
},
"product_reference": "kernel-rt-6.4.0-22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-livepatch-6.4.0-22.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64"
},
"product_reference": "kernel-rt-livepatch-6.4.0-22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-6.4.0-22.1.noarch as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
},
"product_reference": "kernel-source-rt-6.4.0-22.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-52766",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52766"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler\n\nDo not loop over ring headers in hci_dma_irq_handler() that are not\nallocated and enabled in hci_dma_init(). Otherwise out of bounds access\nwill occur from rings-\u003eheaders[i] access when i \u003e= number of allocated\nring headers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52766",
"url": "https://www.suse.com/security/cve/CVE-2023-52766"
},
{
"category": "external",
"summary": "SUSE Bug 1230620 for CVE-2023-52766",
"url": "https://bugzilla.suse.com/1230620"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2023-52766"
},
{
"cve": "CVE-2023-52778",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52778"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: deal with large GSO size\n\nAfter the blamed commit below, the TCP sockets (and the MPTCP subflows)\ncan build egress packets larger than 64K. That exceeds the maximum DSS\ndata size, the length being misrepresent on the wire and the stream being\ncorrupted, as later observed on the receiver:\n\n WARNING: CPU: 0 PID: 9696 at net/mptcp/protocol.c:705 __mptcp_move_skbs_from_subflow+0x2604/0x26e0\n CPU: 0 PID: 9696 Comm: syz-executor.7 Not tainted 6.6.0-rc5-gcd8bdf563d46 #45\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014\n netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4\u0027.\n RIP: 0010:__mptcp_move_skbs_from_subflow+0x2604/0x26e0 net/mptcp/protocol.c:705\n RSP: 0018:ffffc90000006e80 EFLAGS: 00010246\n RAX: ffffffff83e9f674 RBX: ffff88802f45d870 RCX: ffff888102ad0000\n netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4\u0027.\n RDX: 0000000080000303 RSI: 0000000000013908 RDI: 0000000000003908\n RBP: ffffc90000007110 R08: ffffffff83e9e078 R09: 1ffff1100e548c8a\n R10: dffffc0000000000 R11: ffffed100e548c8b R12: 0000000000013908\n R13: dffffc0000000000 R14: 0000000000003908 R15: 000000000031cf29\n FS: 00007f239c47e700(0000) GS:ffff88811b200000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f239c45cd78 CR3: 000000006a66c006 CR4: 0000000000770ef0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600\n PKRU: 55555554\n Call Trace:\n \u003cIRQ\u003e\n mptcp_data_ready+0x263/0xac0 net/mptcp/protocol.c:819\n subflow_data_ready+0x268/0x6d0 net/mptcp/subflow.c:1409\n tcp_data_queue+0x21a1/0x7a60 net/ipv4/tcp_input.c:5151\n tcp_rcv_established+0x950/0x1d90 net/ipv4/tcp_input.c:6098\n tcp_v6_do_rcv+0x554/0x12f0 net/ipv6/tcp_ipv6.c:1483\n tcp_v6_rcv+0x2e26/0x3810 net/ipv6/tcp_ipv6.c:1749\n ip6_protocol_deliver_rcu+0xd6b/0x1ae0 net/ipv6/ip6_input.c:438\n ip6_input+0x1c5/0x470 net/ipv6/ip6_input.c:483\n ipv6_rcv+0xef/0x2c0 include/linux/netfilter.h:304\n __netif_receive_skb+0x1ea/0x6a0 net/core/dev.c:5532\n process_backlog+0x353/0x660 net/core/dev.c:5974\n __napi_poll+0xc6/0x5a0 net/core/dev.c:6536\n net_rx_action+0x6a0/0xfd0 net/core/dev.c:6603\n __do_softirq+0x184/0x524 kernel/softirq.c:553\n do_softirq+0xdd/0x130 kernel/softirq.c:454\n\nAddress the issue explicitly bounding the maximum GSO size to what MPTCP\nactually allows.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52778",
"url": "https://www.suse.com/security/cve/CVE-2023-52778"
},
{
"category": "external",
"summary": "SUSE Bug 1224948 for CVE-2023-52778",
"url": "https://bugzilla.suse.com/1224948"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2023-52778"
},
{
"cve": "CVE-2023-52800",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52800"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix htt pktlog locking\n\nThe ath11k active pdevs are protected by RCU but the htt pktlog handling\ncode calling ath11k_mac_get_ar_by_pdev_id() was not marked as a\nread-side critical section.\n\nMark the code in question as an RCU read-side critical section to avoid\nany potential use-after-free issues.\n\nCompile tested only.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52800",
"url": "https://www.suse.com/security/cve/CVE-2023-52800"
},
{
"category": "external",
"summary": "SUSE Bug 1230600 for CVE-2023-52800",
"url": "https://bugzilla.suse.com/1230600"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2023-52800"
},
{
"cve": "CVE-2023-52881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52881"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: do not accept ACK of bytes we never sent\n\nThis patch is based on a detailed report and ideas from Yepeng Pan\nand Christian Rossow.\n\nACK seq validation is currently following RFC 5961 5.2 guidelines:\n\n The ACK value is considered acceptable only if\n it is in the range of ((SND.UNA - MAX.SND.WND) \u003c= SEG.ACK \u003c=\n SND.NXT). All incoming segments whose ACK value doesn\u0027t satisfy the\n above condition MUST be discarded and an ACK sent back. It needs to\n be noted that RFC 793 on page 72 (fifth check) says: \"If the ACK is a\n duplicate (SEG.ACK \u003c SND.UNA), it can be ignored. If the ACK\n acknowledges something not yet sent (SEG.ACK \u003e SND.NXT) then send an\n ACK, drop the segment, and return\". The \"ignored\" above implies that\n the processing of the incoming data segment continues, which means\n the ACK value is treated as acceptable. This mitigation makes the\n ACK check more stringent since any ACK \u003c SND.UNA wouldn\u0027t be\n accepted, instead only ACKs that are in the range ((SND.UNA -\n MAX.SND.WND) \u003c= SEG.ACK \u003c= SND.NXT) get through.\n\nThis can be refined for new (and possibly spoofed) flows,\nby not accepting ACK for bytes that were never sent.\n\nThis greatly improves TCP security at a little cost.\n\nI added a Fixes: tag to make sure this patch will reach stable trees,\neven if the \u0027blamed\u0027 patch was adhering to the RFC.\n\ntp-\u003ebytes_acked was added in linux-4.2\n\nFollowing packetdrill test (courtesy of Yepeng Pan) shows\nthe issue at hand:\n\n0 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3\n+0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0\n+0 bind(3, ..., ...) = 0\n+0 listen(3, 1024) = 0\n\n// ---------------- Handshake ------------------- //\n\n// when window scale is set to 14 the window size can be extended to\n// 65535 * (2^14) = 1073725440. Linux would accept an ACK packet\n// with ack number in (Server_ISN+1-1073725440. Server_ISN+1)\n// ,though this ack number acknowledges some data never\n// sent by the server.\n\n+0 \u003c S 0:0(0) win 65535 \u003cmss 1400,nop,wscale 14\u003e\n+0 \u003e S. 0:0(0) ack 1 \u003c...\u003e\n+0 \u003c . 1:1(0) ack 1 win 65535\n+0 accept(3, ..., ...) = 4\n\n// For the established connection, we send an ACK packet,\n// the ack packet uses ack number 1 - 1073725300 + 2^32,\n// where 2^32 is used to wrap around.\n// Note: we used 1073725300 instead of 1073725440 to avoid possible\n// edge cases.\n// 1 - 1073725300 + 2^32 = 3221241997\n\n// Oops, old kernels happily accept this packet.\n+0 \u003c . 1:1001(1000) ack 3221241997 win 65535\n\n// After the kernel fix the following will be replaced by a challenge ACK,\n// and prior malicious frame would be dropped.\n+0 \u003e . 1:1(0) ack 1001",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52881",
"url": "https://www.suse.com/security/cve/CVE-2023-52881"
},
{
"category": "external",
"summary": "SUSE Bug 1223384 for CVE-2023-52881",
"url": "https://bugzilla.suse.com/1223384"
},
{
"category": "external",
"summary": "SUSE Bug 1225611 for CVE-2023-52881",
"url": "https://bugzilla.suse.com/1225611"
},
{
"category": "external",
"summary": "SUSE Bug 1226152 for CVE-2023-52881",
"url": "https://bugzilla.suse.com/1226152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2023-52881"
},
{
"cve": "CVE-2023-52917",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52917"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52917",
"url": "https://www.suse.com/security/cve/CVE-2023-52917"
},
{
"category": "external",
"summary": "SUSE Bug 1231849 for CVE-2023-52917",
"url": "https://bugzilla.suse.com/1231849"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2023-52917"
},
{
"cve": "CVE-2023-52918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52918"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pci: cx23885: check cx23885_vdev_init() return\n\ncx23885_vdev_init() can return a NULL pointer, but that pointer\nis used in the next line without a check.\n\nAdd a NULL pointer check and go to the error unwind if it is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52918",
"url": "https://www.suse.com/security/cve/CVE-2023-52918"
},
{
"category": "external",
"summary": "SUSE Bug 1232047 for CVE-2023-52918",
"url": "https://bugzilla.suse.com/1232047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2023-52918"
},
{
"cve": "CVE-2023-52919",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52919"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nci: fix possible NULL pointer dereference in send_acknowledge()\n\nHandle memory allocation failure from nci_skb_alloc() (calling\nalloc_skb()) to avoid possible NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52919",
"url": "https://www.suse.com/security/cve/CVE-2023-52919"
},
{
"category": "external",
"summary": "SUSE Bug 1231988 for CVE-2023-52919",
"url": "https://bugzilla.suse.com/1231988"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2023-52919"
},
{
"cve": "CVE-2023-52920",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52920"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: support non-r10 register spill/fill to/from stack in precision tracking\n\nUse instruction (jump) history to record instructions that performed\nregister spill/fill to/from stack, regardless if this was done through\nread-only r10 register, or any other register after copying r10 into it\n*and* potentially adjusting offset.\n\nTo make this work reliably, we push extra per-instruction flags into\ninstruction history, encoding stack slot index (spi) and stack frame\nnumber in extra 10 bit flags we take away from prev_idx in instruction\nhistory. We don\u0027t touch idx field for maximum performance, as it\u0027s\nchecked most frequently during backtracking.\n\nThis change removes basically the last remaining practical limitation of\nprecision backtracking logic in BPF verifier. It fixes known\ndeficiencies, but also opens up new opportunities to reduce number of\nverified states, explored in the subsequent patches.\n\nThere are only three differences in selftests\u0027 BPF object files\naccording to veristat, all in the positive direction (less states).\n\nFile Program Insns (A) Insns (B) Insns (DIFF) States (A) States (B) States (DIFF)\n-------------------------------------- ------------- --------- --------- ------------- ---------- ---------- -------------\ntest_cls_redirect_dynptr.bpf.linked3.o cls_redirect 2987 2864 -123 (-4.12%) 240 231 -9 (-3.75%)\nxdp_synproxy_kern.bpf.linked3.o syncookie_tc 82848 82661 -187 (-0.23%) 5107 5073 -34 (-0.67%)\nxdp_synproxy_kern.bpf.linked3.o syncookie_xdp 85116 84964 -152 (-0.18%) 5162 5130 -32 (-0.62%)\n\nNote, I avoided renaming jmp_history to more generic insn_hist to\nminimize number of lines changed and potential merge conflicts between\nbpf and bpf-next trees.\n\nNotice also cur_hist_entry pointer reset to NULL at the beginning of\ninstruction verification loop. This pointer avoids the problem of\nrelying on last jump history entry\u0027s insn_idx to determine whether we\nalready have entry for current instruction or not. It can happen that we\nadded jump history entry because current instruction is_jmp_point(), but\nalso we need to add instruction flags for stack access. In this case, we\ndon\u0027t want to entries, so we need to reuse last added entry, if it is\npresent.\n\nRelying on insn_idx comparison has the same ambiguity problem as the one\nthat was fixed recently in [0], so we avoid that.\n\n [0] https://patchwork.kernel.org/project/netdevbpf/patch/20231110002638.4168352-3-andrii@kernel.org/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52920",
"url": "https://www.suse.com/security/cve/CVE-2023-52920"
},
{
"category": "external",
"summary": "SUSE Bug 1232823 for CVE-2023-52920",
"url": "https://bugzilla.suse.com/1232823"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2023-52920"
},
{
"cve": "CVE-2023-52921",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52921"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix possible UAF in amdgpu_cs_pass1()\n\nSince the gang_size check is outside of chunk parsing\nloop, we need to reset i before we free the chunk data.\n\nSuggested by Ye Zhang (@VAR10CK) of Baidu Security.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52921",
"url": "https://www.suse.com/security/cve/CVE-2023-52921"
},
{
"category": "external",
"summary": "SUSE Bug 1233452 for CVE-2023-52921",
"url": "https://bugzilla.suse.com/1233452"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2023-52921"
},
{
"cve": "CVE-2023-52922",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52922"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: bcm: Fix UAF in bcm_proc_show()\n\nBUG: KASAN: slab-use-after-free in bcm_proc_show+0x969/0xa80\nRead of size 8 at addr ffff888155846230 by task cat/7862\n\nCPU: 1 PID: 7862 Comm: cat Not tainted 6.5.0-rc1-00153-gc8746099c197 #230\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xd5/0x150\n print_report+0xc1/0x5e0\n kasan_report+0xba/0xf0\n bcm_proc_show+0x969/0xa80\n seq_read_iter+0x4f6/0x1260\n seq_read+0x165/0x210\n proc_reg_read+0x227/0x300\n vfs_read+0x1d5/0x8d0\n ksys_read+0x11e/0x240\n do_syscall_64+0x35/0xb0\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nAllocated by task 7846:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n __kasan_kmalloc+0x9e/0xa0\n bcm_sendmsg+0x264b/0x44e0\n sock_sendmsg+0xda/0x180\n ____sys_sendmsg+0x735/0x920\n ___sys_sendmsg+0x11d/0x1b0\n __sys_sendmsg+0xfa/0x1d0\n do_syscall_64+0x35/0xb0\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nFreed by task 7846:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n kasan_save_free_info+0x27/0x40\n ____kasan_slab_free+0x161/0x1c0\n slab_free_freelist_hook+0x119/0x220\n __kmem_cache_free+0xb4/0x2e0\n rcu_core+0x809/0x1bd0\n\nbcm_op is freed before procfs entry be removed in bcm_release(),\nthis lead to bcm_proc_show() may read the freed bcm_op.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52922",
"url": "https://www.suse.com/security/cve/CVE-2023-52922"
},
{
"category": "external",
"summary": "SUSE Bug 1233977 for CVE-2023-52922",
"url": "https://bugzilla.suse.com/1233977"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2023-52922"
},
{
"cve": "CVE-2023-6270",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-6270"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial of service condition or potential code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-6270",
"url": "https://www.suse.com/security/cve/CVE-2023-6270"
},
{
"category": "external",
"summary": "SUSE Bug 1218562 for CVE-2023-6270",
"url": "https://bugzilla.suse.com/1218562"
},
{
"category": "external",
"summary": "SUSE Bug 1218813 for CVE-2023-6270",
"url": "https://bugzilla.suse.com/1218813"
},
{
"category": "external",
"summary": "SUSE Bug 1221578 for CVE-2023-6270",
"url": "https://bugzilla.suse.com/1221578"
},
{
"category": "external",
"summary": "SUSE Bug 1221598 for CVE-2023-6270",
"url": "https://bugzilla.suse.com/1221598"
},
{
"category": "external",
"summary": "SUSE Bug 1223016 for CVE-2023-6270",
"url": "https://bugzilla.suse.com/1223016"
},
{
"category": "external",
"summary": "SUSE Bug 1227675 for CVE-2023-6270",
"url": "https://bugzilla.suse.com/1227675"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2023-6270"
},
{
"cve": "CVE-2024-26596",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26596"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events\n\nAfter the blamed commit, we started doing this dereference for every\nNETDEV_CHANGEUPPER and NETDEV_PRECHANGEUPPER event in the system.\n\nstatic inline struct dsa_port *dsa_user_to_port(const struct net_device *dev)\n{\n\tstruct dsa_user_priv *p = netdev_priv(dev);\n\n\treturn p-\u003edp;\n}\n\nWhich is obviously bogus, because not all net_devices have a netdev_priv()\nof type struct dsa_user_priv. But struct dsa_user_priv is fairly small,\nand p-\u003edp means dereferencing 8 bytes starting with offset 16. Most\ndrivers allocate that much private memory anyway, making our access not\nfault, and we discard the bogus data quickly afterwards, so this wasn\u0027t\ncaught.\n\nBut the dummy interface is somewhat special in that it calls\nalloc_netdev() with a priv size of 0. So every netdev_priv() dereference\nis invalid, and we get this when we emit a NETDEV_PRECHANGEUPPER event\nwith a VLAN as its new upper:\n\n$ ip link add dummy1 type dummy\n$ ip link add link dummy1 name dummy1.100 type vlan id 100\n[ 43.309174] ==================================================================\n[ 43.316456] BUG: KASAN: slab-out-of-bounds in dsa_user_prechangeupper+0x30/0xe8\n[ 43.323835] Read of size 8 at addr ffff3f86481d2990 by task ip/374\n[ 43.330058]\n[ 43.342436] Call trace:\n[ 43.366542] dsa_user_prechangeupper+0x30/0xe8\n[ 43.371024] dsa_user_netdevice_event+0xb38/0xee8\n[ 43.375768] notifier_call_chain+0xa4/0x210\n[ 43.379985] raw_notifier_call_chain+0x24/0x38\n[ 43.384464] __netdev_upper_dev_link+0x3ec/0x5d8\n[ 43.389120] netdev_upper_dev_link+0x70/0xa8\n[ 43.393424] register_vlan_dev+0x1bc/0x310\n[ 43.397554] vlan_newlink+0x210/0x248\n[ 43.401247] rtnl_newlink+0x9fc/0xe30\n[ 43.404942] rtnetlink_rcv_msg+0x378/0x580\n\nAvoid the kernel oops by dereferencing after the type check, as customary.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26596",
"url": "https://www.suse.com/security/cve/CVE-2024-26596"
},
{
"category": "external",
"summary": "SUSE Bug 1220355 for CVE-2024-26596",
"url": "https://bugzilla.suse.com/1220355"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-26596"
},
{
"cve": "CVE-2024-26703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/timerlat: Move hrtimer_init to timerlat_fd open()\n\nCurrently, the timerlat\u0027s hrtimer is initialized at the first read of\ntimerlat_fd, and destroyed at close(). It works, but it causes an error\nif the user program open() and close() the file without reading.\n\nHere\u0027s an example:\n\n # echo NO_OSNOISE_WORKLOAD \u003e /sys/kernel/debug/tracing/osnoise/options\n # echo timerlat \u003e /sys/kernel/debug/tracing/current_tracer\n\n # cat \u003c\u003cEOF \u003e ./timerlat_load.py\n # !/usr/bin/env python3\n\n timerlat_fd = open(\"/sys/kernel/tracing/osnoise/per_cpu/cpu0/timerlat_fd\", \u0027r\u0027)\n timerlat_fd.close();\n EOF\n\n # ./taskset -c 0 ./timerlat_load.py\n\u003cBOOM\u003e\n\n BUG: kernel NULL pointer dereference, address: 0000000000000010\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 1 PID: 2673 Comm: python3 Not tainted 6.6.13-200.fc39.x86_64 #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-1.fc39 04/01/2014\n RIP: 0010:hrtimer_active+0xd/0x50\n Code: 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 48 8b 57 30 \u003c8b\u003e 42 10 a8 01 74 09 f3 90 8b 42 10 a8 01 75 f7 80 7f 38 00 75 1d\n RSP: 0018:ffffb031009b7e10 EFLAGS: 00010286\n RAX: 000000000002db00 RBX: ffff9118f786db08 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffff9117a0e64400 RDI: ffff9118f786db08\n RBP: ffff9118f786db80 R08: ffff9117a0ddd420 R09: ffff9117804d4f70\n R10: 0000000000000000 R11: 0000000000000000 R12: ffff9118f786db08\n R13: ffff91178fdd5e20 R14: ffff9117840978c0 R15: 0000000000000000\n FS: 00007f2ffbab1740(0000) GS:ffff9118f7840000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000010 CR3: 00000001b402e000 CR4: 0000000000750ee0\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __die+0x23/0x70\n ? page_fault_oops+0x171/0x4e0\n ? srso_alias_return_thunk+0x5/0x7f\n ? avc_has_extended_perms+0x237/0x520\n ? exc_page_fault+0x7f/0x180\n ? asm_exc_page_fault+0x26/0x30\n ? hrtimer_active+0xd/0x50\n hrtimer_cancel+0x15/0x40\n timerlat_fd_release+0x48/0xe0\n __fput+0xf5/0x290\n __x64_sys_close+0x3d/0x80\n do_syscall_64+0x60/0x90\n ? srso_alias_return_thunk+0x5/0x7f\n ? __x64_sys_ioctl+0x72/0xd0\n ? srso_alias_return_thunk+0x5/0x7f\n ? syscall_exit_to_user_mode+0x2b/0x40\n ? srso_alias_return_thunk+0x5/0x7f\n ? do_syscall_64+0x6c/0x90\n ? srso_alias_return_thunk+0x5/0x7f\n ? exit_to_user_mode_prepare+0x142/0x1f0\n ? srso_alias_return_thunk+0x5/0x7f\n ? syscall_exit_to_user_mode+0x2b/0x40\n ? srso_alias_return_thunk+0x5/0x7f\n ? do_syscall_64+0x6c/0x90\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n RIP: 0033:0x7f2ffb321594\n Code: 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 80 3d d5 cd 0d 00 00 74 13 b8 03 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 3c c3 0f 1f 00 55 48 89 e5 48 83 ec 10 89 7d\n RSP: 002b:00007ffe8d8eef18 EFLAGS: 00000202 ORIG_RAX: 0000000000000003\n RAX: ffffffffffffffda RBX: 00007f2ffba4e668 RCX: 00007f2ffb321594\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003\n RBP: 00007ffe8d8eef40 R08: 0000000000000000 R09: 0000000000000000\n R10: 55c926e3167eae79 R11: 0000000000000202 R12: 0000000000000003\n R13: 00007ffe8d8ef030 R14: 0000000000000000 R15: 00007f2ffba4e668\n \u003c/TASK\u003e\n CR2: 0000000000000010\n ---[ end trace 0000000000000000 ]---\n\nMove hrtimer_init to timerlat_fd open() to avoid this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26703",
"url": "https://www.suse.com/security/cve/CVE-2024-26703"
},
{
"category": "external",
"summary": "SUSE Bug 1222423 for CVE-2024-26703",
"url": "https://bugzilla.suse.com/1222423"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-26703"
},
{
"cve": "CVE-2024-26741",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26741"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished().\n\nsyzkaller reported a warning [0] in inet_csk_destroy_sock() with no\nrepro.\n\n WARN_ON(inet_sk(sk)-\u003einet_num \u0026\u0026 !inet_csk(sk)-\u003eicsk_bind_hash);\n\nHowever, the syzkaller\u0027s log hinted that connect() failed just before\nthe warning due to FAULT_INJECTION. [1]\n\nWhen connect() is called for an unbound socket, we search for an\navailable ephemeral port. If a bhash bucket exists for the port, we\ncall __inet_check_established() or __inet6_check_established() to check\nif the bucket is reusable.\n\nIf reusable, we add the socket into ehash and set inet_sk(sk)-\u003einet_num.\n\nLater, we look up the corresponding bhash2 bucket and try to allocate\nit if it does not exist.\n\nAlthough it rarely occurs in real use, if the allocation fails, we must\nrevert the changes by check_established(). Otherwise, an unconnected\nsocket could illegally occupy an ehash entry.\n\nNote that we do not put tw back into ehash because sk might have\nalready responded to a packet for tw and it would be better to free\ntw earlier under such memory presure.\n\n[0]:\nWARNING: CPU: 0 PID: 350830 at net/ipv4/inet_connection_sock.c:1193 inet_csk_destroy_sock (net/ipv4/inet_connection_sock.c:1193)\nModules linked in:\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nRIP: 0010:inet_csk_destroy_sock (net/ipv4/inet_connection_sock.c:1193)\nCode: 41 5c 41 5d 41 5e e9 2d 4a 3d fd e8 28 4a 3d fd 48 89 ef e8 f0 cd 7d ff 5b 5d 41 5c 41 5d 41 5e e9 13 4a 3d fd e8 0e 4a 3d fd \u003c0f\u003e 0b e9 61 fe ff ff e8 02 4a 3d fd 4c 89 e7 be 03 00 00 00 e8 05\nRSP: 0018:ffffc9000b21fd38 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: 0000000000009e78 RCX: ffffffff840bae40\nRDX: ffff88806e46c600 RSI: ffffffff840bb012 RDI: ffff88811755cca8\nRBP: ffff88811755c880 R08: 0000000000000003 R09: 0000000000000000\nR10: 0000000000009e78 R11: 0000000000000000 R12: ffff88811755c8e0\nR13: ffff88811755c892 R14: ffff88811755c918 R15: 0000000000000000\nFS: 00007f03e5243800(0000) GS:ffff88811ae00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b32f21000 CR3: 0000000112ffe001 CR4: 0000000000770ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? inet_csk_destroy_sock (net/ipv4/inet_connection_sock.c:1193)\n dccp_close (net/dccp/proto.c:1078)\n inet_release (net/ipv4/af_inet.c:434)\n __sock_release (net/socket.c:660)\n sock_close (net/socket.c:1423)\n __fput (fs/file_table.c:377)\n __fput_sync (fs/file_table.c:462)\n __x64_sys_close (fs/open.c:1557 fs/open.c:1539 fs/open.c:1539)\n do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129)\nRIP: 0033:0x7f03e53852bb\nCode: 03 00 00 00 0f 05 48 3d 00 f0 ff ff 77 41 c3 48 83 ec 18 89 7c 24 0c e8 43 c9 f5 ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 c9 f5 ff 8b 44\nRSP: 002b:00000000005dfba0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003\nRAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f03e53852bb\nRDX: 0000000000000002 RSI: 0000000000000002 RDI: 0000000000000003\nRBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000167c\nR10: 0000000008a79680 R11: 0000000000000293 R12: 00007f03e4e43000\nR13: 00007f03e4e43170 R14: 00007f03e4e43178 R15: 00007f03e4e43170\n \u003c/TASK\u003e\n\n[1]:\nFAULT_INJECTION: forcing a failure.\nname failslab, interval 1, probability 0, space 0, times 0\nCPU: 0 PID: 350833 Comm: syz-executor.1 Not tainted 6.7.0-12272-g2121c43f88f5 #9\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl (lib/dump_stack.c:107 (discriminator 1))\n should_fail_ex (lib/fault-inject.c:52 lib/fault-inject.c:153)\n should_failslab (mm/slub.c:3748)\n kmem_cache_alloc (mm/slub.c:3763 mm/slub.c:3842 mm/slub.c:3867)\n inet_bind2_bucket_create \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26741",
"url": "https://www.suse.com/security/cve/CVE-2024-26741"
},
{
"category": "external",
"summary": "SUSE Bug 1222587 for CVE-2024-26741",
"url": "https://bugzilla.suse.com/1222587"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-26741"
},
{
"cve": "CVE-2024-26758",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26758"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: Don\u0027t ignore suspended array in md_check_recovery()\n\nmddev_suspend() never stop sync_thread, hence it doesn\u0027t make sense to\nignore suspended array in md_check_recovery(), which might cause\nsync_thread can\u0027t be unregistered.\n\nAfter commit f52f5c71f3d4 (\"md: fix stopping sync thread\"), following\nhang can be triggered by test shell/integrity-caching.sh:\n\n1) suspend the array:\nraid_postsuspend\n mddev_suspend\n\n2) stop the array:\nraid_dtr\n md_stop\n __md_stop_writes\n stop_sync_thread\n set_bit(MD_RECOVERY_INTR, \u0026mddev-\u003erecovery);\n md_wakeup_thread_directly(mddev-\u003esync_thread);\n wait_event(..., !test_bit(MD_RECOVERY_RUNNING, \u0026mddev-\u003erecovery))\n\n3) sync thread done:\nmd_do_sync\n set_bit(MD_RECOVERY_DONE, \u0026mddev-\u003erecovery);\n md_wakeup_thread(mddev-\u003ethread);\n\n4) daemon thread can\u0027t unregister sync thread:\nmd_check_recovery\n if (mddev-\u003esuspended)\n return; -\u003e return directly\n md_read_sync_thread\n clear_bit(MD_RECOVERY_RUNNING, \u0026mddev-\u003erecovery);\n -\u003e MD_RECOVERY_RUNNING can\u0027t be cleared, hence step 2 hang;\n\nThis problem is not just related to dm-raid, fix it by ignoring\nsuspended array in md_check_recovery(). And follow up patches will\nimprove dm-raid better to frozen sync thread during suspend.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26758",
"url": "https://www.suse.com/security/cve/CVE-2024-26758"
},
{
"category": "external",
"summary": "SUSE Bug 1230341 for CVE-2024-26758",
"url": "https://bugzilla.suse.com/1230341"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-26758"
},
{
"cve": "CVE-2024-26761",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26761"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window\n\nThe Linux CXL subsystem is built on the assumption that HPA == SPA.\nThat is, the host physical address (HPA) the HDM decoder registers are\nprogrammed with are system physical addresses (SPA).\n\nDuring HDM decoder setup, the DVSEC CXL range registers (cxl-3.1,\n8.1.3.8) are checked if the memory is enabled and the CXL range is in\na HPA window that is described in a CFMWS structure of the CXL host\nbridge (cxl-3.1, 9.18.1.3).\n\nNow, if the HPA is not an SPA, the CXL range does not match a CFMWS\nwindow and the CXL memory range will be disabled then. The HDM decoder\nstops working which causes system memory being disabled and further a\nsystem hang during HDM decoder initialization, typically when a CXL\nenabled kernel boots.\n\nPrevent a system hang and do not disable the HDM decoder if the\ndecoder\u0027s CXL range is not found in a CFMWS window.\n\nNote the change only fixes a hardware hang, but does not implement\nHPA/SPA translation. Support for this can be added in a follow on\npatch series.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26761",
"url": "https://www.suse.com/security/cve/CVE-2024-26761"
},
{
"category": "external",
"summary": "SUSE Bug 1230375 for CVE-2024-26761",
"url": "https://bugzilla.suse.com/1230375"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-26761"
},
{
"cve": "CVE-2024-26767",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26767"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fixed integer types and null check locations\n\n[why]:\nissues fixed:\n- comparison with wider integer type in loop condition which can cause\ninfinite loops\n- pointer dereference before null check",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26767",
"url": "https://www.suse.com/security/cve/CVE-2024-26767"
},
{
"category": "external",
"summary": "SUSE Bug 1230339 for CVE-2024-26767",
"url": "https://bugzilla.suse.com/1230339"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-26767"
},
{
"cve": "CVE-2024-26782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26782"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix double-free on socket dismantle\n\nwhen MPTCP server accepts an incoming connection, it clones its listener\nsocket. However, the pointer to \u0027inet_opt\u0027 for the new socket has the same\nvalue as the original one: as a consequence, on program exit it\u0027s possible\nto observe the following splat:\n\n BUG: KASAN: double-free in inet_sock_destruct+0x54f/0x8b0\n Free of addr ffff888485950880 by task swapper/25/0\n\n CPU: 25 PID: 0 Comm: swapper/25 Kdump: loaded Not tainted 6.8.0-rc1+ #609\n Hardware name: Supermicro SYS-6027R-72RF/X9DRH-7TF/7F/iTF/iF, BIOS 3.0 07/26/2013\n Call Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x32/0x50\n print_report+0xca/0x620\n kasan_report_invalid_free+0x64/0x90\n __kasan_slab_free+0x1aa/0x1f0\n kfree+0xed/0x2e0\n inet_sock_destruct+0x54f/0x8b0\n __sk_destruct+0x48/0x5b0\n rcu_do_batch+0x34e/0xd90\n rcu_core+0x559/0xac0\n __do_softirq+0x183/0x5a4\n irq_exit_rcu+0x12d/0x170\n sysvec_apic_timer_interrupt+0x6b/0x80\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_sysvec_apic_timer_interrupt+0x16/0x20\n RIP: 0010:cpuidle_enter_state+0x175/0x300\n Code: 30 00 0f 84 1f 01 00 00 83 e8 01 83 f8 ff 75 e5 48 83 c4 18 44 89 e8 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc fb 45 85 ed \u003c0f\u003e 89 60 ff ff ff 48 c1 e5 06 48 c7 43 18 00 00 00 00 48 83 44 2b\n RSP: 0018:ffff888481cf7d90 EFLAGS: 00000202\n RAX: 0000000000000000 RBX: ffff88887facddc8 RCX: 0000000000000000\n RDX: 1ffff1110ff588b1 RSI: 0000000000000019 RDI: ffff88887fac4588\n RBP: 0000000000000004 R08: 0000000000000002 R09: 0000000000043080\n R10: 0009b02ea273363f R11: ffff88887fabf42b R12: ffffffff932592e0\n R13: 0000000000000004 R14: 0000000000000000 R15: 00000022c880ec80\n cpuidle_enter+0x4a/0xa0\n do_idle+0x310/0x410\n cpu_startup_entry+0x51/0x60\n start_secondary+0x211/0x270\n secondary_startup_64_no_verify+0x184/0x18b\n \u003c/TASK\u003e\n\n Allocated by task 6853:\n kasan_save_stack+0x1c/0x40\n kasan_save_track+0x10/0x30\n __kasan_kmalloc+0xa6/0xb0\n __kmalloc+0x1eb/0x450\n cipso_v4_sock_setattr+0x96/0x360\n netlbl_sock_setattr+0x132/0x1f0\n selinux_netlbl_socket_post_create+0x6c/0x110\n selinux_socket_post_create+0x37b/0x7f0\n security_socket_post_create+0x63/0xb0\n __sock_create+0x305/0x450\n __sys_socket_create.part.23+0xbd/0x130\n __sys_socket+0x37/0xb0\n __x64_sys_socket+0x6f/0xb0\n do_syscall_64+0x83/0x160\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\n Freed by task 6858:\n kasan_save_stack+0x1c/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x12c/0x1f0\n kfree+0xed/0x2e0\n inet_sock_destruct+0x54f/0x8b0\n __sk_destruct+0x48/0x5b0\n subflow_ulp_release+0x1f0/0x250\n tcp_cleanup_ulp+0x6e/0x110\n tcp_v4_destroy_sock+0x5a/0x3a0\n inet_csk_destroy_sock+0x135/0x390\n tcp_fin+0x416/0x5c0\n tcp_data_queue+0x1bc8/0x4310\n tcp_rcv_state_process+0x15a3/0x47b0\n tcp_v4_do_rcv+0x2c1/0x990\n tcp_v4_rcv+0x41fb/0x5ed0\n ip_protocol_deliver_rcu+0x6d/0x9f0\n ip_local_deliver_finish+0x278/0x360\n ip_local_deliver+0x182/0x2c0\n ip_rcv+0xb5/0x1c0\n __netif_receive_skb_one_core+0x16e/0x1b0\n process_backlog+0x1e3/0x650\n __napi_poll+0xa6/0x500\n net_rx_action+0x740/0xbb0\n __do_softirq+0x183/0x5a4\n\n The buggy address belongs to the object at ffff888485950880\n which belongs to the cache kmalloc-64 of size 64\n The buggy address is located 0 bytes inside of\n 64-byte region [ffff888485950880, ffff8884859508c0)\n\n The buggy address belongs to the physical page:\n page:0000000056d1e95e refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888485950700 pfn:0x485950\n flags: 0x57ffffc0000800(slab|node=1|zone=2|lastcpupid=0x1fffff)\n page_type: 0xffffffff()\n raw: 0057ffffc0000800 ffff88810004c640 ffffea00121b8ac0 dead000000000006\n raw: ffff888485950700 0000000000200019 00000001ffffffff 0000000000000000\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n ffff888485950780: fa fb fb\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26782",
"url": "https://www.suse.com/security/cve/CVE-2024-26782"
},
{
"category": "external",
"summary": "SUSE Bug 1222590 for CVE-2024-26782",
"url": "https://bugzilla.suse.com/1222590"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-26782"
},
{
"cve": "CVE-2024-26864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26864"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Fix refcnt handling in __inet_hash_connect().\n\nsyzbot reported a warning in sk_nulls_del_node_init_rcu().\n\nThe commit 66b60b0c8c4a (\"dccp/tcp: Unhash sk from ehash for tb2 alloc\nfailure after check_estalblished().\") tried to fix an issue that an\nunconnected socket occupies an ehash entry when bhash2 allocation fails.\n\nIn such a case, we need to revert changes done by check_established(),\nwhich does not hold refcnt when inserting socket into ehash.\n\nSo, to revert the change, we need to __sk_nulls_add_node_rcu() instead\nof sk_nulls_add_node_rcu().\n\nOtherwise, sock_put() will cause refcnt underflow and leak the socket.\n\n[0]:\nWARNING: CPU: 0 PID: 23948 at include/net/sock.h:799 sk_nulls_del_node_init_rcu+0x166/0x1a0 include/net/sock.h:799\nModules linked in:\nCPU: 0 PID: 23948 Comm: syz-executor.2 Not tainted 6.8.0-rc6-syzkaller-00159-gc055fc00c07b #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\nRIP: 0010:sk_nulls_del_node_init_rcu+0x166/0x1a0 include/net/sock.h:799\nCode: e8 7f 71 c6 f7 83 fb 02 7c 25 e8 35 6d c6 f7 4d 85 f6 0f 95 c0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 1b 6d c6 f7 90 \u003c0f\u003e 0b 90 eb b2 e8 10 6d c6 f7 4c 89 e7 be 04 00 00 00 e8 63 e7 d2\nRSP: 0018:ffffc900032d7848 EFLAGS: 00010246\nRAX: ffffffff89cd0035 RBX: 0000000000000001 RCX: 0000000000040000\nRDX: ffffc90004de1000 RSI: 000000000003ffff RDI: 0000000000040000\nRBP: 1ffff1100439ac26 R08: ffffffff89ccffe3 R09: 1ffff1100439ac28\nR10: dffffc0000000000 R11: ffffed100439ac29 R12: ffff888021cd6140\nR13: dffffc0000000000 R14: ffff88802a9bf5c0 R15: ffff888021cd6130\nFS: 00007f3b823f16c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f3b823f0ff8 CR3: 000000004674a000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n __inet_hash_connect+0x140f/0x20b0 net/ipv4/inet_hashtables.c:1139\n dccp_v6_connect+0xcb9/0x1480 net/dccp/ipv6.c:956\n __inet_stream_connect+0x262/0xf30 net/ipv4/af_inet.c:678\n inet_stream_connect+0x65/0xa0 net/ipv4/af_inet.c:749\n __sys_connect_file net/socket.c:2048 [inline]\n __sys_connect+0x2df/0x310 net/socket.c:2065\n __do_sys_connect net/socket.c:2075 [inline]\n __se_sys_connect net/socket.c:2072 [inline]\n __x64_sys_connect+0x7a/0x90 net/socket.c:2072\n do_syscall_64+0xf9/0x240\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\nRIP: 0033:0x7f3b8167dda9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f3b823f10c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002a\nRAX: ffffffffffffffda RBX: 00007f3b817abf80 RCX: 00007f3b8167dda9\nRDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000003\nRBP: 00007f3b823f1120 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001\nR13: 000000000000000b R14: 00007f3b817abf80 R15: 00007ffd3beb57b8\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26864",
"url": "https://www.suse.com/security/cve/CVE-2024-26864"
},
{
"category": "external",
"summary": "SUSE Bug 1223112 for CVE-2024-26864",
"url": "https://bugzilla.suse.com/1223112"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-26864"
},
{
"cve": "CVE-2024-26943",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26943"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnouveau/dmem: handle kcalloc() allocation failure\n\nThe kcalloc() in nouveau_dmem_evict_chunk() will return null if\nthe physical memory has run out. As a result, if we dereference\nsrc_pfns, dst_pfns or dma_addrs, the null pointer dereference bugs\nwill happen.\n\nMoreover, the GPU is going away. If the kcalloc() fails, we could not\nevict all pages mapping a chunk. So this patch adds a __GFP_NOFAIL\nflag in kcalloc().\n\nFinally, as there is no need to have physically contiguous memory,\nthis patch switches kcalloc() to kvcalloc() in order to avoid\nfailing allocations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26943",
"url": "https://www.suse.com/security/cve/CVE-2024-26943"
},
{
"category": "external",
"summary": "SUSE Bug 1230527 for CVE-2024-26943",
"url": "https://bugzilla.suse.com/1230527"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-26943"
},
{
"cve": "CVE-2024-26953",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26953"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: esp: fix bad handling of pages from page_pool\n\nWhen the skb is reorganized during esp_output (!esp-\u003einline), the pages\ncoming from the original skb fragments are supposed to be released back\nto the system through put_page. But if the skb fragment pages are\noriginating from a page_pool, calling put_page on them will trigger a\npage_pool leak which will eventually result in a crash.\n\nThis leak can be easily observed when using CONFIG_DEBUG_VM and doing\nipsec + gre (non offloaded) forwarding:\n\n BUG: Bad page state in process ksoftirqd/16 pfn:1451b6\n page:00000000de2b8d32 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1451b6000 pfn:0x1451b6\n flags: 0x200000000000000(node=0|zone=2)\n page_type: 0xffffffff()\n raw: 0200000000000000 dead000000000040 ffff88810d23c000 0000000000000000\n raw: 00000001451b6000 0000000000000001 00000000ffffffff 0000000000000000\n page dumped because: page_pool leak\n Modules linked in: ip_gre gre mlx5_ib mlx5_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink iptable_nat nf_nat xt_addrtype br_netfilter rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm ib_uverbs ib_core overlay zram zsmalloc fuse [last unloaded: mlx5_core]\n CPU: 16 PID: 96 Comm: ksoftirqd/16 Not tainted 6.8.0-rc4+ #22\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x36/0x50\n bad_page+0x70/0xf0\n free_unref_page_prepare+0x27a/0x460\n free_unref_page+0x38/0x120\n esp_ssg_unref.isra.0+0x15f/0x200\n esp_output_tail+0x66d/0x780\n esp_xmit+0x2c5/0x360\n validate_xmit_xfrm+0x313/0x370\n ? validate_xmit_skb+0x1d/0x330\n validate_xmit_skb_list+0x4c/0x70\n sch_direct_xmit+0x23e/0x350\n __dev_queue_xmit+0x337/0xba0\n ? nf_hook_slow+0x3f/0xd0\n ip_finish_output2+0x25e/0x580\n iptunnel_xmit+0x19b/0x240\n ip_tunnel_xmit+0x5fb/0xb60\n ipgre_xmit+0x14d/0x280 [ip_gre]\n dev_hard_start_xmit+0xc3/0x1c0\n __dev_queue_xmit+0x208/0xba0\n ? nf_hook_slow+0x3f/0xd0\n ip_finish_output2+0x1ca/0x580\n ip_sublist_rcv_finish+0x32/0x40\n ip_sublist_rcv+0x1b2/0x1f0\n ? ip_rcv_finish_core.constprop.0+0x460/0x460\n ip_list_rcv+0x103/0x130\n __netif_receive_skb_list_core+0x181/0x1e0\n netif_receive_skb_list_internal+0x1b3/0x2c0\n napi_gro_receive+0xc8/0x200\n gro_cell_poll+0x52/0x90\n __napi_poll+0x25/0x1a0\n net_rx_action+0x28e/0x300\n __do_softirq+0xc3/0x276\n ? sort_range+0x20/0x20\n run_ksoftirqd+0x1e/0x30\n smpboot_thread_fn+0xa6/0x130\n kthread+0xcd/0x100\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x31/0x50\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e\n\nThe suggested fix is to introduce a new wrapper (skb_page_unref) that\ncovers page refcounting for page_pool pages as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26953",
"url": "https://www.suse.com/security/cve/CVE-2024-26953"
},
{
"category": "external",
"summary": "SUSE Bug 1223656 for CVE-2024-26953",
"url": "https://bugzilla.suse.com/1223656"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-26953"
},
{
"cve": "CVE-2024-27017",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27017"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo: walk over current view on netlink dump\n\nThe generation mask can be updated while netlink dump is in progress.\nThe pipapo set backend walk iterator cannot rely on it to infer what\nview of the datastructure is to be used. Add notation to specify if user\nwants to read/update the set.\n\nBased on patch from Florian Westphal.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27017",
"url": "https://www.suse.com/security/cve/CVE-2024-27017"
},
{
"category": "external",
"summary": "SUSE Bug 1223733 for CVE-2024-27017",
"url": "https://bugzilla.suse.com/1223733"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-27017"
},
{
"cve": "CVE-2024-27026",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27026"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvmxnet3: Fix missing reserved tailroom\n\nUse rbi-\u003elen instead of rcd-\u003elen for non-dataring packet.\n\nFound issue:\n XDP_WARN: xdp_update_frame_from_buff(line:278): Driver BUG: missing reserved tailroom\n WARNING: CPU: 0 PID: 0 at net/core/xdp.c:586 xdp_warn+0xf/0x20\n CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W O 6.5.1 #1\n RIP: 0010:xdp_warn+0xf/0x20\n ...\n ? xdp_warn+0xf/0x20\n xdp_do_redirect+0x15f/0x1c0\n vmxnet3_run_xdp+0x17a/0x400 [vmxnet3]\n vmxnet3_process_xdp+0xe4/0x760 [vmxnet3]\n ? vmxnet3_tq_tx_complete.isra.0+0x21e/0x2c0 [vmxnet3]\n vmxnet3_rq_rx_complete+0x7ad/0x1120 [vmxnet3]\n vmxnet3_poll_rx_only+0x2d/0xa0 [vmxnet3]\n __napi_poll+0x20/0x180\n net_rx_action+0x177/0x390",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27026",
"url": "https://www.suse.com/security/cve/CVE-2024-27026"
},
{
"category": "external",
"summary": "SUSE Bug 1223700 for CVE-2024-27026",
"url": "https://bugzilla.suse.com/1223700"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-27026"
},
{
"cve": "CVE-2024-27043",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27043"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: edia: dvbdev: fix a use-after-free\n\nIn dvb_register_device, *pdvbdev is set equal to dvbdev, which is freed\nin several error-handling paths. However, *pdvbdev is not set to NULL\nafter dvbdev\u0027s deallocation, causing use-after-frees in many places,\nfor example, in the following call chain:\n\nbudget_register\n |-\u003e dvb_dmxdev_init\n |-\u003e dvb_register_device\n |-\u003e dvb_dmxdev_release\n |-\u003e dvb_unregister_device\n |-\u003e dvb_remove_device\n |-\u003e dvb_device_put\n |-\u003e kref_put\n\nWhen calling dvb_unregister_device, dmxdev-\u003edvbdev (i.e. *pdvbdev in\ndvb_register_device) could point to memory that had been freed in\ndvb_register_device. Thereafter, this pointer is transferred to\nkref_put and triggering a use-after-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27043",
"url": "https://www.suse.com/security/cve/CVE-2024-27043"
},
{
"category": "external",
"summary": "SUSE Bug 1218562 for CVE-2024-27043",
"url": "https://bugzilla.suse.com/1218562"
},
{
"category": "external",
"summary": "SUSE Bug 1223824 for CVE-2024-27043",
"url": "https://bugzilla.suse.com/1223824"
},
{
"category": "external",
"summary": "SUSE Bug 1223825 for CVE-2024-27043",
"url": "https://bugzilla.suse.com/1223825"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-27043"
},
{
"cve": "CVE-2024-27407",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27407"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Fixed overflow check in mi_enum_attr()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27407",
"url": "https://www.suse.com/security/cve/CVE-2024-27407"
},
{
"category": "external",
"summary": "SUSE Bug 1224429 for CVE-2024-27407",
"url": "https://bugzilla.suse.com/1224429"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-27407"
},
{
"cve": "CVE-2024-35888",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35888"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nerspan: make sure erspan_base_hdr is present in skb-\u003ehead\n\nsyzbot reported a problem in ip6erspan_rcv() [1]\n\nIssue is that ip6erspan_rcv() (and erspan_rcv()) no longer make\nsure erspan_base_hdr is present in skb linear part (skb-\u003ehead)\nbefore getting @ver field from it.\n\nAdd the missing pskb_may_pull() calls.\n\nv2: Reload iph pointer in erspan_rcv() after pskb_may_pull()\n because skb-\u003ehead might have changed.\n\n[1]\n\n BUG: KMSAN: uninit-value in pskb_may_pull_reason include/linux/skbuff.h:2742 [inline]\n BUG: KMSAN: uninit-value in pskb_may_pull include/linux/skbuff.h:2756 [inline]\n BUG: KMSAN: uninit-value in ip6erspan_rcv net/ipv6/ip6_gre.c:541 [inline]\n BUG: KMSAN: uninit-value in gre_rcv+0x11f8/0x1930 net/ipv6/ip6_gre.c:610\n pskb_may_pull_reason include/linux/skbuff.h:2742 [inline]\n pskb_may_pull include/linux/skbuff.h:2756 [inline]\n ip6erspan_rcv net/ipv6/ip6_gre.c:541 [inline]\n gre_rcv+0x11f8/0x1930 net/ipv6/ip6_gre.c:610\n ip6_protocol_deliver_rcu+0x1d4c/0x2ca0 net/ipv6/ip6_input.c:438\n ip6_input_finish net/ipv6/ip6_input.c:483 [inline]\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492\n ip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586\n dst_input include/net/dst.h:460 [inline]\n ip6_rcv_finish+0x955/0x970 net/ipv6/ip6_input.c:79\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ipv6_rcv+0xde/0x390 net/ipv6/ip6_input.c:310\n __netif_receive_skb_one_core net/core/dev.c:5538 [inline]\n __netif_receive_skb+0x1da/0xa00 net/core/dev.c:5652\n netif_receive_skb_internal net/core/dev.c:5738 [inline]\n netif_receive_skb+0x58/0x660 net/core/dev.c:5798\n tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1549\n tun_get_user+0x5566/0x69e0 drivers/net/tun.c:2002\n tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048\n call_write_iter include/linux/fs.h:2108 [inline]\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0xb63/0x1520 fs/read_write.c:590\n ksys_write+0x20f/0x4c0 fs/read_write.c:643\n __do_sys_write fs/read_write.c:655 [inline]\n __se_sys_write fs/read_write.c:652 [inline]\n __x64_sys_write+0x93/0xe0 fs/read_write.c:652\n do_syscall_64+0xd5/0x1f0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3804 [inline]\n slab_alloc_node mm/slub.c:3845 [inline]\n kmem_cache_alloc_node+0x613/0xc50 mm/slub.c:3888\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:577\n __alloc_skb+0x35b/0x7a0 net/core/skbuff.c:668\n alloc_skb include/linux/skbuff.h:1318 [inline]\n alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6504\n sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2795\n tun_alloc_skb drivers/net/tun.c:1525 [inline]\n tun_get_user+0x209a/0x69e0 drivers/net/tun.c:1846\n tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048\n call_write_iter include/linux/fs.h:2108 [inline]\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0xb63/0x1520 fs/read_write.c:590\n ksys_write+0x20f/0x4c0 fs/read_write.c:643\n __do_sys_write fs/read_write.c:655 [inline]\n __se_sys_write fs/read_write.c:652 [inline]\n __x64_sys_write+0x93/0xe0 fs/read_write.c:652\n do_syscall_64+0xd5/0x1f0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nCPU: 1 PID: 5045 Comm: syz-executor114 Not tainted 6.9.0-rc1-syzkaller-00021-g962490525cff #0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35888",
"url": "https://www.suse.com/security/cve/CVE-2024-35888"
},
{
"category": "external",
"summary": "SUSE Bug 1224518 for CVE-2024-35888",
"url": "https://bugzilla.suse.com/1224518"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-35888"
},
{
"cve": "CVE-2024-35980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35980"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: tlb: Fix TLBI RANGE operand\n\nKVM/arm64 relies on TLBI RANGE feature to flush TLBs when the dirty\npages are collected by VMM and the page table entries become write\nprotected during live migration. Unfortunately, the operand passed\nto the TLBI RANGE instruction isn\u0027t correctly sorted out due to the\ncommit 117940aa6e5f (\"KVM: arm64: Define kvm_tlb_flush_vmid_range()\").\nIt leads to crash on the destination VM after live migration because\nTLBs aren\u0027t flushed completely and some of the dirty pages are missed.\n\nFor example, I have a VM where 8GB memory is assigned, starting from\n0x40000000 (1GB). Note that the host has 4KB as the base page size.\nIn the middile of migration, kvm_tlb_flush_vmid_range() is executed\nto flush TLBs. It passes MAX_TLBI_RANGE_PAGES as the argument to\n__kvm_tlb_flush_vmid_range() and __flush_s2_tlb_range_op(). SCALE#3\nand NUM#31, corresponding to MAX_TLBI_RANGE_PAGES, isn\u0027t supported\nby __TLBI_RANGE_NUM(). In this specific case, -1 has been returned\nfrom __TLBI_RANGE_NUM() for SCALE#3/2/1/0 and rejected by the loop\nin the __flush_tlb_range_op() until the variable @scale underflows\nand becomes -9, 0xffff708000040000 is set as the operand. The operand\nis wrong since it\u0027s sorted out by __TLBI_VADDR_RANGE() according to\ninvalid @scale and @num.\n\nFix it by extending __TLBI_RANGE_NUM() to support the combination of\nSCALE#3 and NUM#31. With the changes, [-1 31] instead of [-1 30] can\nbe returned from the macro, meaning the TLBs for 0x200000 pages in the\nabove example can be flushed in one shoot with SCALE#3 and NUM#31. The\nmacro TLBI_RANGE_MASK is dropped since no one uses it any more. The\ncomments are also adjusted accordingly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35980",
"url": "https://www.suse.com/security/cve/CVE-2024-35980"
},
{
"category": "external",
"summary": "SUSE Bug 1224574 for CVE-2024-35980",
"url": "https://bugzilla.suse.com/1224574"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-35980"
},
{
"cve": "CVE-2024-36000",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36000"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: fix missing hugetlb_lock for resv uncharge\n\nThere is a recent report on UFFDIO_COPY over hugetlb:\n\nhttps://lore.kernel.org/all/000000000000ee06de0616177560@google.com/\n\n350:\tlockdep_assert_held(\u0026hugetlb_lock);\n\nShould be an issue in hugetlb but triggered in an userfault context, where\nit goes into the unlikely path where two threads modifying the resv map\ntogether. Mike has a fix in that path for resv uncharge but it looks like\nthe locking criteria was overlooked: hugetlb_cgroup_uncharge_folio_rsvd()\nwill update the cgroup pointer, so it requires to be called with the lock\nheld.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36000",
"url": "https://www.suse.com/security/cve/CVE-2024-36000"
},
{
"category": "external",
"summary": "SUSE Bug 1224548 for CVE-2024-36000",
"url": "https://bugzilla.suse.com/1224548"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-36000"
},
{
"cve": "CVE-2024-36031",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36031"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nkeys: Fix overwrite of key expiration on instantiation\n\nThe expiry time of a key is unconditionally overwritten during\ninstantiation, defaulting to turn it permanent. This causes a problem\nfor DNS resolution as the expiration set by user-space is overwritten to\nTIME64_MAX, disabling further DNS updates. Fix this by restoring the\ncondition that key_set_expiry is only called when the pre-parser sets a\nspecific expiry.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36031",
"url": "https://www.suse.com/security/cve/CVE-2024-36031"
},
{
"category": "external",
"summary": "SUSE Bug 1225713 for CVE-2024-36031",
"url": "https://bugzilla.suse.com/1225713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-36031"
},
{
"cve": "CVE-2024-36244",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36244"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: taprio: extend minimum interval restriction to entire cycle too\n\nIt is possible for syzbot to side-step the restriction imposed by the\nblamed commit in the Fixes: tag, because the taprio UAPI permits a\ncycle-time different from (and potentially shorter than) the sum of\nentry intervals.\n\nWe need one more restriction, which is that the cycle time itself must\nbe larger than N * ETH_ZLEN bit times, where N is the number of schedule\nentries. This restriction needs to apply regardless of whether the cycle\ntime came from the user or was the implicit, auto-calculated value, so\nwe move the existing \"cycle == 0\" check outside the \"if \"(!new-\u003ecycle_time)\"\nbranch. This way covers both conditions and scenarios.\n\nAdd a selftest which illustrates the issue triggered by syzbot.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36244",
"url": "https://www.suse.com/security/cve/CVE-2024-36244"
},
{
"category": "external",
"summary": "SUSE Bug 1226797 for CVE-2024-36244",
"url": "https://bugzilla.suse.com/1226797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "low"
}
],
"title": "CVE-2024-36244"
},
{
"cve": "CVE-2024-36484",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36484"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: relax socket state check at accept time.\n\nChristoph reported the following splat:\n\nWARNING: CPU: 1 PID: 772 at net/ipv4/af_inet.c:761 __inet_accept+0x1f4/0x4a0\nModules linked in:\nCPU: 1 PID: 772 Comm: syz-executor510 Not tainted 6.9.0-rc7-g7da7119fe22b #56\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014\nRIP: 0010:__inet_accept+0x1f4/0x4a0 net/ipv4/af_inet.c:759\nCode: 04 38 84 c0 0f 85 87 00 00 00 41 c7 04 24 03 00 00 00 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 ec b7 da fd \u003c0f\u003e 0b e9 7f fe ff ff e8 e0 b7 da fd 0f 0b e9 fe fe ff ff 89 d9 80\nRSP: 0018:ffffc90000c2fc58 EFLAGS: 00010293\nRAX: ffffffff836bdd14 RBX: 0000000000000000 RCX: ffff888104668000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: dffffc0000000000 R08: ffffffff836bdb89 R09: fffff52000185f64\nR10: dffffc0000000000 R11: fffff52000185f64 R12: dffffc0000000000\nR13: 1ffff92000185f98 R14: ffff88810754d880 R15: ffff8881007b7800\nFS: 000000001c772880(0000) GS:ffff88811b280000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fb9fcf2e178 CR3: 00000001045d2002 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n inet_accept+0x138/0x1d0 net/ipv4/af_inet.c:786\n do_accept+0x435/0x620 net/socket.c:1929\n __sys_accept4_file net/socket.c:1969 [inline]\n __sys_accept4+0x9b/0x110 net/socket.c:1999\n __do_sys_accept net/socket.c:2016 [inline]\n __se_sys_accept net/socket.c:2013 [inline]\n __x64_sys_accept+0x7d/0x90 net/socket.c:2013\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x58/0x100 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x4315f9\nCode: fd ff 48 81 c4 80 00 00 00 e9 f1 fe ff ff 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 0f 83 ab b4 fd ff c3 66 2e 0f 1f 84 00 00 00 00\nRSP: 002b:00007ffdb26d9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002b\nRAX: ffffffffffffffda RBX: 0000000000400300 RCX: 00000000004315f9\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004\nRBP: 00000000006e1018 R08: 0000000000400300 R09: 0000000000400300\nR10: 0000000000400300 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000040cdf0 R14: 000000000040ce80 R15: 0000000000000055\n \u003c/TASK\u003e\n\nThe reproducer invokes shutdown() before entering the listener status.\nAfter commit 94062790aedb (\"tcp: defer shutdown(SEND_SHUTDOWN) for\nTCP_SYN_RECV sockets\"), the above causes the child to reach the accept\nsyscall in FIN_WAIT1 status.\n\nEric noted we can relax the existing assertion in __inet_accept()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36484",
"url": "https://www.suse.com/security/cve/CVE-2024-36484"
},
{
"category": "external",
"summary": "SUSE Bug 1226872 for CVE-2024-36484",
"url": "https://bugzilla.suse.com/1226872"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-36484"
},
{
"cve": "CVE-2024-36883",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36883"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix out-of-bounds access in ops_init\n\nnet_alloc_generic is called by net_alloc, which is called without any\nlocking. It reads max_gen_ptrs, which is changed under pernet_ops_rwsem. It\nis read twice, first to allocate an array, then to set s.len, which is\nlater used to limit the bounds of the array access.\n\nIt is possible that the array is allocated and another thread is\nregistering a new pernet ops, increments max_gen_ptrs, which is then used\nto set s.len with a larger than allocated length for the variable array.\n\nFix it by reading max_gen_ptrs only once in net_alloc_generic. If\nmax_gen_ptrs is later incremented, it will be caught in net_assign_generic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36883",
"url": "https://www.suse.com/security/cve/CVE-2024-36883"
},
{
"category": "external",
"summary": "SUSE Bug 1225725 for CVE-2024-36883",
"url": "https://bugzilla.suse.com/1225725"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-36883"
},
{
"cve": "CVE-2024-36886",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36886"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix UAF in error path\n\nSam Page (sam4k) working with Trend Micro Zero Day Initiative reported\na UAF in the tipc_buf_append() error path:\n\nBUG: KASAN: slab-use-after-free in kfree_skb_list_reason+0x47e/0x4c0\nlinux/net/core/skbuff.c:1183\nRead of size 8 at addr ffff88804d2a7c80 by task poc/8034\n\nCPU: 1 PID: 8034 Comm: poc Not tainted 6.8.2 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.16.0-debian-1.16.0-5 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack linux/lib/dump_stack.c:88\n dump_stack_lvl+0xd9/0x1b0 linux/lib/dump_stack.c:106\n print_address_description linux/mm/kasan/report.c:377\n print_report+0xc4/0x620 linux/mm/kasan/report.c:488\n kasan_report+0xda/0x110 linux/mm/kasan/report.c:601\n kfree_skb_list_reason+0x47e/0x4c0 linux/net/core/skbuff.c:1183\n skb_release_data+0x5af/0x880 linux/net/core/skbuff.c:1026\n skb_release_all linux/net/core/skbuff.c:1094\n __kfree_skb linux/net/core/skbuff.c:1108\n kfree_skb_reason+0x12d/0x210 linux/net/core/skbuff.c:1144\n kfree_skb linux/./include/linux/skbuff.h:1244\n tipc_buf_append+0x425/0xb50 linux/net/tipc/msg.c:186\n tipc_link_input+0x224/0x7c0 linux/net/tipc/link.c:1324\n tipc_link_rcv+0x76e/0x2d70 linux/net/tipc/link.c:1824\n tipc_rcv+0x45f/0x10f0 linux/net/tipc/node.c:2159\n tipc_udp_recv+0x73b/0x8f0 linux/net/tipc/udp_media.c:390\n udp_queue_rcv_one_skb+0xad2/0x1850 linux/net/ipv4/udp.c:2108\n udp_queue_rcv_skb+0x131/0xb00 linux/net/ipv4/udp.c:2186\n udp_unicast_rcv_skb+0x165/0x3b0 linux/net/ipv4/udp.c:2346\n __udp4_lib_rcv+0x2594/0x3400 linux/net/ipv4/udp.c:2422\n ip_protocol_deliver_rcu+0x30c/0x4e0 linux/net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x2e4/0x520 linux/net/ipv4/ip_input.c:233\n NF_HOOK linux/./include/linux/netfilter.h:314\n NF_HOOK linux/./include/linux/netfilter.h:308\n ip_local_deliver+0x18e/0x1f0 linux/net/ipv4/ip_input.c:254\n dst_input linux/./include/net/dst.h:461\n ip_rcv_finish linux/net/ipv4/ip_input.c:449\n NF_HOOK linux/./include/linux/netfilter.h:314\n NF_HOOK linux/./include/linux/netfilter.h:308\n ip_rcv+0x2c5/0x5d0 linux/net/ipv4/ip_input.c:569\n __netif_receive_skb_one_core+0x199/0x1e0 linux/net/core/dev.c:5534\n __netif_receive_skb+0x1f/0x1c0 linux/net/core/dev.c:5648\n process_backlog+0x101/0x6b0 linux/net/core/dev.c:5976\n __napi_poll.constprop.0+0xba/0x550 linux/net/core/dev.c:6576\n napi_poll linux/net/core/dev.c:6645\n net_rx_action+0x95a/0xe90 linux/net/core/dev.c:6781\n __do_softirq+0x21f/0x8e7 linux/kernel/softirq.c:553\n do_softirq linux/kernel/softirq.c:454\n do_softirq+0xb2/0xf0 linux/kernel/softirq.c:441\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n __local_bh_enable_ip+0x100/0x120 linux/kernel/softirq.c:381\n local_bh_enable linux/./include/linux/bottom_half.h:33\n rcu_read_unlock_bh linux/./include/linux/rcupdate.h:851\n __dev_queue_xmit+0x871/0x3ee0 linux/net/core/dev.c:4378\n dev_queue_xmit linux/./include/linux/netdevice.h:3169\n neigh_hh_output linux/./include/net/neighbour.h:526\n neigh_output linux/./include/net/neighbour.h:540\n ip_finish_output2+0x169f/0x2550 linux/net/ipv4/ip_output.c:235\n __ip_finish_output linux/net/ipv4/ip_output.c:313\n __ip_finish_output+0x49e/0x950 linux/net/ipv4/ip_output.c:295\n ip_finish_output+0x31/0x310 linux/net/ipv4/ip_output.c:323\n NF_HOOK_COND linux/./include/linux/netfilter.h:303\n ip_output+0x13b/0x2a0 linux/net/ipv4/ip_output.c:433\n dst_output linux/./include/net/dst.h:451\n ip_local_out linux/net/ipv4/ip_output.c:129\n ip_send_skb+0x3e5/0x560 linux/net/ipv4/ip_output.c:1492\n udp_send_skb+0x73f/0x1530 linux/net/ipv4/udp.c:963\n udp_sendmsg+0x1a36/0x2b40 linux/net/ipv4/udp.c:1250\n inet_sendmsg+0x105/0x140 linux/net/ipv4/af_inet.c:850\n sock_sendmsg_nosec linux/net/socket.c:730\n __sock_sendmsg linux/net/socket.c:745\n __sys_sendto+0x42c/0x4e0 linux/net/socket.c:2191\n __do_sys_sendto linux/net/socket.c:2203\n __se_sys_sendto linux/net/socket.c:2199\n __x64_sys_sendto+0xe0/0x1c0 linux/net/socket.c:2199\n do_syscall_x64 linux/arch/x86/entry/common.c:52\n do_syscall_\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36886",
"url": "https://www.suse.com/security/cve/CVE-2024-36886"
},
{
"category": "external",
"summary": "SUSE Bug 1225730 for CVE-2024-36886",
"url": "https://bugzilla.suse.com/1225730"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-36886",
"url": "https://bugzilla.suse.com/1225742"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-36886"
},
{
"cve": "CVE-2024-36905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36905"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets\n\nTCP_SYN_RECV state is really special, it is only used by\ncross-syn connections, mostly used by fuzzers.\n\nIn the following crash [1], syzbot managed to trigger a divide\nby zero in tcp_rcv_space_adjust()\n\nA socket makes the following state transitions,\nwithout ever calling tcp_init_transfer(),\nmeaning tcp_init_buffer_space() is also not called.\n\n TCP_CLOSE\nconnect()\n TCP_SYN_SENT\n TCP_SYN_RECV\nshutdown() -\u003e tcp_shutdown(sk, SEND_SHUTDOWN)\n TCP_FIN_WAIT1\n\nTo fix this issue, change tcp_shutdown() to not\nperform a TCP_SYN_RECV -\u003e TCP_FIN_WAIT1 transition,\nwhich makes no sense anyway.\n\nWhen tcp_rcv_state_process() later changes socket state\nfrom TCP_SYN_RECV to TCP_ESTABLISH, then look at\nsk-\u003esk_shutdown to finally enter TCP_FIN_WAIT1 state,\nand send a FIN packet from a sane socket state.\n\nThis means tcp_send_fin() can now be called from BH\ncontext, and must use GFP_ATOMIC allocations.\n\n[1]\ndivide error: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 1 PID: 5084 Comm: syz-executor358 Not tainted 6.9.0-rc6-syzkaller-00022-g98369dccd2f8 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\n RIP: 0010:tcp_rcv_space_adjust+0x2df/0x890 net/ipv4/tcp_input.c:767\nCode: e3 04 4c 01 eb 48 8b 44 24 38 0f b6 04 10 84 c0 49 89 d5 0f 85 a5 03 00 00 41 8b 8e c8 09 00 00 89 e8 29 c8 48 0f af c3 31 d2 \u003c48\u003e f7 f1 48 8d 1c 43 49 8d 96 76 08 00 00 48 89 d0 48 c1 e8 03 48\nRSP: 0018:ffffc900031ef3f0 EFLAGS: 00010246\nRAX: 0c677a10441f8f42 RBX: 000000004fb95e7e RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: 0000000027d4b11f R08: ffffffff89e535a4 R09: 1ffffffff25e6ab7\nR10: dffffc0000000000 R11: ffffffff8135e920 R12: ffff88802a9f8d30\nR13: dffffc0000000000 R14: ffff88802a9f8d00 R15: 1ffff1100553f2da\nFS: 00005555775c0380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f1155bf2304 CR3: 000000002b9f2000 CR4: 0000000000350ef0\nCall Trace:\n \u003cTASK\u003e\n tcp_recvmsg_locked+0x106d/0x25a0 net/ipv4/tcp.c:2513\n tcp_recvmsg+0x25d/0x920 net/ipv4/tcp.c:2578\n inet6_recvmsg+0x16a/0x730 net/ipv6/af_inet6.c:680\n sock_recvmsg_nosec net/socket.c:1046 [inline]\n sock_recvmsg+0x109/0x280 net/socket.c:1068\n ____sys_recvmsg+0x1db/0x470 net/socket.c:2803\n ___sys_recvmsg net/socket.c:2845 [inline]\n do_recvmmsg+0x474/0xae0 net/socket.c:2939\n __sys_recvmmsg net/socket.c:3018 [inline]\n __do_sys_recvmmsg net/socket.c:3041 [inline]\n __se_sys_recvmmsg net/socket.c:3034 [inline]\n __x64_sys_recvmmsg+0x199/0x250 net/socket.c:3034\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7faeb6363db9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffcc1997168 EFLAGS: 00000246 ORIG_RAX: 000000000000012b\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007faeb6363db9\nRDX: 0000000000000001 RSI: 0000000020000bc0 RDI: 0000000000000005\nRBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000001c\nR10: 0000000000000122 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36905",
"url": "https://www.suse.com/security/cve/CVE-2024-36905"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-36905",
"url": "https://bugzilla.suse.com/1225742"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-36905"
},
{
"cve": "CVE-2024-36920",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36920"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Avoid memcpy field-spanning write WARNING\n\nWhen the \"storcli2 show\" command is executed for eHBA-9600, mpi3mr driver\nprints this WARNING message:\n\n memcpy: detected field-spanning write (size 128) of single field \"bsg_reply_buf-\u003ereply_buf\" at drivers/scsi/mpi3mr/mpi3mr_app.c:1658 (size 1)\n WARNING: CPU: 0 PID: 12760 at drivers/scsi/mpi3mr/mpi3mr_app.c:1658 mpi3mr_bsg_request+0x6b12/0x7f10 [mpi3mr]\n\nThe cause of the WARN is 128 bytes memcpy to the 1 byte size array \"__u8\nreplay_buf[1]\" in the struct mpi3mr_bsg_in_reply_buf. The array is intended\nto be a flexible length array, so the WARN is a false positive.\n\nTo suppress the WARN, remove the constant number \u00271\u0027 from the array\ndeclaration and clarify that it has flexible length. Also, adjust the\nmemory allocation size to match the change.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36920",
"url": "https://www.suse.com/security/cve/CVE-2024-36920"
},
{
"category": "external",
"summary": "SUSE Bug 1225768 for CVE-2024-36920",
"url": "https://bugzilla.suse.com/1225768"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-36920"
},
{
"cve": "CVE-2024-36927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36927"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: Fix uninit-value access in __ip_make_skb()\n\nKMSAN reported uninit-value access in __ip_make_skb() [1]. __ip_make_skb()\ntests HDRINCL to know if the skb has icmphdr. However, HDRINCL can cause a\nrace condition. If calling setsockopt(2) with IP_HDRINCL changes HDRINCL\nwhile __ip_make_skb() is running, the function will access icmphdr in the\nskb even if it is not included. This causes the issue reported by KMSAN.\n\nCheck FLOWI_FLAG_KNOWN_NH on fl4-\u003eflowi4_flags instead of testing HDRINCL\non the socket.\n\nAlso, fl4-\u003efl4_icmp_type and fl4-\u003efl4_icmp_code are not initialized. These\nare union in struct flowi4 and are implicitly initialized by\nflowi4_init_output(), but we should not rely on specific union layout.\n\nInitialize these explicitly in raw_sendmsg().\n\n[1]\nBUG: KMSAN: uninit-value in __ip_make_skb+0x2b74/0x2d20 net/ipv4/ip_output.c:1481\n __ip_make_skb+0x2b74/0x2d20 net/ipv4/ip_output.c:1481\n ip_finish_skb include/net/ip.h:243 [inline]\n ip_push_pending_frames+0x4c/0x5c0 net/ipv4/ip_output.c:1508\n raw_sendmsg+0x2381/0x2690 net/ipv4/raw.c:654\n inet_sendmsg+0x27b/0x2a0 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x274/0x3c0 net/socket.c:745\n __sys_sendto+0x62c/0x7b0 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x130/0x200 net/socket.c:2199\n do_syscall_64+0xd8/0x1f0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3804 [inline]\n slab_alloc_node mm/slub.c:3845 [inline]\n kmem_cache_alloc_node+0x5f6/0xc50 mm/slub.c:3888\n kmalloc_reserve+0x13c/0x4a0 net/core/skbuff.c:577\n __alloc_skb+0x35a/0x7c0 net/core/skbuff.c:668\n alloc_skb include/linux/skbuff.h:1318 [inline]\n __ip_append_data+0x49ab/0x68c0 net/ipv4/ip_output.c:1128\n ip_append_data+0x1e7/0x260 net/ipv4/ip_output.c:1365\n raw_sendmsg+0x22b1/0x2690 net/ipv4/raw.c:648\n inet_sendmsg+0x27b/0x2a0 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x274/0x3c0 net/socket.c:745\n __sys_sendto+0x62c/0x7b0 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x130/0x200 net/socket.c:2199\n do_syscall_64+0xd8/0x1f0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nCPU: 1 PID: 15709 Comm: syz-executor.7 Not tainted 6.8.0-11567-gb3603fcb79b1 #25\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-1.fc39 04/01/2014",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36927",
"url": "https://www.suse.com/security/cve/CVE-2024-36927"
},
{
"category": "external",
"summary": "SUSE Bug 1225813 for CVE-2024-36927",
"url": "https://bugzilla.suse.com/1225813"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-36927"
},
{
"cve": "CVE-2024-36954",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36954"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix a possible memleak in tipc_buf_append\n\n__skb_linearize() doesn\u0027t free the skb when it fails, so move\n\u0027*buf = NULL\u0027 after __skb_linearize(), so that the skb can be\nfreed on the err path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36954",
"url": "https://www.suse.com/security/cve/CVE-2024-36954"
},
{
"category": "external",
"summary": "SUSE Bug 1225764 for CVE-2024-36954",
"url": "https://bugzilla.suse.com/1225764"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-36954"
},
{
"cve": "CVE-2024-36968",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36968"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()\n\nl2cap_le_flowctl_init() can cause both div-by-zero and an integer\noverflow since hdev-\u003ele_mtu may not fall in the valid range.\n\nMove MTU from hci_dev to hci_conn to validate MTU and stop the connection\nprocess earlier if MTU is invalid.\nAlso, add a missing validation in read_buffer_size() and make it return\nan error value if the validation fails.\nNow hci_conn_add() returns ERR_PTR() as it can fail due to the both a\nkzalloc failure and invalid MTU value.\n\ndivide error: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 0 PID: 67 Comm: kworker/u5:0 Tainted: G W 6.9.0-rc5+ #20\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nWorkqueue: hci0 hci_rx_work\nRIP: 0010:l2cap_le_flowctl_init+0x19e/0x3f0 net/bluetooth/l2cap_core.c:547\nCode: e8 17 17 0c 00 66 41 89 9f 84 00 00 00 bf 01 00 00 00 41 b8 02 00 00 00 4c\n89 fe 4c 89 e2 89 d9 e8 27 17 0c 00 44 89 f0 31 d2 \u003c66\u003e f7 f3 89 c3 ff c3 4d 8d\nb7 88 00 00 00 4c 89 f0 48 c1 e8 03 42\nRSP: 0018:ffff88810bc0f858 EFLAGS: 00010246\nRAX: 00000000000002a0 RBX: 0000000000000000 RCX: dffffc0000000000\nRDX: 0000000000000000 RSI: ffff88810bc0f7c0 RDI: ffffc90002dcb66f\nRBP: ffff88810bc0f880 R08: aa69db2dda70ff01 R09: 0000ffaaaaaaaaaa\nR10: 0084000000ffaaaa R11: 0000000000000000 R12: ffff88810d65a084\nR13: dffffc0000000000 R14: 00000000000002a0 R15: ffff88810d65a000\nFS: 0000000000000000(0000) GS:ffff88811ac00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020000100 CR3: 0000000103268003 CR4: 0000000000770ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n l2cap_le_connect_req net/bluetooth/l2cap_core.c:4902 [inline]\n l2cap_le_sig_cmd net/bluetooth/l2cap_core.c:5420 [inline]\n l2cap_le_sig_channel net/bluetooth/l2cap_core.c:5486 [inline]\n l2cap_recv_frame+0xe59d/0x11710 net/bluetooth/l2cap_core.c:6809\n l2cap_recv_acldata+0x544/0x10a0 net/bluetooth/l2cap_core.c:7506\n hci_acldata_packet net/bluetooth/hci_core.c:3939 [inline]\n hci_rx_work+0x5e5/0xb20 net/bluetooth/hci_core.c:4176\n process_one_work kernel/workqueue.c:3254 [inline]\n process_scheduled_works+0x90f/0x1530 kernel/workqueue.c:3335\n worker_thread+0x926/0xe70 kernel/workqueue.c:3416\n kthread+0x2e3/0x380 kernel/kthread.c:388\n ret_from_fork+0x5c/0x90 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\nModules linked in:\n---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36968",
"url": "https://www.suse.com/security/cve/CVE-2024-36968"
},
{
"category": "external",
"summary": "SUSE Bug 1226130 for CVE-2024-36968",
"url": "https://bugzilla.suse.com/1226130"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-36968"
},
{
"cve": "CVE-2024-38576",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38576"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu: Fix buffer overflow in print_cpu_stall_info()\n\nThe rcuc-starvation output from print_cpu_stall_info() might overflow the\nbuffer if there is a huge difference in jiffies difference. The situation\nmight seem improbable, but computers sometimes get very confused about\ntime, which can result in full-sized integers, and, in this case,\nbuffer overflow.\n\nAlso, the unsigned jiffies difference is printed using %ld, which is\nnormally for signed integers. This is intentional for debugging purposes,\nbut it is not obvious from the code.\n\nThis commit therefore changes sprintf() to snprintf() and adds a\nclarifying comment about intention of %ld format.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38576",
"url": "https://www.suse.com/security/cve/CVE-2024-38576"
},
{
"category": "external",
"summary": "SUSE Bug 1226623 for CVE-2024-38576",
"url": "https://bugzilla.suse.com/1226623"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-38576"
},
{
"cve": "CVE-2024-38577",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38577"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow\n\nThere is a possibility of buffer overflow in\nshow_rcu_tasks_trace_gp_kthread() if counters, passed\nto sprintf() are huge. Counter numbers, needed for this\nare unrealistically high, but buffer overflow is still\npossible.\n\nUse snprintf() with buffer size instead of sprintf().\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38577",
"url": "https://www.suse.com/security/cve/CVE-2024-38577"
},
{
"category": "external",
"summary": "SUSE Bug 1226631 for CVE-2024-38577",
"url": "https://bugzilla.suse.com/1226631"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-38577"
},
{
"cve": "CVE-2024-38589",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38589"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetrom: fix possible dead-lock in nr_rt_ioctl()\n\nsyzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1]\n\nMake sure we always acquire nr_node_list_lock before nr_node_lock(nr_node)\n\n[1]\nWARNING: possible circular locking dependency detected\n6.9.0-rc7-syzkaller-02147-g654de42f3fc6 #0 Not tainted\n------------------------------------------------------\nsyz-executor350/5129 is trying to acquire lock:\n ffff8880186e2070 (\u0026nr_node-\u003enode_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n ffff8880186e2070 (\u0026nr_node-\u003enode_lock){+...}-{2:2}, at: nr_node_lock include/net/netrom.h:152 [inline]\n ffff8880186e2070 (\u0026nr_node-\u003enode_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:464 [inline]\n ffff8880186e2070 (\u0026nr_node-\u003enode_lock){+...}-{2:2}, at: nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697\n\nbut task is already holding lock:\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_rt_ioctl+0x10a/0x1090 net/netrom/nr_route.c:697\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-\u003e #1 (nr_node_list_lock){+...}-{2:2}:\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754\n __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\n _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178\n spin_lock_bh include/linux/spinlock.h:356 [inline]\n nr_remove_node net/netrom/nr_route.c:299 [inline]\n nr_del_node+0x4b4/0x820 net/netrom/nr_route.c:355\n nr_rt_ioctl+0xa95/0x1090 net/netrom/nr_route.c:683\n sock_do_ioctl+0x158/0x460 net/socket.c:1222\n sock_ioctl+0x629/0x8e0 net/socket.c:1341\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:904 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n-\u003e #0 (\u0026nr_node-\u003enode_lock){+...}-{2:2}:\n check_prev_add kernel/locking/lockdep.c:3134 [inline]\n check_prevs_add kernel/locking/lockdep.c:3253 [inline]\n validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869\n __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754\n __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\n _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178\n spin_lock_bh include/linux/spinlock.h:356 [inline]\n nr_node_lock include/net/netrom.h:152 [inline]\n nr_dec_obs net/netrom/nr_route.c:464 [inline]\n nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697\n sock_do_ioctl+0x158/0x460 net/socket.c:1222\n sock_ioctl+0x629/0x8e0 net/socket.c:1341\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:904 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nother info that might help us debug this:\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(nr_node_list_lock);\n lock(\u0026nr_node-\u003enode_lock);\n lock(nr_node_list_lock);\n lock(\u0026nr_node-\u003enode_lock);\n\n *** DEADLOCK ***\n\n1 lock held by syz-executor350/5129:\n #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]\n #0: ffffffff8f70\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38589",
"url": "https://www.suse.com/security/cve/CVE-2024-38589"
},
{
"category": "external",
"summary": "SUSE Bug 1226748 for CVE-2024-38589",
"url": "https://bugzilla.suse.com/1226748"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-38589"
},
{
"cve": "CVE-2024-38599",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38599"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njffs2: prevent xattr node from overflowing the eraseblock\n\nAdd a check to make sure that the requested xattr node size is no larger\nthan the eraseblock minus the cleanmarker.\n\nUnlike the usual inode nodes, the xattr nodes aren\u0027t split into parts\nand spread across multiple eraseblocks, which means that a xattr node\nmust not occupy more than one eraseblock. If the requested xattr value is\ntoo large, the xattr node can spill onto the next eraseblock, overwriting\nthe nodes and causing errors such as:\n\njffs2: argh. node added in wrong place at 0x0000b050(2)\njffs2: nextblock 0x0000a000, expected at 0000b00c\njffs2: error: (823) do_verify_xattr_datum: node CRC failed at 0x01e050,\nread=0xfc892c93, calc=0x000000\njffs2: notice: (823) jffs2_get_inode_nodes: Node header CRC failed\nat 0x01e00c. {848f,2fc4,0fef511f,59a3d171}\njffs2: Node at 0x0000000c with length 0x00001044 would run over the\nend of the erase block\njffs2: Perhaps the file system was created with the wrong erase size?\njffs2: jffs2_scan_eraseblock(): Magic bitmask 0x1985 not found\nat 0x00000010: 0x1044 instead\n\nThis breaks the filesystem and can lead to KASAN crashes such as:\n\nBUG: KASAN: slab-out-of-bounds in jffs2_sum_add_kvec+0x125e/0x15d0\nRead of size 4 at addr ffff88802c31e914 by task repro/830\nCPU: 0 PID: 830 Comm: repro Not tainted 6.9.0-rc3+ #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS Arch Linux 1.16.3-1-1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xc6/0x120\n print_report+0xc4/0x620\n ? __virt_addr_valid+0x308/0x5b0\n kasan_report+0xc1/0xf0\n ? jffs2_sum_add_kvec+0x125e/0x15d0\n ? jffs2_sum_add_kvec+0x125e/0x15d0\n jffs2_sum_add_kvec+0x125e/0x15d0\n jffs2_flash_direct_writev+0xa8/0xd0\n jffs2_flash_writev+0x9c9/0xef0\n ? __x64_sys_setxattr+0xc4/0x160\n ? do_syscall_64+0x69/0x140\n ? entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [...]\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38599",
"url": "https://www.suse.com/security/cve/CVE-2024-38599"
},
{
"category": "external",
"summary": "SUSE Bug 1223384 for CVE-2024-38599",
"url": "https://bugzilla.suse.com/1223384"
},
{
"category": "external",
"summary": "SUSE Bug 1226848 for CVE-2024-38599",
"url": "https://bugzilla.suse.com/1226848"
},
{
"category": "external",
"summary": "SUSE Bug 1227283 for CVE-2024-38599",
"url": "https://bugzilla.suse.com/1227283"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-38599"
},
{
"cve": "CVE-2024-40914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40914"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/huge_memory: don\u0027t unpoison huge_zero_folio\n\nWhen I did memory failure tests recently, below panic occurs:\n\n kernel BUG at include/linux/mm.h:1135!\n invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 9 PID: 137 Comm: kswapd1 Not tainted 6.9.0-rc4-00491-gd5ce28f156fe-dirty #14\n RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0\n RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246\n RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8\n RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0\n RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492\n R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000\n R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00\n FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0\n Call Trace:\n \u003cTASK\u003e\n do_shrink_slab+0x14f/0x6a0\n shrink_slab+0xca/0x8c0\n shrink_node+0x2d0/0x7d0\n balance_pgdat+0x33a/0x720\n kswapd+0x1f3/0x410\n kthread+0xd5/0x100\n ret_from_fork+0x2f/0x50\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n Modules linked in: mce_inject hwpoison_inject\n ---[ end trace 0000000000000000 ]---\n RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0\n RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246\n RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8\n RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0\n RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492\n R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000\n R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00\n FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0\n\nThe root cause is that HWPoison flag will be set for huge_zero_folio\nwithout increasing the folio refcnt. But then unpoison_memory() will\ndecrease the folio refcnt unexpectedly as it appears like a successfully\nhwpoisoned folio leading to VM_BUG_ON_PAGE(page_ref_count(page) == 0) when\nreleasing huge_zero_folio.\n\nSkip unpoisoning huge_zero_folio in unpoison_memory() to fix this issue. \nWe\u0027re not prepared to unpoison huge_zero_folio yet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40914",
"url": "https://www.suse.com/security/cve/CVE-2024-40914"
},
{
"category": "external",
"summary": "SUSE Bug 1227842 for CVE-2024-40914",
"url": "https://bugzilla.suse.com/1227842"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-40914"
},
{
"cve": "CVE-2024-41016",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41016"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()\n\nxattr in ocfs2 maybe \u0027non-indexed\u0027, which saved with additional space\nrequested. It\u0027s better to check if the memory is out of bound before\nmemcmp, although this possibility mainly comes from crafted poisonous\nimages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41016",
"url": "https://www.suse.com/security/cve/CVE-2024-41016"
},
{
"category": "external",
"summary": "SUSE Bug 1228410 for CVE-2024-41016",
"url": "https://bugzilla.suse.com/1228410"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-41016"
},
{
"cve": "CVE-2024-41023",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41023"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/deadline: Fix task_struct reference leak\n\nDuring the execution of the following stress test with linux-rt:\n\nstress-ng --cyclic 30 --timeout 30 --minimize --quiet\n\nkmemleak frequently reported a memory leak concerning the task_struct:\n\nunreferenced object 0xffff8881305b8000 (size 16136):\n comm \"stress-ng\", pid 614, jiffies 4294883961 (age 286.412s)\n object hex dump (first 32 bytes):\n 02 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .@..............\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n debug hex dump (first 16 bytes):\n 53 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 S...............\n backtrace:\n [\u003c00000000046b6790\u003e] dup_task_struct+0x30/0x540\n [\u003c00000000c5ca0f0b\u003e] copy_process+0x3d9/0x50e0\n [\u003c00000000ced59777\u003e] kernel_clone+0xb0/0x770\n [\u003c00000000a50befdc\u003e] __do_sys_clone+0xb6/0xf0\n [\u003c000000001dbf2008\u003e] do_syscall_64+0x5d/0xf0\n [\u003c00000000552900ff\u003e] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\nThe issue occurs in start_dl_timer(), which increments the task_struct\nreference count and sets a timer. The timer callback, dl_task_timer,\nis supposed to decrement the reference count upon expiration. However,\nif enqueue_task_dl() is called before the timer expires and cancels it,\nthe reference count is not decremented, leading to the leak.\n\nThis patch fixes the reference leak by ensuring the task_struct\nreference count is properly decremented when the timer is canceled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41023",
"url": "https://www.suse.com/security/cve/CVE-2024-41023"
},
{
"category": "external",
"summary": "SUSE Bug 1228430 for CVE-2024-41023",
"url": "https://bugzilla.suse.com/1228430"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-41023"
},
{
"cve": "CVE-2024-41031",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41031"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/filemap: skip to create PMD-sized page cache if needed\n\nOn ARM64, HPAGE_PMD_ORDER is 13 when the base page size is 64KB. The\nPMD-sized page cache can\u0027t be supported by xarray as the following error\nmessages indicate.\n\n------------[ cut here ]------------\nWARNING: CPU: 35 PID: 7484 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128\nModules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib \\\nnft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct \\\nnft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 \\\nip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm \\\nfuse xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 \\\nsha1_ce virtio_net net_failover virtio_console virtio_blk failover \\\ndimlib virtio_mmio\nCPU: 35 PID: 7484 Comm: test Kdump: loaded Tainted: G W 6.10.0-rc5-gavin+ #9\nHardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024\npstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\npc : xas_split_alloc+0xf8/0x128\nlr : split_huge_page_to_list_to_order+0x1c4/0x720\nsp : ffff800087a4f6c0\nx29: ffff800087a4f6c0 x28: ffff800087a4f720 x27: 000000001fffffff\nx26: 0000000000000c40 x25: 000000000000000d x24: ffff00010625b858\nx23: ffff800087a4f720 x22: ffffffdfc0780000 x21: 0000000000000000\nx20: 0000000000000000 x19: ffffffdfc0780000 x18: 000000001ff40000\nx17: 00000000ffffffff x16: 0000018000000000 x15: 51ec004000000000\nx14: 0000e00000000000 x13: 0000000000002000 x12: 0000000000000020\nx11: 51ec000000000000 x10: 51ece1c0ffff8000 x9 : ffffbeb961a44d28\nx8 : 0000000000000003 x7 : ffffffdfc0456420 x6 : ffff0000e1aa6eb8\nx5 : 20bf08b4fe778fca x4 : ffffffdfc0456420 x3 : 0000000000000c40\nx2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000\nCall trace:\n xas_split_alloc+0xf8/0x128\n split_huge_page_to_list_to_order+0x1c4/0x720\n truncate_inode_partial_folio+0xdc/0x160\n truncate_inode_pages_range+0x1b4/0x4a8\n truncate_pagecache_range+0x84/0xa0\n xfs_flush_unmap_range+0x70/0x90 [xfs]\n xfs_file_fallocate+0xfc/0x4d8 [xfs]\n vfs_fallocate+0x124/0x2e8\n ksys_fallocate+0x4c/0xa0\n __arm64_sys_fallocate+0x24/0x38\n invoke_syscall.constprop.0+0x7c/0xd8\n do_el0_svc+0xb4/0xd0\n el0_svc+0x44/0x1d8\n el0t_64_sync_handler+0x134/0x150\n el0t_64_sync+0x17c/0x180\n\nFix it by skipping to allocate PMD-sized page cache when its size is\nlarger than MAX_PAGECACHE_ORDER. For this specific case, we will fall to\nregular path where the readahead window is determined by BDI\u0027s sysfs file\n(read_ahead_kb).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41031",
"url": "https://www.suse.com/security/cve/CVE-2024-41031"
},
{
"category": "external",
"summary": "SUSE Bug 1228454 for CVE-2024-41031",
"url": "https://bugzilla.suse.com/1228454"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "low"
}
],
"title": "CVE-2024-41031"
},
{
"cve": "CVE-2024-41047",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41047"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Fix XDP program unloading while removing the driver\n\nThe commit 6533e558c650 (\"i40e: Fix reset path while removing\nthe driver\") introduced a new PF state \"__I40E_IN_REMOVE\" to block\nmodifying the XDP program while the driver is being removed.\nUnfortunately, such a change is useful only if the \".ndo_bpf()\"\ncallback was called out of the rmmod context because unloading the\nexisting XDP program is also a part of driver removing procedure.\nIn other words, from the rmmod context the driver is expected to\nunload the XDP program without reporting any errors. Otherwise,\nthe kernel warning with callstack is printed out to dmesg.\n\nExample failing scenario:\n 1. Load the i40e driver.\n 2. Load the XDP program.\n 3. Unload the i40e driver (using \"rmmod\" command).\n\nThe example kernel warning log:\n\n[ +0.004646] WARNING: CPU: 94 PID: 10395 at net/core/dev.c:9290 unregister_netdevice_many_notify+0x7a9/0x870\n[...]\n[ +0.010959] RIP: 0010:unregister_netdevice_many_notify+0x7a9/0x870\n[...]\n[ +0.002726] Call Trace:\n[ +0.002457] \u003cTASK\u003e\n[ +0.002119] ? __warn+0x80/0x120\n[ +0.003245] ? unregister_netdevice_many_notify+0x7a9/0x870\n[ +0.005586] ? report_bug+0x164/0x190\n[ +0.003678] ? handle_bug+0x3c/0x80\n[ +0.003503] ? exc_invalid_op+0x17/0x70\n[ +0.003846] ? asm_exc_invalid_op+0x1a/0x20\n[ +0.004200] ? unregister_netdevice_many_notify+0x7a9/0x870\n[ +0.005579] ? unregister_netdevice_many_notify+0x3cc/0x870\n[ +0.005586] unregister_netdevice_queue+0xf7/0x140\n[ +0.004806] unregister_netdev+0x1c/0x30\n[ +0.003933] i40e_vsi_release+0x87/0x2f0 [i40e]\n[ +0.004604] i40e_remove+0x1a1/0x420 [i40e]\n[ +0.004220] pci_device_remove+0x3f/0xb0\n[ +0.003943] device_release_driver_internal+0x19f/0x200\n[ +0.005243] driver_detach+0x48/0x90\n[ +0.003586] bus_remove_driver+0x6d/0xf0\n[ +0.003939] pci_unregister_driver+0x2e/0xb0\n[ +0.004278] i40e_exit_module+0x10/0x5f0 [i40e]\n[ +0.004570] __do_sys_delete_module.isra.0+0x197/0x310\n[ +0.005153] do_syscall_64+0x85/0x170\n[ +0.003684] ? syscall_exit_to_user_mode+0x69/0x220\n[ +0.004886] ? do_syscall_64+0x95/0x170\n[ +0.003851] ? exc_page_fault+0x7e/0x180\n[ +0.003932] entry_SYSCALL_64_after_hwframe+0x71/0x79\n[ +0.005064] RIP: 0033:0x7f59dc9347cb\n[ +0.003648] Code: 73 01 c3 48 8b 0d 65 16 0c 00 f7 d8 64 89 01 48 83\nc8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 b0 00 00 00 0f\n05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 35 16 0c 00 f7 d8 64 89 01 48\n[ +0.018753] RSP: 002b:00007ffffac99048 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0\n[ +0.007577] RAX: ffffffffffffffda RBX: 0000559b9bb2f6e0 RCX: 00007f59dc9347cb\n[ +0.007140] RDX: 0000000000000000 RSI: 0000000000000800 RDI: 0000559b9bb2f748\n[ +0.007146] RBP: 00007ffffac99070 R08: 1999999999999999 R09: 0000000000000000\n[ +0.007133] R10: 00007f59dc9a5ac0 R11: 0000000000000206 R12: 0000000000000000\n[ +0.007141] R13: 00007ffffac992d8 R14: 0000559b9bb2f6e0 R15: 0000000000000000\n[ +0.007151] \u003c/TASK\u003e\n[ +0.002204] ---[ end trace 0000000000000000 ]---\n\nFix this by checking if the XDP program is being loaded or unloaded.\nThen, block only loading a new program while \"__I40E_IN_REMOVE\" is set.\nAlso, move testing \"__I40E_IN_REMOVE\" flag to the beginning of XDP_SETUP\ncallback to avoid unnecessary operations and checks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41047",
"url": "https://www.suse.com/security/cve/CVE-2024-41047"
},
{
"category": "external",
"summary": "SUSE Bug 1228537 for CVE-2024-41047",
"url": "https://bugzilla.suse.com/1228537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-41047"
},
{
"cve": "CVE-2024-41082",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41082"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-fabrics: use reserved tag for reg read/write command\n\nIn some scenarios, if too many commands are issued by nvme command in\nthe same time by user tasks, this may exhaust all tags of admin_q. If\na reset (nvme reset or IO timeout) occurs before these commands finish,\nreconnect routine may fail to update nvme regs due to insufficient tags,\nwhich will cause kernel hang forever. In order to workaround this issue,\nmaybe we can let reg_read32()/reg_read64()/reg_write32() use reserved\ntags. This maybe safe for nvmf:\n\n1. For the disable ctrl path, we will not issue connect command\n2. For the enable ctrl / fw activate path, since connect and reg_xx()\n are called serially.\n\nSo the reserved tags may still be enough while reg_xx() use reserved tags.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41082",
"url": "https://www.suse.com/security/cve/CVE-2024-41082"
},
{
"category": "external",
"summary": "SUSE Bug 1228620 for CVE-2024-41082",
"url": "https://bugzilla.suse.com/1228620"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-41082"
},
{
"cve": "CVE-2024-42102",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42102"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again\"\n\nPatch series \"mm: Avoid possible overflows in dirty throttling\".\n\nDirty throttling logic assumes dirty limits in page units fit into\n32-bits. This patch series makes sure this is true (see patch 2/2 for\nmore details).\n\n\nThis patch (of 2):\n\nThis reverts commit 9319b647902cbd5cc884ac08a8a6d54ce111fc78.\n\nThe commit is broken in several ways. Firstly, the removed (u64) cast\nfrom the multiplication will introduce a multiplication overflow on 32-bit\narchs if wb_thresh * bg_thresh \u003e= 1\u003c\u003c32 (which is actually common - the\ndefault settings with 4GB of RAM will trigger this). Secondly, the\ndiv64_u64() is unnecessarily expensive on 32-bit archs. We have\ndiv64_ul() in case we want to be safe \u0026 cheap. Thirdly, if dirty\nthresholds are larger than 1\u003c\u003c32 pages, then dirty balancing is going to\nblow up in many other spectacular ways anyway so trying to fix one\npossible overflow is just moot.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42102",
"url": "https://www.suse.com/security/cve/CVE-2024-42102"
},
{
"category": "external",
"summary": "SUSE Bug 1222364 for CVE-2024-42102",
"url": "https://bugzilla.suse.com/1222364"
},
{
"category": "external",
"summary": "SUSE Bug 1233132 for CVE-2024-42102",
"url": "https://bugzilla.suse.com/1233132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-42102"
},
{
"cve": "CVE-2024-42145",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42145"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/core: Implement a limit on UMAD receive List\n\nThe existing behavior of ib_umad, which maintains received MAD\npackets in an unbounded list, poses a risk of uncontrolled growth.\nAs user-space applications extract packets from this list, the rate\nof extraction may not match the rate of incoming packets, leading\nto potential list overflow.\n\nTo address this, we introduce a limit to the size of the list. After\nconsidering typical scenarios, such as OpenSM processing, which can\nhandle approximately 100k packets per second, and the 1-second retry\ntimeout for most packets, we set the list size limit to 200k. Packets\nreceived beyond this limit are dropped, assuming they are likely timed\nout by the time they are handled by user-space.\n\nNotably, packets queued on the receive list due to reasons like\ntimed-out sends are preserved even when the list is full.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42145",
"url": "https://www.suse.com/security/cve/CVE-2024-42145"
},
{
"category": "external",
"summary": "SUSE Bug 1223384 for CVE-2024-42145",
"url": "https://bugzilla.suse.com/1223384"
},
{
"category": "external",
"summary": "SUSE Bug 1228743 for CVE-2024-42145",
"url": "https://bugzilla.suse.com/1228743"
},
{
"category": "external",
"summary": "SUSE Bug 1228744 for CVE-2024-42145",
"url": "https://bugzilla.suse.com/1228744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-42145"
},
{
"cve": "CVE-2024-44932",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44932"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix UAFs when destroying the queues\n\nThe second tagged commit started sometimes (very rarely, but possible)\nthrowing WARNs from\nnet/core/page_pool.c:page_pool_disable_direct_recycling().\nTurned out idpf frees interrupt vectors with embedded NAPIs *before*\nfreeing the queues making page_pools\u0027 NAPI pointers lead to freed\nmemory before these pools are destroyed by libeth.\nIt\u0027s not clear whether there are other accesses to the freed vectors\nwhen destroying the queues, but anyway, we usually free queue/interrupt\nvectors only when the queues are destroyed and the NAPIs are guaranteed\nto not be referenced anywhere.\n\nInvert the allocation and freeing logic making queue/interrupt vectors\nbe allocated first and freed last. Vectors don\u0027t require queues to be\npresent, so this is safe. Additionally, this change allows to remove\nthat useless queue-\u003eq_vector pointer cleanup, as vectors are still\nvalid when freeing the queues (+ both are freed within one function,\nso it\u0027s not clear why nullify the pointers at all).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44932",
"url": "https://www.suse.com/security/cve/CVE-2024-44932"
},
{
"category": "external",
"summary": "SUSE Bug 1229808 for CVE-2024-44932",
"url": "https://bugzilla.suse.com/1229808"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-44932"
},
{
"cve": "CVE-2024-44958",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44958"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/smt: Fix unbalance sched_smt_present dec/inc\n\nI got the following warn report while doing stress test:\n\njump label: negative count!\nWARNING: CPU: 3 PID: 38 at kernel/jump_label.c:263 static_key_slow_try_dec+0x9d/0xb0\nCall Trace:\n \u003cTASK\u003e\n __static_key_slow_dec_cpuslocked+0x16/0x70\n sched_cpu_deactivate+0x26e/0x2a0\n cpuhp_invoke_callback+0x3ad/0x10d0\n cpuhp_thread_fun+0x3f5/0x680\n smpboot_thread_fn+0x56d/0x8d0\n kthread+0x309/0x400\n ret_from_fork+0x41/0x70\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e\n\nBecause when cpuset_cpu_inactive() fails in sched_cpu_deactivate(),\nthe cpu offline failed, but sched_smt_present is decremented before\ncalling sched_cpu_deactivate(), it leads to unbalanced dec/inc, so\nfix it by incrementing sched_smt_present in the error path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44958",
"url": "https://www.suse.com/security/cve/CVE-2024-44958"
},
{
"category": "external",
"summary": "SUSE Bug 1230179 for CVE-2024-44958",
"url": "https://bugzilla.suse.com/1230179"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-44958"
},
{
"cve": "CVE-2024-44964",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44964"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix memory leaks and crashes while performing a soft reset\n\nThe second tagged commit introduced a UAF, as it removed restoring\nq_vector-\u003evport pointers after reinitializating the structures.\nThis is due to that all queue allocation functions are performed here\nwith the new temporary vport structure and those functions rewrite\nthe backpointers to the vport. Then, this new struct is freed and\nthe pointers start leading to nowhere.\n\nBut generally speaking, the current logic is very fragile. It claims\nto be more reliable when the system is low on memory, but in fact, it\nconsumes two times more memory as at the moment of running this\nfunction, there are two vports allocated with their queues and vectors.\nMoreover, it claims to prevent the driver from running into \"bad state\",\nbut in fact, any error during the rebuild leaves the old vport in the\npartially allocated state.\nFinally, if the interface is down when the function is called, it always\nallocates a new queue set, but when the user decides to enable the\ninterface later on, vport_open() allocates them once again, IOW there\u0027s\na clear memory leak here.\n\nJust don\u0027t allocate a new queue set when performing a reset, that solves\ncrashes and memory leaks. Readd the old queue number and reopen the\ninterface on rollback - that solves limbo states when the device is left\ndisabled and/or without HW queues enabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44964",
"url": "https://www.suse.com/security/cve/CVE-2024-44964"
},
{
"category": "external",
"summary": "SUSE Bug 1230220 for CVE-2024-44964",
"url": "https://bugzilla.suse.com/1230220"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-44964"
},
{
"cve": "CVE-2024-44995",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44995"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix a deadlock problem when config TC during resetting\n\nWhen config TC during the reset process, may cause a deadlock, the flow is\nas below:\n pf reset start\n |\n \u25bc\n ......\nsetup tc |\n | \u25bc\n \u25bc DOWN: napi_disable()\nnapi_disable()(skip) |\n | |\n \u25bc \u25bc\n ...... ......\n | |\n \u25bc |\nnapi_enable() |\n \u25bc\n UINIT: netif_napi_del()\n |\n \u25bc\n ......\n |\n \u25bc\n INIT: netif_napi_add()\n |\n \u25bc\n ...... global reset start\n | |\n \u25bc \u25bc\n UP: napi_enable()(skip) ......\n | |\n \u25bc \u25bc\n ...... napi_disable()\n\nIn reset process, the driver will DOWN the port and then UINIT, in this\ncase, the setup tc process will UP the port before UINIT, so cause the\nproblem. Adds a DOWN process in UINIT to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44995",
"url": "https://www.suse.com/security/cve/CVE-2024-44995"
},
{
"category": "external",
"summary": "SUSE Bug 1230231 for CVE-2024-44995",
"url": "https://bugzilla.suse.com/1230231"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-44995"
},
{
"cve": "CVE-2024-45016",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45016"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetem: fix return value if duplicate enqueue fails\n\nThere is a bug in netem_enqueue() introduced by\ncommit 5845f706388a (\"net: netem: fix skb length BUG_ON in __skb_to_sgvec\")\nthat can lead to a use-after-free.\n\nThis commit made netem_enqueue() always return NET_XMIT_SUCCESS\nwhen a packet is duplicated, which can cause the parent qdisc\u0027s q.qlen\nto be mistakenly incremented. When this happens qlen_notify() may be\nskipped on the parent during destruction, leaving a dangling pointer\nfor some classful qdiscs like DRR.\n\nThere are two ways for the bug happen:\n\n- If the duplicated packet is dropped by rootq-\u003eenqueue() and then\n the original packet is also dropped.\n- If rootq-\u003eenqueue() sends the duplicated packet to a different qdisc\n and the original packet is dropped.\n\nIn both cases NET_XMIT_SUCCESS is returned even though no packets\nare enqueued at the netem qdisc.\n\nThe fix is to defer the enqueue of the duplicate packet until after\nthe original packet has been guaranteed to return NET_XMIT_SUCCESS.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45016",
"url": "https://www.suse.com/security/cve/CVE-2024-45016"
},
{
"category": "external",
"summary": "SUSE Bug 1230429 for CVE-2024-45016",
"url": "https://bugzilla.suse.com/1230429"
},
{
"category": "external",
"summary": "SUSE Bug 1230998 for CVE-2024-45016",
"url": "https://bugzilla.suse.com/1230998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-45016"
},
{
"cve": "CVE-2024-45025",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45025"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE\n\ncopy_fd_bitmaps(new, old, count) is expected to copy the first\ncount/BITS_PER_LONG bits from old-\u003efull_fds_bits[] and fill\nthe rest with zeroes. What it does is copying enough words\n(BITS_TO_LONGS(count/BITS_PER_LONG)), then memsets the rest.\nThat works fine, *if* all bits past the cutoff point are\nclear. Otherwise we are risking garbage from the last word\nwe\u0027d copied.\n\nFor most of the callers that is true - expand_fdtable() has\ncount equal to old-\u003emax_fds, so there\u0027s no open descriptors\npast count, let alone fully occupied words in -\u003eopen_fds[],\nwhich is what bits in -\u003efull_fds_bits[] correspond to.\n\nThe other caller (dup_fd()) passes sane_fdtable_size(old_fdt, max_fds),\nwhich is the smallest multiple of BITS_PER_LONG that covers all\nopened descriptors below max_fds. In the common case (copying on\nfork()) max_fds is ~0U, so all opened descriptors will be below\nit and we are fine, by the same reasons why the call in expand_fdtable()\nis safe.\n\nUnfortunately, there is a case where max_fds is less than that\nand where we might, indeed, end up with junk in -\u003efull_fds_bits[] -\nclose_range(from, to, CLOSE_RANGE_UNSHARE) with\n\t* descriptor table being currently shared\n\t* \u0027to\u0027 being above the current capacity of descriptor table\n\t* \u0027from\u0027 being just under some chunk of opened descriptors.\nIn that case we end up with observably wrong behaviour - e.g. spawn\na child with CLONE_FILES, get all descriptors in range 0..127 open,\nthen close_range(64, ~0U, CLOSE_RANGE_UNSHARE) and watch dup(0) ending\nup with descriptor #128, despite #64 being observably not open.\n\nThe minimally invasive fix would be to deal with that in dup_fd().\nIf this proves to add measurable overhead, we can go that way, but\nlet\u0027s try to fix copy_fd_bitmaps() first.\n\n* new helper: bitmap_copy_and_expand(to, from, bits_to_copy, size).\n* make copy_fd_bitmaps() take the bitmap size in words, rather than\nbits; it\u0027s \u0027count\u0027 argument is always a multiple of BITS_PER_LONG,\nso we are not losing any information, and that way we can use the\nsame helper for all three bitmaps - compiler will see that count\nis a multiple of BITS_PER_LONG for the large ones, so it\u0027ll generate\nplain memcpy()+memset().\n\nReproducer added to tools/testing/selftests/core/close_range_test.c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45025",
"url": "https://www.suse.com/security/cve/CVE-2024-45025"
},
{
"category": "external",
"summary": "SUSE Bug 1230456 for CVE-2024-45025",
"url": "https://bugzilla.suse.com/1230456"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-45025"
},
{
"cve": "CVE-2024-46678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46678"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: change ipsec_lock from spin lock to mutex\n\nIn the cited commit, bond-\u003eipsec_lock is added to protect ipsec_list,\nhence xdo_dev_state_add and xdo_dev_state_delete are called inside\nthis lock. As ipsec_lock is a spin lock and such xfrmdev ops may sleep,\n\"scheduling while atomic\" will be triggered when changing bond\u0027s\nactive slave.\n\n[ 101.055189] BUG: scheduling while atomic: bash/902/0x00000200\n[ 101.055726] Modules linked in:\n[ 101.058211] CPU: 3 PID: 902 Comm: bash Not tainted 6.9.0-rc4+ #1\n[ 101.058760] Hardware name:\n[ 101.059434] Call Trace:\n[ 101.059436] \u003cTASK\u003e\n[ 101.060873] dump_stack_lvl+0x51/0x60\n[ 101.061275] __schedule_bug+0x4e/0x60\n[ 101.061682] __schedule+0x612/0x7c0\n[ 101.062078] ? __mod_timer+0x25c/0x370\n[ 101.062486] schedule+0x25/0xd0\n[ 101.062845] schedule_timeout+0x77/0xf0\n[ 101.063265] ? asm_common_interrupt+0x22/0x40\n[ 101.063724] ? __bpf_trace_itimer_state+0x10/0x10\n[ 101.064215] __wait_for_common+0x87/0x190\n[ 101.064648] ? usleep_range_state+0x90/0x90\n[ 101.065091] cmd_exec+0x437/0xb20 [mlx5_core]\n[ 101.065569] mlx5_cmd_do+0x1e/0x40 [mlx5_core]\n[ 101.066051] mlx5_cmd_exec+0x18/0x30 [mlx5_core]\n[ 101.066552] mlx5_crypto_create_dek_key+0xea/0x120 [mlx5_core]\n[ 101.067163] ? bonding_sysfs_store_option+0x4d/0x80 [bonding]\n[ 101.067738] ? kmalloc_trace+0x4d/0x350\n[ 101.068156] mlx5_ipsec_create_sa_ctx+0x33/0x100 [mlx5_core]\n[ 101.068747] mlx5e_xfrm_add_state+0x47b/0xaa0 [mlx5_core]\n[ 101.069312] bond_change_active_slave+0x392/0x900 [bonding]\n[ 101.069868] bond_option_active_slave_set+0x1c2/0x240 [bonding]\n[ 101.070454] __bond_opt_set+0xa6/0x430 [bonding]\n[ 101.070935] __bond_opt_set_notify+0x2f/0x90 [bonding]\n[ 101.071453] bond_opt_tryset_rtnl+0x72/0xb0 [bonding]\n[ 101.071965] bonding_sysfs_store_option+0x4d/0x80 [bonding]\n[ 101.072567] kernfs_fop_write_iter+0x10c/0x1a0\n[ 101.073033] vfs_write+0x2d8/0x400\n[ 101.073416] ? alloc_fd+0x48/0x180\n[ 101.073798] ksys_write+0x5f/0xe0\n[ 101.074175] do_syscall_64+0x52/0x110\n[ 101.074576] entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nAs bond_ipsec_add_sa_all and bond_ipsec_del_sa_all are only called\nfrom bond_change_active_slave, which requires holding the RTNL lock.\nAnd bond_ipsec_add_sa and bond_ipsec_del_sa are xfrm state\nxdo_dev_state_add and xdo_dev_state_delete APIs, which are in user\ncontext. So ipsec_lock doesn\u0027t have to be spin lock, change it to\nmutex, and thus the above issue can be resolved.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46678",
"url": "https://www.suse.com/security/cve/CVE-2024-46678"
},
{
"category": "external",
"summary": "SUSE Bug 1230550 for CVE-2024-46678",
"url": "https://bugzilla.suse.com/1230550"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46678"
},
{
"cve": "CVE-2024-46680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46680"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Fix random crash seen while removing driver\n\nThis fixes the random kernel crash seen while removing the driver, when\nrunning the load/unload test over multiple iterations.\n\n1) modprobe btnxpuart\n2) hciconfig hci0 reset\n3) hciconfig (check hci0 interface up with valid BD address)\n4) modprobe -r btnxpuart\nRepeat steps 1 to 4\n\nThe ps_wakeup() call in btnxpuart_close() schedules the psdata-\u003ework(),\nwhich gets scheduled after module is removed, causing a kernel crash.\n\nThis hidden issue got highlighted after enabling Power Save by default\nin 4183a7be7700 (Bluetooth: btnxpuart: Enable Power Save feature on\nstartup)\n\nThe new ps_cleanup() deasserts UART break immediately while closing\nserdev device, cancels any scheduled ps_work and destroys the ps_lock\nmutex.\n\n[ 85.884604] Unable to handle kernel paging request at virtual address ffffd4a61638f258\n[ 85.884624] Mem abort info:\n[ 85.884625] ESR = 0x0000000086000007\n[ 85.884628] EC = 0x21: IABT (current EL), IL = 32 bits\n[ 85.884633] SET = 0, FnV = 0\n[ 85.884636] EA = 0, S1PTW = 0\n[ 85.884638] FSC = 0x07: level 3 translation fault\n[ 85.884642] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000041dd0000\n[ 85.884646] [ffffd4a61638f258] pgd=1000000095fff003, p4d=1000000095fff003, pud=100000004823d003, pmd=100000004823e003, pte=0000000000000000\n[ 85.884662] Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP\n[ 85.890932] Modules linked in: algif_hash algif_skcipher af_alg overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 caam secvio error snd_soc_fsl_spdif snd_soc_fsl_micfil snd_soc_fsl_sai snd_soc_fsl_utils gpio_ir_recv rc_core fuse [last unloaded: btnxpuart(O)]\n[ 85.927297] CPU: 1 PID: 67 Comm: kworker/1:3 Tainted: G O 6.1.36+g937b1be4345a #1\n[ 85.936176] Hardware name: FSL i.MX8MM EVK board (DT)\n[ 85.936182] Workqueue: events 0xffffd4a61638f380\n[ 85.936198] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 85.952817] pc : 0xffffd4a61638f258\n[ 85.952823] lr : 0xffffd4a61638f258\n[ 85.952827] sp : ffff8000084fbd70\n[ 85.952829] x29: ffff8000084fbd70 x28: 0000000000000000 x27: 0000000000000000\n[ 85.963112] x26: ffffd4a69133f000 x25: ffff4bf1c8540990 x24: ffff4bf215b87305\n[ 85.963119] x23: ffff4bf215b87300 x22: ffff4bf1c85409d0 x21: ffff4bf1c8540970\n[ 85.977382] x20: 0000000000000000 x19: ffff4bf1c8540880 x18: 0000000000000000\n[ 85.977391] x17: 0000000000000000 x16: 0000000000000133 x15: 0000ffffe2217090\n[ 85.977399] x14: 0000000000000001 x13: 0000000000000133 x12: 0000000000000139\n[ 85.977407] x11: 0000000000000001 x10: 0000000000000a60 x9 : ffff8000084fbc50\n[ 85.977417] x8 : ffff4bf215b7d000 x7 : ffff4bf215b83b40 x6 : 00000000000003e8\n[ 85.977424] x5 : 00000000410fd030 x4 : 0000000000000000 x3 : 0000000000000000\n[ 85.977432] x2 : 0000000000000000 x1 : ffff4bf1c4265880 x0 : 0000000000000000\n[ 85.977443] Call trace:\n[ 85.977446] 0xffffd4a61638f258\n[ 85.977451] 0xffffd4a61638f3e8\n[ 85.977455] process_one_work+0x1d4/0x330\n[ 85.977464] worker_thread+0x6c/0x430\n[ 85.977471] kthread+0x108/0x10c\n[ 85.977476] ret_from_fork+0x10/0x20\n[ 85.977488] Code: bad PC value\n[ 85.977491] ---[ end trace 0000000000000000 ]---\n\nPreset since v6.9.11",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46680",
"url": "https://www.suse.com/security/cve/CVE-2024-46680"
},
{
"category": "external",
"summary": "SUSE Bug 1230557 for CVE-2024-46680",
"url": "https://bugzilla.suse.com/1230557"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46680"
},
{
"cve": "CVE-2024-46681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46681"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npktgen: use cpus_read_lock() in pg_net_init()\n\nI have seen the WARN_ON(smp_processor_id() != cpu) firing\nin pktgen_thread_worker() during tests.\n\nWe must use cpus_read_lock()/cpus_read_unlock()\naround the for_each_online_cpu(cpu) loop.\n\nWhile we are at it use WARN_ON_ONCE() to avoid a possible syslog flood.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46681",
"url": "https://www.suse.com/security/cve/CVE-2024-46681"
},
{
"category": "external",
"summary": "SUSE Bug 1230558 for CVE-2024-46681",
"url": "https://bugzilla.suse.com/1230558"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46681"
},
{
"cve": "CVE-2024-46721",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46721"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix possible NULL pointer dereference\n\nprofile-\u003eparent-\u003edents[AAFS_PROF_DIR] could be NULL only if its parent is made\nfrom __create_missing_ancestors(..) and \u0027ent-\u003eold\u0027 is NULL in\naa_replace_profiles(..).\nIn that case, it must return an error code and the code, -ENOENT represents\nits state that the path of its parent is not existed yet.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000030\nPGD 0 P4D 0\nPREEMPT SMP PTI\nCPU: 4 PID: 3362 Comm: apparmor_parser Not tainted 6.8.0-24-generic #24\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\nRIP: 0010:aafs_create.constprop.0+0x7f/0x130\nCode: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc \u003c4d\u003e 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae\nRSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0\nCall Trace:\n \u003cTASK\u003e\n ? show_regs+0x6d/0x80\n ? __die+0x24/0x80\n ? page_fault_oops+0x99/0x1b0\n ? kernelmode_fixup_or_oops+0xb2/0x140\n ? __bad_area_nosemaphore+0x1a5/0x2c0\n ? find_vma+0x34/0x60\n ? bad_area_nosemaphore+0x16/0x30\n ? do_user_addr_fault+0x2a2/0x6b0\n ? exc_page_fault+0x83/0x1b0\n ? asm_exc_page_fault+0x27/0x30\n ? aafs_create.constprop.0+0x7f/0x130\n ? aafs_create.constprop.0+0x51/0x130\n __aafs_profile_mkdir+0x3d6/0x480\n aa_replace_profiles+0x83f/0x1270\n policy_update+0xe3/0x180\n profile_load+0xbc/0x150\n ? rw_verify_area+0x47/0x140\n vfs_write+0x100/0x480\n ? __x64_sys_openat+0x55/0xa0\n ? syscall_exit_to_user_mode+0x86/0x260\n ksys_write+0x73/0x100\n __x64_sys_write+0x19/0x30\n x64_sys_call+0x7e/0x25c0\n do_syscall_64+0x7f/0x180\n entry_SYSCALL_64_after_hwframe+0x78/0x80\nRIP: 0033:0x7be9f211c574\nCode: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d d5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89\nRSP: 002b:00007ffd26f2b8c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 00005d504415e200 RCX: 00007be9f211c574\nRDX: 0000000000001fc1 RSI: 00005d504418bc80 RDI: 0000000000000004\nRBP: 0000000000001fc1 R08: 0000000000001fc1 R09: 0000000080000000\nR10: 0000000000000000 R11: 0000000000000202 R12: 00005d504418bc80\nR13: 0000000000000004 R14: 00007ffd26f2b9b0 R15: 00007ffd26f2ba30\n \u003c/TASK\u003e\nModules linked in: snd_seq_dummy snd_hrtimer qrtr snd_hda_codec_generic snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device i2c_i801 snd_timer i2c_smbus qxl snd soundcore drm_ttm_helper lpc_ich ttm joydev input_leds serio_raw mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs qemu_fw_cfg ip_tables x_tables autofs4 hid_generic usbhid hid ahci libahci psmouse virtio_rng xhci_pci xhci_pci_renesas\nCR2: 0000000000000030\n---[ end trace 0000000000000000 ]---\nRIP: 0010:aafs_create.constprop.0+0x7f/0x130\nCode: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc \u003c4d\u003e 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae\nRSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46721",
"url": "https://www.suse.com/security/cve/CVE-2024-46721"
},
{
"category": "external",
"summary": "SUSE Bug 1230710 for CVE-2024-46721",
"url": "https://bugzilla.suse.com/1230710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46721"
},
{
"cve": "CVE-2024-46754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46754"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Remove tst_run from lwt_seg6local_prog_ops.\n\nThe syzbot reported that the lwt_seg6 related BPF ops can be invoked\nvia bpf_test_run() without without entering input_action_end_bpf()\nfirst.\n\nMartin KaFai Lau said that self test for BPF_PROG_TYPE_LWT_SEG6LOCAL\nprobably didn\u0027t work since it was introduced in commit 04d4b274e2a\n(\"ipv6: sr: Add seg6local action End.BPF\"). The reason is that the\nper-CPU variable seg6_bpf_srh_states::srh is never assigned in the self\ntest case but each BPF function expects it.\n\nRemove test_run for BPF_PROG_TYPE_LWT_SEG6LOCAL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46754",
"url": "https://www.suse.com/security/cve/CVE-2024-46754"
},
{
"category": "external",
"summary": "SUSE Bug 1230801 for CVE-2024-46754",
"url": "https://bugzilla.suse.com/1230801"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46754"
},
{
"cve": "CVE-2024-46765",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46765"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: protect XDP configuration with a mutex\n\nThe main threat to data consistency in ice_xdp() is a possible asynchronous\nPF reset. It can be triggered by a user or by TX timeout handler.\n\nXDP setup and PF reset code access the same resources in the following\nsections:\n* ice_vsi_close() in ice_prepare_for_reset() - already rtnl-locked\n* ice_vsi_rebuild() for the PF VSI - not protected\n* ice_vsi_open() - already rtnl-locked\n\nWith an unfortunate timing, such accesses can result in a crash such as the\none below:\n\n[ +1.999878] ice 0000:b1:00.0: Registered XDP mem model MEM_TYPE_XSK_BUFF_POOL on Rx ring 14\n[ +2.002992] ice 0000:b1:00.0: Registered XDP mem model MEM_TYPE_XSK_BUFF_POOL on Rx ring 18\n[Mar15 18:17] ice 0000:b1:00.0 ens801f0np0: NETDEV WATCHDOG: CPU: 38: transmit queue 14 timed out 80692736 ms\n[ +0.000093] ice 0000:b1:00.0 ens801f0np0: tx_timeout: VSI_num: 6, Q 14, NTC: 0x0, HW_HEAD: 0x0, NTU: 0x0, INT: 0x4000001\n[ +0.000012] ice 0000:b1:00.0 ens801f0np0: tx_timeout recovery level 1, txqueue 14\n[ +0.394718] ice 0000:b1:00.0: PTP reset successful\n[ +0.006184] BUG: kernel NULL pointer dereference, address: 0000000000000098\n[ +0.000045] #PF: supervisor read access in kernel mode\n[ +0.000023] #PF: error_code(0x0000) - not-present page\n[ +0.000023] PGD 0 P4D 0\n[ +0.000018] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ +0.000023] CPU: 38 PID: 7540 Comm: kworker/38:1 Not tainted 6.8.0-rc7 #1\n[ +0.000031] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0014.082620210524 08/26/2021\n[ +0.000036] Workqueue: ice ice_service_task [ice]\n[ +0.000183] RIP: 0010:ice_clean_tx_ring+0xa/0xd0 [ice]\n[...]\n[ +0.000013] Call Trace:\n[ +0.000016] \u003cTASK\u003e\n[ +0.000014] ? __die+0x1f/0x70\n[ +0.000029] ? page_fault_oops+0x171/0x4f0\n[ +0.000029] ? schedule+0x3b/0xd0\n[ +0.000027] ? exc_page_fault+0x7b/0x180\n[ +0.000022] ? asm_exc_page_fault+0x22/0x30\n[ +0.000031] ? ice_clean_tx_ring+0xa/0xd0 [ice]\n[ +0.000194] ice_free_tx_ring+0xe/0x60 [ice]\n[ +0.000186] ice_destroy_xdp_rings+0x157/0x310 [ice]\n[ +0.000151] ice_vsi_decfg+0x53/0xe0 [ice]\n[ +0.000180] ice_vsi_rebuild+0x239/0x540 [ice]\n[ +0.000186] ice_vsi_rebuild_by_type+0x76/0x180 [ice]\n[ +0.000145] ice_rebuild+0x18c/0x840 [ice]\n[ +0.000145] ? delay_tsc+0x4a/0xc0\n[ +0.000022] ? delay_tsc+0x92/0xc0\n[ +0.000020] ice_do_reset+0x140/0x180 [ice]\n[ +0.000886] ice_service_task+0x404/0x1030 [ice]\n[ +0.000824] process_one_work+0x171/0x340\n[ +0.000685] worker_thread+0x277/0x3a0\n[ +0.000675] ? preempt_count_add+0x6a/0xa0\n[ +0.000677] ? _raw_spin_lock_irqsave+0x23/0x50\n[ +0.000679] ? __pfx_worker_thread+0x10/0x10\n[ +0.000653] kthread+0xf0/0x120\n[ +0.000635] ? __pfx_kthread+0x10/0x10\n[ +0.000616] ret_from_fork+0x2d/0x50\n[ +0.000612] ? __pfx_kthread+0x10/0x10\n[ +0.000604] ret_from_fork_asm+0x1b/0x30\n[ +0.000604] \u003c/TASK\u003e\n\nThe previous way of handling this through returning -EBUSY is not viable,\nparticularly when destroying AF_XDP socket, because the kernel proceeds\nwith removal anyway.\n\nThere is plenty of code between those calls and there is no need to create\na large critical section that covers all of them, same as there is no need\nto protect ice_vsi_rebuild() with rtnl_lock().\n\nAdd xdp_state_lock mutex to protect ice_vsi_rebuild() and ice_xdp().\n\nLeaving unprotected sections in between would result in two states that\nhave to be considered:\n1. when the VSI is closed, but not yet rebuild\n2. when VSI is already rebuild, but not yet open\n\nThe latter case is actually already handled through !netif_running() case,\nwe just need to adjust flag checking a little. The former one is not as\ntrivial, because between ice_vsi_close() and ice_vsi_rebuild(), a lot of\nhardware interaction happens, this can make adding/deleting rings exit\nwith an error. Luckily, VSI rebuild is pending and can apply new\nconfiguration for us in a managed fashion.\n\nTherefore, add an additional VSI state flag ICE_VSI_REBUILD_PENDING to\nindicate that ice_x\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46765",
"url": "https://www.suse.com/security/cve/CVE-2024-46765"
},
{
"category": "external",
"summary": "SUSE Bug 1230807 for CVE-2024-46765",
"url": "https://bugzilla.suse.com/1230807"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46765"
},
{
"cve": "CVE-2024-46766",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46766"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: move netif_queue_set_napi to rtnl-protected sections\n\nCurrently, netif_queue_set_napi() is called from ice_vsi_rebuild() that is\nnot rtnl-locked when called from the reset. This creates the need to take\nthe rtnl_lock just for a single function and complicates the\nsynchronization with .ndo_bpf. At the same time, there no actual need to\nfill napi-to-queue information at this exact point.\n\nFill napi-to-queue information when opening the VSI and clear it when the\nVSI is being closed. Those routines are already rtnl-locked.\n\nAlso, rewrite napi-to-queue assignment in a way that prevents inclusion of\nXDP queues, as this leads to out-of-bounds writes, such as one below.\n\n[ +0.000004] BUG: KASAN: slab-out-of-bounds in netif_queue_set_napi+0x1c2/0x1e0\n[ +0.000012] Write of size 8 at addr ffff889881727c80 by task bash/7047\n[ +0.000006] CPU: 24 PID: 7047 Comm: bash Not tainted 6.10.0-rc2+ #2\n[ +0.000004] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0014.082620210524 08/26/2021\n[ +0.000003] Call Trace:\n[ +0.000003] \u003cTASK\u003e\n[ +0.000002] dump_stack_lvl+0x60/0x80\n[ +0.000007] print_report+0xce/0x630\n[ +0.000007] ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n[ +0.000007] ? __virt_addr_valid+0x1c9/0x2c0\n[ +0.000005] ? netif_queue_set_napi+0x1c2/0x1e0\n[ +0.000003] kasan_report+0xe9/0x120\n[ +0.000004] ? netif_queue_set_napi+0x1c2/0x1e0\n[ +0.000004] netif_queue_set_napi+0x1c2/0x1e0\n[ +0.000005] ice_vsi_close+0x161/0x670 [ice]\n[ +0.000114] ice_dis_vsi+0x22f/0x270 [ice]\n[ +0.000095] ice_pf_dis_all_vsi.constprop.0+0xae/0x1c0 [ice]\n[ +0.000086] ice_prepare_for_reset+0x299/0x750 [ice]\n[ +0.000087] pci_dev_save_and_disable+0x82/0xd0\n[ +0.000006] pci_reset_function+0x12d/0x230\n[ +0.000004] reset_store+0xa0/0x100\n[ +0.000006] ? __pfx_reset_store+0x10/0x10\n[ +0.000002] ? __pfx_mutex_lock+0x10/0x10\n[ +0.000004] ? __check_object_size+0x4c1/0x640\n[ +0.000007] kernfs_fop_write_iter+0x30b/0x4a0\n[ +0.000006] vfs_write+0x5d6/0xdf0\n[ +0.000005] ? fd_install+0x180/0x350\n[ +0.000005] ? __pfx_vfs_write+0x10/0xA10\n[ +0.000004] ? do_fcntl+0x52c/0xcd0\n[ +0.000004] ? kasan_save_track+0x13/0x60\n[ +0.000003] ? kasan_save_free_info+0x37/0x60\n[ +0.000006] ksys_write+0xfa/0x1d0\n[ +0.000003] ? __pfx_ksys_write+0x10/0x10\n[ +0.000002] ? __x64_sys_fcntl+0x121/0x180\n[ +0.000004] ? _raw_spin_lock+0x87/0xe0\n[ +0.000005] do_syscall_64+0x80/0x170\n[ +0.000007] ? _raw_spin_lock+0x87/0xe0\n[ +0.000004] ? __pfx__raw_spin_lock+0x10/0x10\n[ +0.000003] ? file_close_fd_locked+0x167/0x230\n[ +0.000005] ? syscall_exit_to_user_mode+0x7d/0x220\n[ +0.000005] ? do_syscall_64+0x8c/0x170\n[ +0.000004] ? do_syscall_64+0x8c/0x170\n[ +0.000003] ? do_syscall_64+0x8c/0x170\n[ +0.000003] ? fput+0x1a/0x2c0\n[ +0.000004] ? filp_close+0x19/0x30\n[ +0.000004] ? do_dup2+0x25a/0x4c0\n[ +0.000004] ? __x64_sys_dup2+0x6e/0x2e0\n[ +0.000002] ? syscall_exit_to_user_mode+0x7d/0x220\n[ +0.000004] ? do_syscall_64+0x8c/0x170\n[ +0.000003] ? __count_memcg_events+0x113/0x380\n[ +0.000005] ? handle_mm_fault+0x136/0x820\n[ +0.000005] ? do_user_addr_fault+0x444/0xa80\n[ +0.000004] ? clear_bhb_loop+0x25/0x80\n[ +0.000004] ? clear_bhb_loop+0x25/0x80\n[ +0.000002] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ +0.000005] RIP: 0033:0x7f2033593154",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46766",
"url": "https://www.suse.com/security/cve/CVE-2024-46766"
},
{
"category": "external",
"summary": "SUSE Bug 1230762 for CVE-2024-46766",
"url": "https://bugzilla.suse.com/1230762"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46766"
},
{
"cve": "CVE-2024-46770",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46770"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Add netif_device_attach/detach into PF reset flow\n\nEthtool callbacks can be executed while reset is in progress and try to\naccess deleted resources, e.g. getting coalesce settings can result in a\nNULL pointer dereference seen below.\n\nReproduction steps:\nOnce the driver is fully initialized, trigger reset:\n\t# echo 1 \u003e /sys/class/net/\u003cinterface\u003e/device/reset\nwhen reset is in progress try to get coalesce settings using ethtool:\n\t# ethtool -c \u003cinterface\u003e\n\nBUG: kernel NULL pointer dereference, address: 0000000000000020\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] PREEMPT SMP PTI\nCPU: 11 PID: 19713 Comm: ethtool Tainted: G S 6.10.0-rc7+ #7\nRIP: 0010:ice_get_q_coalesce+0x2e/0xa0 [ice]\nRSP: 0018:ffffbab1e9bcf6a8 EFLAGS: 00010206\nRAX: 000000000000000c RBX: ffff94512305b028 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffff9451c3f2e588 RDI: ffff9451c3f2e588\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\nR10: ffff9451c3f2e580 R11: 000000000000001f R12: ffff945121fa9000\nR13: ffffbab1e9bcf760 R14: 0000000000000013 R15: ffffffff9e65dd40\nFS: 00007faee5fbe740(0000) GS:ffff94546fd80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000020 CR3: 0000000106c2e005 CR4: 00000000001706f0\nCall Trace:\n\u003cTASK\u003e\nice_get_coalesce+0x17/0x30 [ice]\ncoalesce_prepare_data+0x61/0x80\nethnl_default_doit+0xde/0x340\ngenl_family_rcv_msg_doit+0xf2/0x150\ngenl_rcv_msg+0x1b3/0x2c0\nnetlink_rcv_skb+0x5b/0x110\ngenl_rcv+0x28/0x40\nnetlink_unicast+0x19c/0x290\nnetlink_sendmsg+0x222/0x490\n__sys_sendto+0x1df/0x1f0\n__x64_sys_sendto+0x24/0x30\ndo_syscall_64+0x82/0x160\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7faee60d8e27\n\nCalling netif_device_detach() before reset makes the net core not call\nthe driver when ethtool command is issued, the attempt to execute an\nethtool command during reset will result in the following message:\n\n netlink error: No such device\n\ninstead of NULL pointer dereference. Once reset is done and\nice_rebuild() is executing, the netif_device_attach() is called to allow\nfor ethtool operations to occur again in a safe manner.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46770",
"url": "https://www.suse.com/security/cve/CVE-2024-46770"
},
{
"category": "external",
"summary": "SUSE Bug 1230763 for CVE-2024-46770",
"url": "https://bugzilla.suse.com/1230763"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46770"
},
{
"cve": "CVE-2024-46775",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46775"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Validate function returns\n\n[WHAT \u0026 HOW]\nFunction return values must be checked before data can be used\nin subsequent functions.\n\nThis fixes 4 CHECKED_RETURN issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46775",
"url": "https://www.suse.com/security/cve/CVE-2024-46775"
},
{
"category": "external",
"summary": "SUSE Bug 1230774 for CVE-2024-46775",
"url": "https://bugzilla.suse.com/1230774"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46775"
},
{
"cve": "CVE-2024-46777",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46777"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Avoid excessive partition lengths\n\nAvoid mounting filesystems where the partition would overflow the\n32-bits used for block number. Also refuse to mount filesystems where\nthe partition length is so large we cannot safely index bits in a\nblock bitmap.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46777",
"url": "https://www.suse.com/security/cve/CVE-2024-46777"
},
{
"category": "external",
"summary": "SUSE Bug 1230773 for CVE-2024-46777",
"url": "https://bugzilla.suse.com/1230773"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46777"
},
{
"cve": "CVE-2024-46788",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46788"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/osnoise: Use a cpumask to know what threads are kthreads\n\nThe start_kthread() and stop_thread() code was not always called with the\ninterface_lock held. This means that the kthread variable could be\nunexpectedly changed causing the kthread_stop() to be called on it when it\nshould not have been, leading to:\n\n while true; do\n rtla timerlat top -u -q \u0026 PID=$!;\n sleep 5;\n kill -INT $PID;\n sleep 0.001;\n kill -TERM $PID;\n wait $PID;\n done\n\nCausing the following OOPS:\n\n Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN PTI\n KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\n CPU: 5 UID: 0 PID: 885 Comm: timerlatu/5 Not tainted 6.11.0-rc4-test-00002-gbc754cc76d1b-dirty #125 a533010b71dab205ad2f507188ce8c82203b0254\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n RIP: 0010:hrtimer_active+0x58/0x300\n Code: 48 c1 ee 03 41 54 48 01 d1 48 01 d6 55 53 48 83 ec 20 80 39 00 0f 85 30 02 00 00 49 8b 6f 30 4c 8d 75 10 4c 89 f0 48 c1 e8 03 \u003c0f\u003e b6 3c 10 4c 89 f0 83 e0 07 83 c0 03 40 38 f8 7c 09 40 84 ff 0f\n RSP: 0018:ffff88811d97f940 EFLAGS: 00010202\n RAX: 0000000000000002 RBX: ffff88823c6b5b28 RCX: ffffed10478d6b6b\n RDX: dffffc0000000000 RSI: ffffed10478d6b6c RDI: ffff88823c6b5b28\n RBP: 0000000000000000 R08: ffff88823c6b5b58 R09: ffff88823c6b5b60\n R10: ffff88811d97f957 R11: 0000000000000010 R12: 00000000000a801d\n R13: ffff88810d8b35d8 R14: 0000000000000010 R15: ffff88823c6b5b28\n FS: 0000000000000000(0000) GS:ffff88823c680000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000561858ad7258 CR3: 000000007729e001 CR4: 0000000000170ef0\n Call Trace:\n \u003cTASK\u003e\n ? die_addr+0x40/0xa0\n ? exc_general_protection+0x154/0x230\n ? asm_exc_general_protection+0x26/0x30\n ? hrtimer_active+0x58/0x300\n ? __pfx_mutex_lock+0x10/0x10\n ? __pfx_locks_remove_file+0x10/0x10\n hrtimer_cancel+0x15/0x40\n timerlat_fd_release+0x8e/0x1f0\n ? security_file_release+0x43/0x80\n __fput+0x372/0xb10\n task_work_run+0x11e/0x1f0\n ? _raw_spin_lock+0x85/0xe0\n ? __pfx_task_work_run+0x10/0x10\n ? poison_slab_object+0x109/0x170\n ? do_exit+0x7a0/0x24b0\n do_exit+0x7bd/0x24b0\n ? __pfx_migrate_enable+0x10/0x10\n ? __pfx_do_exit+0x10/0x10\n ? __pfx_read_tsc+0x10/0x10\n ? ktime_get+0x64/0x140\n ? _raw_spin_lock_irq+0x86/0xe0\n do_group_exit+0xb0/0x220\n get_signal+0x17ba/0x1b50\n ? vfs_read+0x179/0xa40\n ? timerlat_fd_read+0x30b/0x9d0\n ? __pfx_get_signal+0x10/0x10\n ? __pfx_timerlat_fd_read+0x10/0x10\n arch_do_signal_or_restart+0x8c/0x570\n ? __pfx_arch_do_signal_or_restart+0x10/0x10\n ? vfs_read+0x179/0xa40\n ? ksys_read+0xfe/0x1d0\n ? __pfx_ksys_read+0x10/0x10\n syscall_exit_to_user_mode+0xbc/0x130\n do_syscall_64+0x74/0x110\n ? __pfx___rseq_handle_notify_resume+0x10/0x10\n ? __pfx_ksys_read+0x10/0x10\n ? fpregs_restore_userregs+0xdb/0x1e0\n ? fpregs_restore_userregs+0xdb/0x1e0\n ? syscall_exit_to_user_mode+0x116/0x130\n ? do_syscall_64+0x74/0x110\n ? do_syscall_64+0x74/0x110\n ? do_syscall_64+0x74/0x110\n entry_SYSCALL_64_after_hwframe+0x71/0x79\n RIP: 0033:0x7ff0070eca9c\n Code: Unable to access opcode bytes at 0x7ff0070eca72.\n RSP: 002b:00007ff006dff8c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\n RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00007ff0070eca9c\n RDX: 0000000000000400 RSI: 00007ff006dff9a0 RDI: 0000000000000003\n RBP: 00007ff006dffde0 R08: 0000000000000000 R09: 00007ff000000ba0\n R10: 00007ff007004b08 R11: 0000000000000246 R12: 0000000000000003\n R13: 00007ff006dff9a0 R14: 0000000000000007 R15: 0000000000000008\n \u003c/TASK\u003e\n Modules linked in: snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hwdep snd_hda_core\n ---[ end trace 0000000000000000 ]---\n\nThis is because it would mistakenly call kthread_stop() on a user space\nthread making it \"exit\" before it actually exits.\n\nSince kthread\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46788",
"url": "https://www.suse.com/security/cve/CVE-2024-46788"
},
{
"category": "external",
"summary": "SUSE Bug 1230817 for CVE-2024-46788",
"url": "https://bugzilla.suse.com/1230817"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46788"
},
{
"cve": "CVE-2024-46797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46797"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/qspinlock: Fix deadlock in MCS queue\n\nIf an interrupt occurs in queued_spin_lock_slowpath() after we increment\nqnodesp-\u003ecount and before node-\u003elock is initialized, another CPU might\nsee stale lock values in get_tail_qnode(). If the stale lock value happens\nto match the lock on that CPU, then we write to the \"next\" pointer of\nthe wrong qnode. This causes a deadlock as the former CPU, once it becomes\nthe head of the MCS queue, will spin indefinitely until it\u0027s \"next\" pointer\nis set by its successor in the queue.\n\nRunning stress-ng on a 16 core (16EC/16VP) shared LPAR, results in\noccasional lockups similar to the following:\n\n $ stress-ng --all 128 --vm-bytes 80% --aggressive \\\n --maximize --oomable --verify --syslog \\\n --metrics --times --timeout 5m\n\n watchdog: CPU 15 Hard LOCKUP\n ......\n NIP [c0000000000b78f4] queued_spin_lock_slowpath+0x1184/0x1490\n LR [c000000001037c5c] _raw_spin_lock+0x6c/0x90\n Call Trace:\n 0xc000002cfffa3bf0 (unreliable)\n _raw_spin_lock+0x6c/0x90\n raw_spin_rq_lock_nested.part.135+0x4c/0xd0\n sched_ttwu_pending+0x60/0x1f0\n __flush_smp_call_function_queue+0x1dc/0x670\n smp_ipi_demux_relaxed+0xa4/0x100\n xive_muxed_ipi_action+0x20/0x40\n __handle_irq_event_percpu+0x80/0x240\n handle_irq_event_percpu+0x2c/0x80\n handle_percpu_irq+0x84/0xd0\n generic_handle_irq+0x54/0x80\n __do_irq+0xac/0x210\n __do_IRQ+0x74/0xd0\n 0x0\n do_IRQ+0x8c/0x170\n hardware_interrupt_common_virt+0x29c/0x2a0\n --- interrupt: 500 at queued_spin_lock_slowpath+0x4b8/0x1490\n ......\n NIP [c0000000000b6c28] queued_spin_lock_slowpath+0x4b8/0x1490\n LR [c000000001037c5c] _raw_spin_lock+0x6c/0x90\n --- interrupt: 500\n 0xc0000029c1a41d00 (unreliable)\n _raw_spin_lock+0x6c/0x90\n futex_wake+0x100/0x260\n do_futex+0x21c/0x2a0\n sys_futex+0x98/0x270\n system_call_exception+0x14c/0x2f0\n system_call_vectored_common+0x15c/0x2ec\n\nThe following code flow illustrates how the deadlock occurs.\nFor the sake of brevity, assume that both locks (A and B) are\ncontended and we call the queued_spin_lock_slowpath() function.\n\n CPU0 CPU1\n ---- ----\n spin_lock_irqsave(A) |\n spin_unlock_irqrestore(A) |\n spin_lock(B) |\n | |\n \u25bc |\n id = qnodesp-\u003ecount++; |\n (Note that nodes[0].lock == A) |\n | |\n \u25bc |\n Interrupt |\n (happens before \"nodes[0].lock = B\") |\n | |\n \u25bc |\n spin_lock_irqsave(A) |\n | |\n \u25bc |\n id = qnodesp-\u003ecount++ |\n nodes[1].lock = A |\n | |\n \u25bc |\n Tail of MCS queue |\n | spin_lock_irqsave(A)\n \u25bc |\n Head of MCS queue \u25bc\n | CPU0 is previous tail\n \u25bc |\n Spin indefinitely \u25bc\n (until \"nodes[1].next != NULL\") prev = get_tail_qnode(A, CPU0)\n |\n \u25bc\n prev == \u0026qnodes[CPU0].nodes[0]\n (as qnodes\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46797",
"url": "https://www.suse.com/security/cve/CVE-2024-46797"
},
{
"category": "external",
"summary": "SUSE Bug 1230831 for CVE-2024-46797",
"url": "https://bugzilla.suse.com/1230831"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46797"
},
{
"cve": "CVE-2024-46800",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46800"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsch/netem: fix use after free in netem_dequeue\n\nIf netem_dequeue() enqueues packet to inner qdisc and that qdisc\nreturns __NET_XMIT_STOLEN. The packet is dropped but\nqdisc_tree_reduce_backlog() is not called to update the parent\u0027s\nq.qlen, leading to the similar use-after-free as Commit\ne04991a48dbaf382 (\"netem: fix return value if duplicate enqueue\nfails\")\n\nCommands to trigger KASAN UaF:\n\nip link add type dummy\nip link set lo up\nip link set dummy0 up\ntc qdisc add dev lo parent root handle 1: drr\ntc filter add dev lo parent 1: basic classid 1:1\ntc class add dev lo classid 1:1 drr\ntc qdisc add dev lo parent 1:1 handle 2: netem\ntc qdisc add dev lo parent 2: handle 3: drr\ntc filter add dev lo parent 3: basic classid 3:1 action mirred egress\nredirect dev dummy0\ntc class add dev lo classid 3:1 drr\nping -c1 -W0.01 localhost # Trigger bug\ntc class del dev lo classid 1:1\ntc class add dev lo classid 1:1 drr\nping -c1 -W0.01 localhost # UaF",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46800",
"url": "https://www.suse.com/security/cve/CVE-2024-46800"
},
{
"category": "external",
"summary": "SUSE Bug 1230827 for CVE-2024-46800",
"url": "https://bugzilla.suse.com/1230827"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46800"
},
{
"cve": "CVE-2024-46802",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46802"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: added NULL check at start of dc_validate_stream\n\n[Why]\nprevent invalid memory access\n\n[How]\ncheck if dc and stream are NULL",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46802",
"url": "https://www.suse.com/security/cve/CVE-2024-46802"
},
{
"category": "external",
"summary": "SUSE Bug 1231111 for CVE-2024-46802",
"url": "https://bugzilla.suse.com/1231111"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46802"
},
{
"cve": "CVE-2024-46803",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46803"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Check debug trap enable before write dbg_ev_file\n\nIn interrupt context, write dbg_ev_file will be run by work queue. It\nwill cause write dbg_ev_file execution after debug_trap_disable, which\nwill cause NULL pointer access.\nv2: cancel work \"debug_event_workarea\" before set dbg_ev_file as NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46803",
"url": "https://www.suse.com/security/cve/CVE-2024-46803"
},
{
"category": "external",
"summary": "SUSE Bug 1231131 for CVE-2024-46803",
"url": "https://bugzilla.suse.com/1231131"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46803"
},
{
"cve": "CVE-2024-46804",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46804"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add array index check for hdcp ddc access\n\n[Why]\nCoverity reports OVERRUN warning. Do not check if array\nindex valid.\n\n[How]\nCheck msg_id valid and valid array index.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46804",
"url": "https://www.suse.com/security/cve/CVE-2024-46804"
},
{
"category": "external",
"summary": "SUSE Bug 1231132 for CVE-2024-46804",
"url": "https://bugzilla.suse.com/1231132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46804"
},
{
"cve": "CVE-2024-46805",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46805"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix the waring dereferencing hive\n\nCheck the amdgpu_hive_info *hive that maybe is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46805",
"url": "https://www.suse.com/security/cve/CVE-2024-46805"
},
{
"category": "external",
"summary": "SUSE Bug 1231135 for CVE-2024-46805",
"url": "https://bugzilla.suse.com/1231135"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46805"
},
{
"cve": "CVE-2024-46806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46806"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix the warning division or modulo by zero\n\nChecks the partition mode and returns an error for an invalid mode.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46806",
"url": "https://www.suse.com/security/cve/CVE-2024-46806"
},
{
"category": "external",
"summary": "SUSE Bug 1231136 for CVE-2024-46806",
"url": "https://bugzilla.suse.com/1231136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46806"
},
{
"cve": "CVE-2024-46807",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46807"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/amdgpu: Check tbo resource pointer\n\nValidate tbo resource pointer, skip if NULL",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46807",
"url": "https://www.suse.com/security/cve/CVE-2024-46807"
},
{
"category": "external",
"summary": "SUSE Bug 1231138 for CVE-2024-46807",
"url": "https://bugzilla.suse.com/1231138"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46807"
},
{
"cve": "CVE-2024-46809",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46809"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check BIOS images before it is used\n\nBIOS images may fail to load and null checks are added before they are\nused.\n\nThis fixes 6 NULL_RETURNS issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46809",
"url": "https://www.suse.com/security/cve/CVE-2024-46809"
},
{
"category": "external",
"summary": "SUSE Bug 1231148 for CVE-2024-46809",
"url": "https://bugzilla.suse.com/1231148"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46809"
},
{
"cve": "CVE-2024-46810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46810"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ\n\nMake sure the connector is fully initialized before signalling any\nHPD events via drm_kms_helper_hotplug_event(), otherwise this may\nlead to NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46810",
"url": "https://www.suse.com/security/cve/CVE-2024-46810"
},
{
"category": "external",
"summary": "SUSE Bug 1231178 for CVE-2024-46810",
"url": "https://bugzilla.suse.com/1231178"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46810"
},
{
"cve": "CVE-2024-46811",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46811"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box\n\n[Why]\nCoverity reports OVERRUN warning. soc.num_states could\nbe 40. But array range of bw_params-\u003eclk_table.entries is 8.\n\n[How]\nAssert if soc.num_states greater than 8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46811",
"url": "https://www.suse.com/security/cve/CVE-2024-46811"
},
{
"category": "external",
"summary": "SUSE Bug 1231179 for CVE-2024-46811",
"url": "https://bugzilla.suse.com/1231179"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46811"
},
{
"cve": "CVE-2024-46812",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46812"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration\n\n[Why]\nCoverity reports Memory - illegal accesses.\n\n[How]\nSkip inactive planes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46812",
"url": "https://www.suse.com/security/cve/CVE-2024-46812"
},
{
"category": "external",
"summary": "SUSE Bug 1231187 for CVE-2024-46812",
"url": "https://bugzilla.suse.com/1231187"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46812"
},
{
"cve": "CVE-2024-46813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46813"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check link_index before accessing dc-\u003elinks[]\n\n[WHY \u0026 HOW]\ndc-\u003elinks[] has max size of MAX_LINKS and NULL is return when trying to\naccess with out-of-bound index.\n\nThis fixes 3 OVERRUN and 1 RESOURCE_LEAK issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46813",
"url": "https://www.suse.com/security/cve/CVE-2024-46813"
},
{
"category": "external",
"summary": "SUSE Bug 1231191 for CVE-2024-46813",
"url": "https://bugzilla.suse.com/1231191"
},
{
"category": "external",
"summary": "SUSE Bug 1231192 for CVE-2024-46813",
"url": "https://bugzilla.suse.com/1231192"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-46813"
},
{
"cve": "CVE-2024-46814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46814"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check msg_id before processing transcation\n\n[WHY \u0026 HOW]\nHDCP_MESSAGE_ID_INVALID (-1) is not a valid msg_id nor is it a valid\narray index, and it needs checking before used.\n\nThis fixes 4 OVERRUN issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46814",
"url": "https://www.suse.com/security/cve/CVE-2024-46814"
},
{
"category": "external",
"summary": "SUSE Bug 1231193 for CVE-2024-46814",
"url": "https://bugzilla.suse.com/1231193"
},
{
"category": "external",
"summary": "SUSE Bug 1231194 for CVE-2024-46814",
"url": "https://bugzilla.suse.com/1231194"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-46814"
},
{
"cve": "CVE-2024-46815",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46815"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]\n\n[WHY \u0026 HOW]\nnum_valid_sets needs to be checked to avoid a negative index when\naccessing reader_wm_sets[num_valid_sets - 1].\n\nThis fixes an OVERRUN issue reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46815",
"url": "https://www.suse.com/security/cve/CVE-2024-46815"
},
{
"category": "external",
"summary": "SUSE Bug 1231195 for CVE-2024-46815",
"url": "https://bugzilla.suse.com/1231195"
},
{
"category": "external",
"summary": "SUSE Bug 1231196 for CVE-2024-46815",
"url": "https://bugzilla.suse.com/1231196"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-46815"
},
{
"cve": "CVE-2024-46816",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46816"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links\n\n[Why]\nCoverity report OVERRUN warning. There are\nonly max_links elements within dc-\u003elinks. link\ncount could up to AMDGPU_DM_MAX_DISPLAY_INDEX 31.\n\n[How]\nMake sure link count less than max_links.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46816",
"url": "https://www.suse.com/security/cve/CVE-2024-46816"
},
{
"category": "external",
"summary": "SUSE Bug 1231197 for CVE-2024-46816",
"url": "https://bugzilla.suse.com/1231197"
},
{
"category": "external",
"summary": "SUSE Bug 1231198 for CVE-2024-46816",
"url": "https://bugzilla.suse.com/1231198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-46816"
},
{
"cve": "CVE-2024-46817",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46817"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6\n\n[Why]\nCoverity reports OVERRUN warning. Should abort amdgpu_dm\ninitialize.\n\n[How]\nReturn failure to amdgpu_dm_init.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46817",
"url": "https://www.suse.com/security/cve/CVE-2024-46817"
},
{
"category": "external",
"summary": "SUSE Bug 1231200 for CVE-2024-46817",
"url": "https://bugzilla.suse.com/1231200"
},
{
"category": "external",
"summary": "SUSE Bug 1231201 for CVE-2024-46817",
"url": "https://bugzilla.suse.com/1231201"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-46817"
},
{
"cve": "CVE-2024-46818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46818"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check gpio_id before used as array index\n\n[WHY \u0026 HOW]\nGPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore\nshould be checked in advance.\n\nThis fixes 5 OVERRUN issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46818",
"url": "https://www.suse.com/security/cve/CVE-2024-46818"
},
{
"category": "external",
"summary": "SUSE Bug 1231203 for CVE-2024-46818",
"url": "https://bugzilla.suse.com/1231203"
},
{
"category": "external",
"summary": "SUSE Bug 1231204 for CVE-2024-46818",
"url": "https://bugzilla.suse.com/1231204"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-46818"
},
{
"cve": "CVE-2024-46819",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46819"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: the warning dereferencing obj for nbio_v7_4\n\nif ras_manager obj null, don\u0027t print NBIO err data",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46819",
"url": "https://www.suse.com/security/cve/CVE-2024-46819"
},
{
"category": "external",
"summary": "SUSE Bug 1231202 for CVE-2024-46819",
"url": "https://bugzilla.suse.com/1231202"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46819"
},
{
"cve": "CVE-2024-46821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46821"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Fix negative array index read\n\nAvoid using the negative values\nfor clk_idex as an index into an array pptable-\u003eDpmDescriptor.\n\nV2: fix clk_index return check (Tim Huang)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46821",
"url": "https://www.suse.com/security/cve/CVE-2024-46821"
},
{
"category": "external",
"summary": "SUSE Bug 1231169 for CVE-2024-46821",
"url": "https://bugzilla.suse.com/1231169"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46821"
},
{
"cve": "CVE-2024-46825",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46825"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check\n\nThe lookup function iwl_mvm_rcu_fw_link_id_to_link_conf() is\nnormally called with input from the firmware, so it should use\nIWL_FW_CHECK() instead of WARN_ON().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46825",
"url": "https://www.suse.com/security/cve/CVE-2024-46825"
},
{
"category": "external",
"summary": "SUSE Bug 1231170 for CVE-2024-46825",
"url": "https://bugzilla.suse.com/1231170"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46825"
},
{
"cve": "CVE-2024-46826",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46826"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nELF: fix kernel.randomize_va_space double read\n\nELF loader uses \"randomize_va_space\" twice. It is sysctl and can change\nat any moment, so 2 loads could see 2 different values in theory with\nunpredictable consequences.\n\nIssue exactly one load for consistent value across one exec.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46826",
"url": "https://www.suse.com/security/cve/CVE-2024-46826"
},
{
"category": "external",
"summary": "SUSE Bug 1231115 for CVE-2024-46826",
"url": "https://bugzilla.suse.com/1231115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46826"
},
{
"cve": "CVE-2024-46827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46827"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix firmware crash due to invalid peer nss\n\nCurrently, if the access point receives an association\nrequest containing an Extended HE Capabilities Information\nElement with an invalid MCS-NSS, it triggers a firmware\ncrash.\n\nThis issue arises when EHT-PHY capabilities shows support\nfor a bandwidth and MCS-NSS set for that particular\nbandwidth is filled by zeros and due to this, driver obtains\npeer_nss as 0 and sending this value to firmware causes\ncrash.\n\nAddress this issue by implementing a validation step for\nthe peer_nss value before passing it to the firmware. If\nthe value is greater than zero, proceed with forwarding\nit to the firmware. However, if the value is invalid,\nreject the association request to prevent potential\nfirmware crashes.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46827",
"url": "https://www.suse.com/security/cve/CVE-2024-46827"
},
{
"category": "external",
"summary": "SUSE Bug 1231171 for CVE-2024-46827",
"url": "https://bugzilla.suse.com/1231171"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46827"
},
{
"cve": "CVE-2024-46828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46828"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: sch_cake: fix bulk flow accounting logic for host fairness\n\nIn sch_cake, we keep track of the count of active bulk flows per host,\nwhen running in dst/src host fairness mode, which is used as the\nround-robin weight when iterating through flows. The count of active\nbulk flows is updated whenever a flow changes state.\n\nThis has a peculiar interaction with the hash collision handling: when a\nhash collision occurs (after the set-associative hashing), the state of\nthe hash bucket is simply updated to match the new packet that collided,\nand if host fairness is enabled, that also means assigning new per-host\nstate to the flow. For this reason, the bulk flow counters of the\nhost(s) assigned to the flow are decremented, before new state is\nassigned (and the counters, which may not belong to the same host\nanymore, are incremented again).\n\nBack when this code was introduced, the host fairness mode was always\nenabled, so the decrement was unconditional. When the configuration\nflags were introduced the *increment* was made conditional, but\nthe *decrement* was not. Which of course can lead to a spurious\ndecrement (and associated wrap-around to U16_MAX).\n\nAFAICT, when host fairness is disabled, the decrement and wrap-around\nhappens as soon as a hash collision occurs (which is not that common in\nitself, due to the set-associative hashing). However, in most cases this\nis harmless, as the value is only used when host fairness mode is\nenabled. So in order to trigger an array overflow, sch_cake has to first\nbe configured with host fairness disabled, and while running in this\nmode, a hash collision has to occur to cause the overflow. Then, the\nqdisc has to be reconfigured to enable host fairness, which leads to the\narray out-of-bounds because the wrapped-around value is retained and\nused as an array index. It seems that syzbot managed to trigger this,\nwhich is quite impressive in its own right.\n\nThis patch fixes the issue by introducing the same conditional check on\ndecrement as is used on increment.\n\nThe original bug predates the upstreaming of cake, but the commit listed\nin the Fixes tag touched that code, meaning that this patch won\u0027t apply\nbefore that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46828",
"url": "https://www.suse.com/security/cve/CVE-2024-46828"
},
{
"category": "external",
"summary": "SUSE Bug 1231114 for CVE-2024-46828",
"url": "https://bugzilla.suse.com/1231114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46828"
},
{
"cve": "CVE-2024-46830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46830"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Acquire kvm-\u003esrcu when handling KVM_SET_VCPU_EVENTS\n\nGrab kvm-\u003esrcu when processing KVM_SET_VCPU_EVENTS, as KVM will forcibly\nleave nested VMX/SVM if SMM mode is being toggled, and leaving nested VMX\nreads guest memory.\n\nNote, kvm_vcpu_ioctl_x86_set_vcpu_events() can also be called from KVM_RUN\nvia sync_regs(), which already holds SRCU. I.e. trying to precisely use\nkvm_vcpu_srcu_read_lock() around the problematic SMM code would cause\nproblems. Acquiring SRCU isn\u0027t all that expensive, so for simplicity,\ngrab it unconditionally for KVM_SET_VCPU_EVENTS.\n\n =============================\n WARNING: suspicious RCU usage\n 6.10.0-rc7-332d2c1d713e-next-vm #552 Not tainted\n -----------------------------\n include/linux/kvm_host.h:1027 suspicious rcu_dereference_check() usage!\n\n other info that might help us debug this:\n\n rcu_scheduler_active = 2, debug_locks = 1\n 1 lock held by repro/1071:\n #0: ffff88811e424430 (\u0026vcpu-\u003emutex){+.+.}-{3:3}, at: kvm_vcpu_ioctl+0x7d/0x970 [kvm]\n\n stack backtrace:\n CPU: 15 PID: 1071 Comm: repro Not tainted 6.10.0-rc7-332d2c1d713e-next-vm #552\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x7f/0x90\n lockdep_rcu_suspicious+0x13f/0x1a0\n kvm_vcpu_gfn_to_memslot+0x168/0x190 [kvm]\n kvm_vcpu_read_guest+0x3e/0x90 [kvm]\n nested_vmx_load_msr+0x6b/0x1d0 [kvm_intel]\n load_vmcs12_host_state+0x432/0xb40 [kvm_intel]\n vmx_leave_nested+0x30/0x40 [kvm_intel]\n kvm_vcpu_ioctl_x86_set_vcpu_events+0x15d/0x2b0 [kvm]\n kvm_arch_vcpu_ioctl+0x1107/0x1750 [kvm]\n ? mark_held_locks+0x49/0x70\n ? kvm_vcpu_ioctl+0x7d/0x970 [kvm]\n ? kvm_vcpu_ioctl+0x497/0x970 [kvm]\n kvm_vcpu_ioctl+0x497/0x970 [kvm]\n ? lock_acquire+0xba/0x2d0\n ? find_held_lock+0x2b/0x80\n ? do_user_addr_fault+0x40c/0x6f0\n ? lock_release+0xb7/0x270\n __x64_sys_ioctl+0x82/0xb0\n do_syscall_64+0x6c/0x170\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n RIP: 0033:0x7ff11eb1b539\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46830",
"url": "https://www.suse.com/security/cve/CVE-2024-46830"
},
{
"category": "external",
"summary": "SUSE Bug 1231116 for CVE-2024-46830",
"url": "https://bugzilla.suse.com/1231116"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46830"
},
{
"cve": "CVE-2024-46831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46831"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: microchip: vcap: Fix use-after-free error in kunit test\n\nThis is a clear use-after-free error. We remove it, and rely on checking\nthe return code of vcap_del_rule.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46831",
"url": "https://www.suse.com/security/cve/CVE-2024-46831"
},
{
"category": "external",
"summary": "SUSE Bug 1231117 for CVE-2024-46831",
"url": "https://bugzilla.suse.com/1231117"
},
{
"category": "external",
"summary": "SUSE Bug 1236242 for CVE-2024-46831",
"url": "https://bugzilla.suse.com/1236242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-46831"
},
{
"cve": "CVE-2024-46834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46834"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: fail closed if we can\u0027t get max channel used in indirection tables\n\nCommit 0d1b7d6c9274 (\"bnxt: fix crashes when reducing ring count with\nactive RSS contexts\") proves that allowing indirection table to contain\nchannels with out of bounds IDs may lead to crashes. Currently the\nmax channel check in the core gets skipped if driver can\u0027t fetch\nthe indirection table or when we can\u0027t allocate memory.\n\nBoth of those conditions should be extremely rare but if they do\nhappen we should try to be safe and fail the channel change.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46834",
"url": "https://www.suse.com/security/cve/CVE-2024-46834"
},
{
"category": "external",
"summary": "SUSE Bug 1231096 for CVE-2024-46834",
"url": "https://bugzilla.suse.com/1231096"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46834"
},
{
"cve": "CVE-2024-46835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46835"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix smatch static checker warning\n\nadev-\u003egfx.imu.funcs could be NULL",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46835",
"url": "https://www.suse.com/security/cve/CVE-2024-46835"
},
{
"category": "external",
"summary": "SUSE Bug 1231098 for CVE-2024-46835",
"url": "https://bugzilla.suse.com/1231098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46835"
},
{
"cve": "CVE-2024-46836",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46836"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: aspeed_udc: validate endpoint index for ast udc\n\nWe should verify the bound of the array to assure that host\nmay not manipulate the index to point past endpoint array.\n\nFound by static analysis.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46836",
"url": "https://www.suse.com/security/cve/CVE-2024-46836"
},
{
"category": "external",
"summary": "SUSE Bug 1231092 for CVE-2024-46836",
"url": "https://bugzilla.suse.com/1231092"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46836"
},
{
"cve": "CVE-2024-46840",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46840"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: clean up our handling of refs == 0 in snapshot delete\n\nIn reada we BUG_ON(refs == 0), which could be unkind since we aren\u0027t\nholding a lock on the extent leaf and thus could get a transient\nincorrect answer. In walk_down_proc we also BUG_ON(refs == 0), which\ncould happen if we have extent tree corruption. Change that to return\n-EUCLEAN. In do_walk_down() we catch this case and handle it correctly,\nhowever we return -EIO, which -EUCLEAN is a more appropriate error code.\nFinally in walk_up_proc we have the same BUG_ON(refs == 0), so convert\nthat to proper error handling. Also adjust the error message so we can\nactually do something with the information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46840",
"url": "https://www.suse.com/security/cve/CVE-2024-46840"
},
{
"category": "external",
"summary": "SUSE Bug 1231105 for CVE-2024-46840",
"url": "https://bugzilla.suse.com/1231105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46840"
},
{
"cve": "CVE-2024-46841",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46841"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don\u0027t BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()\n\nWe handle errors here properly, ENOMEM isn\u0027t fatal, return the error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46841",
"url": "https://www.suse.com/security/cve/CVE-2024-46841"
},
{
"category": "external",
"summary": "SUSE Bug 1231094 for CVE-2024-46841",
"url": "https://bugzilla.suse.com/1231094"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46841"
},
{
"cve": "CVE-2024-46842",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46842"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info\n\nThe MBX_TIMEOUT return code is not handled in lpfc_get_sfp_info and the\nroutine unconditionally frees submitted mailbox commands regardless of\nreturn status. The issue is that for MBX_TIMEOUT cases, when firmware\nreturns SFP information at a later time, that same mailbox memory region\nreferences previously freed memory in its cmpl routine.\n\nFix by adding checks for the MBX_TIMEOUT return code. During mailbox\nresource cleanup, check the mbox flag to make sure that the wait did not\ntimeout. If the MBOX_WAKE flag is not set, then do not free the resources\nbecause it will be freed when firmware completes the mailbox at a later\ntime in its cmpl routine.\n\nAlso, increase the timeout from 30 to 60 seconds to accommodate boot\nscripts requiring longer timeouts.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46842",
"url": "https://www.suse.com/security/cve/CVE-2024-46842"
},
{
"category": "external",
"summary": "SUSE Bug 1231101 for CVE-2024-46842",
"url": "https://bugzilla.suse.com/1231101"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46842"
},
{
"cve": "CVE-2024-46843",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46843"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Remove SCSI host only if added\n\nIf host tries to remove ufshcd driver from a UFS device it would cause a\nkernel panic if ufshcd_async_scan fails during ufshcd_probe_hba before\nadding a SCSI host with scsi_add_host and MCQ is enabled since SCSI host\nhas been defered after MCQ configuration introduced by commit 0cab4023ec7b\n(\"scsi: ufs: core: Defer adding host to SCSI if MCQ is supported\").\n\nTo guarantee that SCSI host is removed only if it has been added, set the\nscsi_host_added flag to true after adding a SCSI host and check whether it\nis set or not before removing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46843",
"url": "https://www.suse.com/security/cve/CVE-2024-46843"
},
{
"category": "external",
"summary": "SUSE Bug 1231100 for CVE-2024-46843",
"url": "https://bugzilla.suse.com/1231100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46843"
},
{
"cve": "CVE-2024-46845",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46845"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/timerlat: Only clear timer if a kthread exists\n\nThe timerlat tracer can use user space threads to check for osnoise and\ntimer latency. If the program using this is killed via a SIGTERM, the\nthreads are shutdown one at a time and another tracing instance can start\nup resetting the threads before they are fully closed. That causes the\nhrtimer assigned to the kthread to be shutdown and freed twice when the\ndying thread finally closes the file descriptors, causing a use-after-free\nbug.\n\nOnly cancel the hrtimer if the associated thread is still around. Also add\nthe interface_lock around the resetting of the tlat_var-\u003ekthread.\n\nNote, this is just a quick fix that can be backported to stable. A real\nfix is to have a better synchronization between the shutdown of old\nthreads and the starting of new ones.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46845",
"url": "https://www.suse.com/security/cve/CVE-2024-46845"
},
{
"category": "external",
"summary": "SUSE Bug 1231076 for CVE-2024-46845",
"url": "https://bugzilla.suse.com/1231076"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46845"
},
{
"cve": "CVE-2024-46846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46846"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: rockchip: Resolve unbalanced runtime PM / system PM handling\n\nCommit e882575efc77 (\"spi: rockchip: Suspend and resume the bus during\nNOIRQ_SYSTEM_SLEEP_PM ops\") stopped respecting runtime PM status and\nsimply disabled clocks unconditionally when suspending the system. This\ncauses problems when the device is already runtime suspended when we go\nto sleep -- in which case we double-disable clocks and produce a\nWARNing.\n\nSwitch back to pm_runtime_force_{suspend,resume}(), because that still\nseems like the right thing to do, and the aforementioned commit makes no\nexplanation why it stopped using it.\n\nAlso, refactor some of the resume() error handling, because it\u0027s not\nactually a good idea to re-disable clocks on failure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46846",
"url": "https://www.suse.com/security/cve/CVE-2024-46846"
},
{
"category": "external",
"summary": "SUSE Bug 1231075 for CVE-2024-46846",
"url": "https://bugzilla.suse.com/1231075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46846"
},
{
"cve": "CVE-2024-46848",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46848"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/intel: Limit the period on Haswell\n\nRunning the ltp test cve-2015-3290 concurrently reports the following\nwarnings.\n\nperfevents: irq loop stuck!\n WARNING: CPU: 31 PID: 32438 at arch/x86/events/intel/core.c:3174\n intel_pmu_handle_irq+0x285/0x370\n Call Trace:\n \u003cNMI\u003e\n ? __warn+0xa4/0x220\n ? intel_pmu_handle_irq+0x285/0x370\n ? __report_bug+0x123/0x130\n ? intel_pmu_handle_irq+0x285/0x370\n ? __report_bug+0x123/0x130\n ? intel_pmu_handle_irq+0x285/0x370\n ? report_bug+0x3e/0xa0\n ? handle_bug+0x3c/0x70\n ? exc_invalid_op+0x18/0x50\n ? asm_exc_invalid_op+0x1a/0x20\n ? irq_work_claim+0x1e/0x40\n ? intel_pmu_handle_irq+0x285/0x370\n perf_event_nmi_handler+0x3d/0x60\n nmi_handle+0x104/0x330\n\nThanks to Thomas Gleixner\u0027s analysis, the issue is caused by the low\ninitial period (1) of the frequency estimation algorithm, which triggers\nthe defects of the HW, specifically erratum HSW11 and HSW143. (For the\ndetails, please refer https://lore.kernel.org/lkml/87plq9l5d2.ffs@tglx/)\n\nThe HSW11 requires a period larger than 100 for the INST_RETIRED.ALL\nevent, but the initial period in the freq mode is 1. The erratum is the\nsame as the BDM11, which has been supported in the kernel. A minimum\nperiod of 128 is enforced as well on HSW.\n\nHSW143 is regarding that the fixed counter 1 may overcount 32 with the\nHyper-Threading is enabled. However, based on the test, the hardware\nhas more issues than it tells. Besides the fixed counter 1, the message\n\u0027interrupt took too long\u0027 can be observed on any counter which was armed\nwith a period \u003c 32 and two events expired in the same NMI. A minimum\nperiod of 32 is enforced for the rest of the events.\nThe recommended workaround code of the HSW143 is not implemented.\nBecause it only addresses the issue for the fixed counter. It brings\nextra overhead through extra MSR writing. No related overcounting issue\nhas been reported so far.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46848",
"url": "https://www.suse.com/security/cve/CVE-2024-46848"
},
{
"category": "external",
"summary": "SUSE Bug 1231072 for CVE-2024-46848",
"url": "https://bugzilla.suse.com/1231072"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46848"
},
{
"cve": "CVE-2024-46849",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46849"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: meson: axg-card: fix \u0027use-after-free\u0027\n\nBuffer \u0027card-\u003edai_link\u0027 is reallocated in \u0027meson_card_reallocate_links()\u0027,\nso move \u0027pad\u0027 pointer initialization after this function when memory is\nalready reallocated.\n\nKasan bug report:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc\nRead of size 8 at addr ffff000000e8b260 by task modprobe/356\n\nCPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1\nCall trace:\n dump_backtrace+0x94/0xec\n show_stack+0x18/0x24\n dump_stack_lvl+0x78/0x90\n print_report+0xfc/0x5c0\n kasan_report+0xb8/0xfc\n __asan_load8+0x9c/0xb8\n axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card]\n meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils]\n platform_probe+0x8c/0xf4\n really_probe+0x110/0x39c\n __driver_probe_device+0xb8/0x18c\n driver_probe_device+0x108/0x1d8\n __driver_attach+0xd0/0x25c\n bus_for_each_dev+0xe0/0x154\n driver_attach+0x34/0x44\n bus_add_driver+0x134/0x294\n driver_register+0xa8/0x1e8\n __platform_driver_register+0x44/0x54\n axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card]\n do_one_initcall+0xdc/0x25c\n do_init_module+0x10c/0x334\n load_module+0x24c4/0x26cc\n init_module_from_file+0xd4/0x128\n __arm64_sys_finit_module+0x1f4/0x41c\n invoke_syscall+0x60/0x188\n el0_svc_common.constprop.0+0x78/0x13c\n do_el0_svc+0x30/0x40\n el0_svc+0x38/0x78\n el0t_64_sync_handler+0x100/0x12c\n el0t_64_sync+0x190/0x194",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46849",
"url": "https://www.suse.com/security/cve/CVE-2024-46849"
},
{
"category": "external",
"summary": "SUSE Bug 1231073 for CVE-2024-46849",
"url": "https://bugzilla.suse.com/1231073"
},
{
"category": "external",
"summary": "SUSE Bug 1231256 for CVE-2024-46849",
"url": "https://bugzilla.suse.com/1231256"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-46849"
},
{
"cve": "CVE-2024-46851",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46851"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct()\n\ndc_state_destruct() nulls the resource context of the DC state. The pipe\ncontext passed to dcn10_set_drr() is a member of this resource context.\n\nIf dc_state_destruct() is called parallel to the IRQ processing (which\ncalls dcn10_set_drr() at some point), we can end up using already nulled\nfunction callback fields of struct stream_resource.\n\nThe logic in dcn10_set_drr() already tries to avoid this, by checking tg\nagainst NULL. But if the nulling happens exactly after the NULL check and\nbefore the next access, then we get a race.\n\nAvoid this by copying tg first to a local variable, and then use this\nvariable for all the operations. This should work, as long as nobody\nfrees the resource pool where the timing generators live.\n\n(cherry picked from commit a3cc326a43bdc48fbdf53443e1027a03e309b643)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46851",
"url": "https://www.suse.com/security/cve/CVE-2024-46851"
},
{
"category": "external",
"summary": "SUSE Bug 1231081 for CVE-2024-46851",
"url": "https://bugzilla.suse.com/1231081"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46851"
},
{
"cve": "CVE-2024-46852",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46852"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf: heaps: Fix off-by-one in CMA heap fault handler\n\nUntil VM_DONTEXPAND was added in commit 1c1914d6e8c6 (\"dma-buf: heaps:\nDon\u0027t track CMA dma-buf pages under RssFile\") it was possible to obtain\na mapping larger than the buffer size via mremap and bypass the overflow\ncheck in dma_buf_mmap_internal. When using such a mapping to attempt to\nfault past the end of the buffer, the CMA heap fault handler also checks\nthe fault offset against the buffer size, but gets the boundary wrong by\n1. Fix the boundary check so that we don\u0027t read off the end of the pages\narray and insert an arbitrary page in the mapping.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46852",
"url": "https://www.suse.com/security/cve/CVE-2024-46852"
},
{
"category": "external",
"summary": "SUSE Bug 1231082 for CVE-2024-46852",
"url": "https://bugzilla.suse.com/1231082"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46852"
},
{
"cve": "CVE-2024-46853",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46853"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: nxp-fspi: fix the KASAN report out-of-bounds bug\n\nChange the memcpy length to fix the out-of-bounds issue when writing the\ndata that is not 4 byte aligned to TX FIFO.\n\nTo reproduce the issue, write 3 bytes data to NOR chip.\n\ndd if=3b of=/dev/mtd0\n[ 36.926103] ==================================================================\n[ 36.933409] BUG: KASAN: slab-out-of-bounds in nxp_fspi_exec_op+0x26ec/0x2838\n[ 36.940514] Read of size 4 at addr ffff00081037c2a0 by task dd/455\n[ 36.946721]\n[ 36.948235] CPU: 3 UID: 0 PID: 455 Comm: dd Not tainted 6.11.0-rc5-gc7b0e37c8434 #1070\n[ 36.956185] Hardware name: Freescale i.MX8QM MEK (DT)\n[ 36.961260] Call trace:\n[ 36.963723] dump_backtrace+0x90/0xe8\n[ 36.967414] show_stack+0x18/0x24\n[ 36.970749] dump_stack_lvl+0x78/0x90\n[ 36.974451] print_report+0x114/0x5cc\n[ 36.978151] kasan_report+0xa4/0xf0\n[ 36.981670] __asan_report_load_n_noabort+0x1c/0x28\n[ 36.986587] nxp_fspi_exec_op+0x26ec/0x2838\n[ 36.990800] spi_mem_exec_op+0x8ec/0xd30\n[ 36.994762] spi_mem_no_dirmap_read+0x190/0x1e0\n[ 36.999323] spi_mem_dirmap_write+0x238/0x32c\n[ 37.003710] spi_nor_write_data+0x220/0x374\n[ 37.007932] spi_nor_write+0x110/0x2e8\n[ 37.011711] mtd_write_oob_std+0x154/0x1f0\n[ 37.015838] mtd_write_oob+0x104/0x1d0\n[ 37.019617] mtd_write+0xb8/0x12c\n[ 37.022953] mtdchar_write+0x224/0x47c\n[ 37.026732] vfs_write+0x1e4/0x8c8\n[ 37.030163] ksys_write+0xec/0x1d0\n[ 37.033586] __arm64_sys_write+0x6c/0x9c\n[ 37.037539] invoke_syscall+0x6c/0x258\n[ 37.041327] el0_svc_common.constprop.0+0x160/0x22c\n[ 37.046244] do_el0_svc+0x44/0x5c\n[ 37.049589] el0_svc+0x38/0x78\n[ 37.052681] el0t_64_sync_handler+0x13c/0x158\n[ 37.057077] el0t_64_sync+0x190/0x194\n[ 37.060775]\n[ 37.062274] Allocated by task 455:\n[ 37.065701] kasan_save_stack+0x2c/0x54\n[ 37.069570] kasan_save_track+0x20/0x3c\n[ 37.073438] kasan_save_alloc_info+0x40/0x54\n[ 37.077736] __kasan_kmalloc+0xa0/0xb8\n[ 37.081515] __kmalloc_noprof+0x158/0x2f8\n[ 37.085563] mtd_kmalloc_up_to+0x120/0x154\n[ 37.089690] mtdchar_write+0x130/0x47c\n[ 37.093469] vfs_write+0x1e4/0x8c8\n[ 37.096901] ksys_write+0xec/0x1d0\n[ 37.100332] __arm64_sys_write+0x6c/0x9c\n[ 37.104287] invoke_syscall+0x6c/0x258\n[ 37.108064] el0_svc_common.constprop.0+0x160/0x22c\n[ 37.112972] do_el0_svc+0x44/0x5c\n[ 37.116319] el0_svc+0x38/0x78\n[ 37.119401] el0t_64_sync_handler+0x13c/0x158\n[ 37.123788] el0t_64_sync+0x190/0x194\n[ 37.127474]\n[ 37.128977] The buggy address belongs to the object at ffff00081037c2a0\n[ 37.128977] which belongs to the cache kmalloc-8 of size 8\n[ 37.141177] The buggy address is located 0 bytes inside of\n[ 37.141177] allocated 3-byte region [ffff00081037c2a0, ffff00081037c2a3)\n[ 37.153465]\n[ 37.154971] The buggy address belongs to the physical page:\n[ 37.160559] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x89037c\n[ 37.168596] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)\n[ 37.175149] page_type: 0xfdffffff(slab)\n[ 37.179021] raw: 0bfffe0000000000 ffff000800002500 dead000000000122 0000000000000000\n[ 37.186788] raw: 0000000000000000 0000000080800080 00000001fdffffff 0000000000000000\n[ 37.194553] page dumped because: kasan: bad access detected\n[ 37.200144]\n[ 37.201647] Memory state around the buggy address:\n[ 37.206460] ffff00081037c180: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc\n[ 37.213701] ffff00081037c200: fa fc fc fc 05 fc fc fc 03 fc fc fc 02 fc fc fc\n[ 37.220946] \u003effff00081037c280: 06 fc fc fc 03 fc fc fc fc fc fc fc fc fc fc fc\n[ 37.228186] ^\n[ 37.232473] ffff00081037c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[ 37.239718] ffff00081037c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[ 37.246962] ==============================================================\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46853",
"url": "https://www.suse.com/security/cve/CVE-2024-46853"
},
{
"category": "external",
"summary": "SUSE Bug 1231083 for CVE-2024-46853",
"url": "https://bugzilla.suse.com/1231083"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46853"
},
{
"cve": "CVE-2024-46854",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46854"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dpaa: Pad packets to ETH_ZLEN\n\nWhen sending packets under 60 bytes, up to three bytes of the buffer\nfollowing the data may be leaked. Avoid this by extending all packets to\nETH_ZLEN, ensuring nothing is leaked in the padding. This bug can be\nreproduced by running\n\n\t$ ping -s 11 destination",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46854",
"url": "https://www.suse.com/security/cve/CVE-2024-46854"
},
{
"category": "external",
"summary": "SUSE Bug 1231084 for CVE-2024-46854",
"url": "https://bugzilla.suse.com/1231084"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46854"
},
{
"cve": "CVE-2024-46855",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46855"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_socket: fix sk refcount leaks\n\nWe must put \u0027sk\u0027 reference before returning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46855",
"url": "https://www.suse.com/security/cve/CVE-2024-46855"
},
{
"category": "external",
"summary": "SUSE Bug 1231085 for CVE-2024-46855",
"url": "https://bugzilla.suse.com/1231085"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46855"
},
{
"cve": "CVE-2024-46857",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46857"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix bridge mode operations when there are no VFs\n\nCurrently, trying to set the bridge mode attribute when numvfs=0 leads to a\ncrash:\n\nbridge link set dev eth2 hwmode vepa\n\n[ 168.967392] BUG: kernel NULL pointer dereference, address: 0000000000000030\n[...]\n[ 168.969989] RIP: 0010:mlx5_add_flow_rules+0x1f/0x300 [mlx5_core]\n[...]\n[ 168.976037] Call Trace:\n[ 168.976188] \u003cTASK\u003e\n[ 168.978620] _mlx5_eswitch_set_vepa_locked+0x113/0x230 [mlx5_core]\n[ 168.979074] mlx5_eswitch_set_vepa+0x7f/0xa0 [mlx5_core]\n[ 168.979471] rtnl_bridge_setlink+0xe9/0x1f0\n[ 168.979714] rtnetlink_rcv_msg+0x159/0x400\n[ 168.980451] netlink_rcv_skb+0x54/0x100\n[ 168.980675] netlink_unicast+0x241/0x360\n[ 168.980918] netlink_sendmsg+0x1f6/0x430\n[ 168.981162] ____sys_sendmsg+0x3bb/0x3f0\n[ 168.982155] ___sys_sendmsg+0x88/0xd0\n[ 168.985036] __sys_sendmsg+0x59/0xa0\n[ 168.985477] do_syscall_64+0x79/0x150\n[ 168.987273] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 168.987773] RIP: 0033:0x7f8f7950f917\n\n(esw-\u003efdb_table.legacy.vepa_fdb is null)\n\nThe bridge mode is only relevant when there are multiple functions per\nport. Therefore, prevent setting and getting this setting when there are no\nVFs.\n\nNote that after this change, there are no settings to change on the PF\ninterface using `bridge link` when there are no VFs, so the interface no\nlonger appears in the `bridge link` output.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46857",
"url": "https://www.suse.com/security/cve/CVE-2024-46857"
},
{
"category": "external",
"summary": "SUSE Bug 1231087 for CVE-2024-46857",
"url": "https://bugzilla.suse.com/1231087"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46857"
},
{
"cve": "CVE-2024-46859",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46859"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: panasonic-laptop: Fix SINF array out of bounds accesses\n\nThe panasonic laptop code in various places uses the SINF array with index\nvalues of 0 - SINF_CUR_BRIGHT(0x0d) without checking that the SINF array\nis big enough.\n\nNot all panasonic laptops have this many SINF array entries, for example\nthe Toughbook CF-18 model only has 10 SINF array entries. So it only\nsupports the AC+DC brightness entries and mute.\n\nCheck that the SINF array has a minimum size which covers all AC+DC\nbrightness entries and refuse to load if the SINF array is smaller.\n\nFor higher SINF indexes hide the sysfs attributes when the SINF array\ndoes not contain an entry for that attribute, avoiding show()/store()\naccessing the array out of bounds and add bounds checking to the probe()\nand resume() code accessing these.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46859",
"url": "https://www.suse.com/security/cve/CVE-2024-46859"
},
{
"category": "external",
"summary": "SUSE Bug 1231089 for CVE-2024-46859",
"url": "https://bugzilla.suse.com/1231089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46859"
},
{
"cve": "CVE-2024-46860",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46860"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change\n\nWhen disabling wifi mt7921_ipv6_addr_change() is called as a notifier.\nAt this point mvif-\u003ephy is already NULL so we cannot use it here.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46860",
"url": "https://www.suse.com/security/cve/CVE-2024-46860"
},
{
"category": "external",
"summary": "SUSE Bug 1231093 for CVE-2024-46860",
"url": "https://bugzilla.suse.com/1231093"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46860"
},
{
"cve": "CVE-2024-46861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46861"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: do not stop RX on failing RX callback\n\nRX callbacks can fail for multiple reasons:\n\n* Payload too short\n* Payload formatted incorrecly (e.g. bad NCM framing)\n* Lack of memory\n\nNone of these should cause the driver to seize up.\n\nMake such failures non-critical and continue processing further\nincoming URBs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46861",
"url": "https://www.suse.com/security/cve/CVE-2024-46861"
},
{
"category": "external",
"summary": "SUSE Bug 1231102 for CVE-2024-46861",
"url": "https://bugzilla.suse.com/1231102"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46861"
},
{
"cve": "CVE-2024-46864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46864"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/hyperv: fix kexec crash due to VP assist page corruption\n\ncommit 9636be85cc5b (\"x86/hyperv: Fix hyperv_pcpu_input_arg handling when\nCPUs go online/offline\") introduces a new cpuhp state for hyperv\ninitialization.\n\ncpuhp_setup_state() returns the state number if state is\nCPUHP_AP_ONLINE_DYN or CPUHP_BP_PREPARE_DYN and 0 for all other states.\nFor the hyperv case, since a new cpuhp state was introduced it would\nreturn 0. However, in hv_machine_shutdown(), the cpuhp_remove_state() call\nis conditioned upon \"hyperv_init_cpuhp \u003e 0\". This will never be true and\nso hv_cpu_die() won\u0027t be called on all CPUs. This means the VP assist page\nwon\u0027t be reset. When the kexec kernel tries to setup the VP assist page\nagain, the hypervisor corrupts the memory region of the old VP assist page\ncausing a panic in case the kexec kernel is using that memory elsewhere.\nThis was originally fixed in commit dfe94d4086e4 (\"x86/hyperv: Fix kexec\npanic/hang issues\").\n\nGet rid of hyperv_init_cpuhp entirely since we are no longer using a\ndynamic cpuhp state and use CPUHP_AP_HYPERV_ONLINE directly with\ncpuhp_remove_state().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46864",
"url": "https://www.suse.com/security/cve/CVE-2024-46864"
},
{
"category": "external",
"summary": "SUSE Bug 1231108 for CVE-2024-46864",
"url": "https://bugzilla.suse.com/1231108"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46864"
},
{
"cve": "CVE-2024-46870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46870"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Disable DMCUB timeout for DCN35\n\n[Why]\nDMCUB can intermittently take longer than expected to process commands.\n\nOld ASIC policy was to continue while logging a diagnostic error - which\nworks fine for ASIC without IPS, but with IPS this could lead to a race\ncondition where we attempt to access DCN state while it\u0027s inaccessible,\nleading to a system hang when the NIU port is not disabled or register\naccesses that timeout and the display configuration in an undefined\nstate.\n\n[How]\nWe need to investigate why these accesses take longer than expected, but\nfor now we should disable the timeout on DCN35 to avoid this race\ncondition. Since the waits happen only at lower interrupt levels the\nrisk of taking too long at higher IRQ and causing a system watchdog\ntimeout are minimal.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46870",
"url": "https://www.suse.com/security/cve/CVE-2024-46870"
},
{
"category": "external",
"summary": "SUSE Bug 1231435 for CVE-2024-46870",
"url": "https://bugzilla.suse.com/1231435"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46870"
},
{
"cve": "CVE-2024-46871",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46871"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX\n\n[Why \u0026 How]\nIt actually exposes \u00276\u0027 types in enum dmub_notification_type. Not 5. Using smaller\nnumber to create array dmub_callback \u0026 dmub_thread_offload has potential to access\nitem out of array bound. Fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46871",
"url": "https://www.suse.com/security/cve/CVE-2024-46871"
},
{
"category": "external",
"summary": "SUSE Bug 1231434 for CVE-2024-46871",
"url": "https://bugzilla.suse.com/1231434"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-46871"
},
{
"cve": "CVE-2024-47658",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47658"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: stm32/cryp - call finalize with bh disabled\n\nThe finalize operation in interrupt mode produce a produces a spinlock\nrecursion warning. The reason is the fact that BH must be disabled\nduring this process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47658",
"url": "https://www.suse.com/security/cve/CVE-2024-47658"
},
{
"category": "external",
"summary": "SUSE Bug 1231436 for CVE-2024-47658",
"url": "https://bugzilla.suse.com/1231436"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47658"
},
{
"cve": "CVE-2024-47660",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47660"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfsnotify: clear PARENT_WATCHED flags lazily\n\nIn some setups directories can have many (usually negative) dentries.\nHence __fsnotify_update_child_dentry_flags() function can take a\nsignificant amount of time. Since the bulk of this function happens\nunder inode-\u003ei_lock this causes a significant contention on the lock\nwhen we remove the watch from the directory as the\n__fsnotify_update_child_dentry_flags() call from fsnotify_recalc_mask()\nraces with __fsnotify_update_child_dentry_flags() calls from\n__fsnotify_parent() happening on children. This can lead upto softlockup\nreports reported by users.\n\nFix the problem by calling fsnotify_update_children_dentry_flags() to\nset PARENT_WATCHED flags only when parent starts watching children.\n\nWhen parent stops watching children, clear false positive PARENT_WATCHED\nflags lazily in __fsnotify_parent() for each accessed child.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47660",
"url": "https://www.suse.com/security/cve/CVE-2024-47660"
},
{
"category": "external",
"summary": "SUSE Bug 1231439 for CVE-2024-47660",
"url": "https://bugzilla.suse.com/1231439"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "low"
}
],
"title": "CVE-2024-47660"
},
{
"cve": "CVE-2024-47661",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47661"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid overflow from uint32_t to uint8_t\n\n[WHAT \u0026 HOW]\ndmub_rb_cmd\u0027s ramping_boundary has size of uint8_t and it is assigned\n0xFFFF. Fix it by changing it to uint8_t with value of 0xFF.\n\nThis fixes 2 INTEGER_OVERFLOW issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47661",
"url": "https://www.suse.com/security/cve/CVE-2024-47661"
},
{
"category": "external",
"summary": "SUSE Bug 1231496 for CVE-2024-47661",
"url": "https://bugzilla.suse.com/1231496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47661"
},
{
"cve": "CVE-2024-47662",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47662"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Remove register from DCN35 DMCUB diagnostic collection\n\n[Why]\nThese registers should not be read from driver and triggering the\nsecurity violation when DMCUB work times out and diagnostics are\ncollected blocks Z8 entry.\n\n[How]\nRemove the register read from DCN35.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47662",
"url": "https://www.suse.com/security/cve/CVE-2024-47662"
},
{
"category": "external",
"summary": "SUSE Bug 1231440 for CVE-2024-47662",
"url": "https://bugzilla.suse.com/1231440"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47662"
},
{
"cve": "CVE-2024-47663",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47663"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: iio: frequency: ad9834: Validate frequency parameter value\n\nIn ad9834_write_frequency() clk_get_rate() can return 0. In such case\nad9834_calc_freqreg() call will lead to division by zero. Checking\n\u0027if (fout \u003e (clk_freq / 2))\u0027 doesn\u0027t protect in case of \u0027fout\u0027 is 0.\nad9834_write_frequency() is called from ad9834_write(), where fout is\ntaken from text buffer, which can contain any value.\n\nModify parameters checking.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47663",
"url": "https://www.suse.com/security/cve/CVE-2024-47663"
},
{
"category": "external",
"summary": "SUSE Bug 1231441 for CVE-2024-47663",
"url": "https://bugzilla.suse.com/1231441"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47663"
},
{
"cve": "CVE-2024-47664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47664"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware\n\nIf the value of max_speed_hz is 0, it may cause a division by zero\nerror in hisi_calc_effective_speed().\nThe value of max_speed_hz is provided by firmware.\nFirmware is generally considered as a trusted domain. However, as\ndivision by zero errors can cause system failure, for defense measure,\nthe value of max_speed is validated here. So 0 is regarded as invalid\nand an error code is returned.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47664",
"url": "https://www.suse.com/security/cve/CVE-2024-47664"
},
{
"category": "external",
"summary": "SUSE Bug 1231442 for CVE-2024-47664",
"url": "https://bugzilla.suse.com/1231442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47664"
},
{
"cve": "CVE-2024-47665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47665"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup\n\nDefinitely condition dma_get_cache_alignment * defined value \u003e 256\nduring driver initialization is not reason to BUG_ON(). Turn that to\ngraceful error out with -EINVAL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47665",
"url": "https://www.suse.com/security/cve/CVE-2024-47665"
},
{
"category": "external",
"summary": "SUSE Bug 1231452 for CVE-2024-47665",
"url": "https://bugzilla.suse.com/1231452"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47665"
},
{
"cve": "CVE-2024-47666",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47666"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm80xx: Set phy-\u003eenable_completion only when we wait for it\n\npm8001_phy_control() populates the enable_completion pointer with a stack\naddress, sends a PHY_LINK_RESET / PHY_HARD_RESET, waits 300 ms, and\nreturns. The problem arises when a phy control response comes late. After\n300 ms the pm8001_phy_control() function returns and the passed\nenable_completion stack address is no longer valid. Late phy control\nresponse invokes complete() on a dangling enable_completion pointer which\nleads to a kernel crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47666",
"url": "https://www.suse.com/security/cve/CVE-2024-47666"
},
{
"category": "external",
"summary": "SUSE Bug 1231453 for CVE-2024-47666",
"url": "https://bugzilla.suse.com/1231453"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47666"
},
{
"cve": "CVE-2024-47667",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47667"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)\n\nErrata #i2037 in AM65x/DRA80xM Processors Silicon Revision 1.0\n(SPRZ452D_July 2018_Revised December 2019 [1]) mentions when an\ninbound PCIe TLP spans more than two internal AXI 128-byte bursts,\nthe bus may corrupt the packet payload and the corrupt data may\ncause associated applications or the processor to hang.\n\nThe workaround for Errata #i2037 is to limit the maximum read\nrequest size and maximum payload size to 128 bytes. Add workaround\nfor Errata #i2037 here.\n\nThe errata and workaround is applicable only to AM65x SR 1.0 and\nlater versions of the silicon will have this fixed.\n\n[1] -\u003e https://www.ti.com/lit/er/sprz452i/sprz452i.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47667",
"url": "https://www.suse.com/security/cve/CVE-2024-47667"
},
{
"category": "external",
"summary": "SUSE Bug 1231481 for CVE-2024-47667",
"url": "https://bugzilla.suse.com/1231481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47667"
},
{
"cve": "CVE-2024-47668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()\n\nIf we need to increase the tree depth, allocate a new node, and then\nrace with another thread that increased the tree depth before us, we\u0027ll\nstill have a preallocated node that might be used later.\n\nIf we then use that node for a new non-root node, it\u0027ll still have a\npointer to the old root instead of being zeroed - fix this by zeroing it\nin the cmpxchg failure path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47668",
"url": "https://www.suse.com/security/cve/CVE-2024-47668"
},
{
"category": "external",
"summary": "SUSE Bug 1231502 for CVE-2024-47668",
"url": "https://bugzilla.suse.com/1231502"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47668"
},
{
"cve": "CVE-2024-47669",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47669"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix state management in error path of log writing function\n\nAfter commit a694291a6211 (\"nilfs2: separate wait function from\nnilfs_segctor_write\") was applied, the log writing function\nnilfs_segctor_do_construct() was able to issue I/O requests continuously\neven if user data blocks were split into multiple logs across segments,\nbut two potential flaws were introduced in its error handling.\n\nFirst, if nilfs_segctor_begin_construction() fails while creating the\nsecond or subsequent logs, the log writing function returns without\ncalling nilfs_segctor_abort_construction(), so the writeback flag set on\npages/folios will remain uncleared. This causes page cache operations to\nhang waiting for the writeback flag. For example,\ntruncate_inode_pages_final(), which is called via nilfs_evict_inode() when\nan inode is evicted from memory, will hang.\n\nSecond, the NILFS_I_COLLECTED flag set on normal inodes remain uncleared. \nAs a result, if the next log write involves checkpoint creation, that\u0027s\nfine, but if a partial log write is performed that does not, inodes with\nNILFS_I_COLLECTED set are erroneously removed from the \"sc_dirty_files\"\nlist, and their data and b-tree blocks may not be written to the device,\ncorrupting the block mapping.\n\nFix these issues by uniformly calling nilfs_segctor_abort_construction()\non failure of each step in the loop in nilfs_segctor_do_construct(),\nhaving it clean up logs and segment usages according to progress, and\ncorrecting the conditions for calling nilfs_redirty_inodes() to ensure\nthat the NILFS_I_COLLECTED flag is cleared.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47669",
"url": "https://www.suse.com/security/cve/CVE-2024-47669"
},
{
"category": "external",
"summary": "SUSE Bug 1231474 for CVE-2024-47669",
"url": "https://bugzilla.suse.com/1231474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47669"
},
{
"cve": "CVE-2024-47670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47670"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: add bounds checking to ocfs2_xattr_find_entry()\n\nAdd a paranoia check to make sure it doesn\u0027t stray beyond valid memory\nregion containing ocfs2 xattr entries when scanning for a match. It will\nprevent out-of-bound access in case of crafted images.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47670",
"url": "https://www.suse.com/security/cve/CVE-2024-47670"
},
{
"category": "external",
"summary": "SUSE Bug 1231537 for CVE-2024-47670",
"url": "https://bugzilla.suse.com/1231537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47670"
},
{
"cve": "CVE-2024-47671",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47671"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: usbtmc: prevent kernel-usb-infoleak\n\nThe syzbot reported a kernel-usb-infoleak in usbtmc_write,\nwe need to clear the structure before filling fields.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47671",
"url": "https://www.suse.com/security/cve/CVE-2024-47671"
},
{
"category": "external",
"summary": "SUSE Bug 1231541 for CVE-2024-47671",
"url": "https://bugzilla.suse.com/1231541"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47671"
},
{
"cve": "CVE-2024-47672",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47672"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don\u0027t wait for tx queues if firmware is dead\n\nThere is a WARNING in iwl_trans_wait_tx_queues_empty() (that was\nrecently converted from just a message), that can be hit if we\nwait for TX queues to become empty after firmware died. Clearly,\nwe can\u0027t expect anything from the firmware after it\u0027s declared dead.\n\nDon\u0027t call iwl_trans_wait_tx_queues_empty() in this case. While it could\nbe a good idea to stop the flow earlier, the flush functions do some\nmaintenance work that is not related to the firmware, so keep that part\nof the code running even when the firmware is not running.\n\n[edit commit message]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47672",
"url": "https://www.suse.com/security/cve/CVE-2024-47672"
},
{
"category": "external",
"summary": "SUSE Bug 1231540 for CVE-2024-47672",
"url": "https://bugzilla.suse.com/1231540"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47672"
},
{
"cve": "CVE-2024-47673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47673"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: pause TCM when the firmware is stopped\n\nNot doing so will make us send a host command to the transport while the\nfirmware is not alive, which will trigger a WARNING.\n\nbad state = 0\nWARNING: CPU: 2 PID: 17434 at drivers/net/wireless/intel/iwlwifi/iwl-trans.c:115 iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi]\nRIP: 0010:iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi]\nCall Trace:\n \u003cTASK\u003e\n iwl_mvm_send_cmd+0x40/0xc0 [iwlmvm]\n iwl_mvm_config_scan+0x198/0x260 [iwlmvm]\n iwl_mvm_recalc_tcm+0x730/0x11d0 [iwlmvm]\n iwl_mvm_tcm_work+0x1d/0x30 [iwlmvm]\n process_one_work+0x29e/0x640\n worker_thread+0x2df/0x690\n ? rescuer_thread+0x540/0x540\n kthread+0x192/0x1e0\n ? set_kthread_struct+0x90/0x90\n ret_from_fork+0x22/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47673",
"url": "https://www.suse.com/security/cve/CVE-2024-47673"
},
{
"category": "external",
"summary": "SUSE Bug 1231539 for CVE-2024-47673",
"url": "https://bugzilla.suse.com/1231539"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47673"
},
{
"cve": "CVE-2024-47674",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47674"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: avoid leaving partial pfn mappings around in error case\n\nAs Jann points out, PFN mappings are special, because unlike normal\nmemory mappings, there is no lifetime information associated with the\nmapping - it is just a raw mapping of PFNs with no reference counting of\na \u0027struct page\u0027.\n\nThat\u0027s all very much intentional, but it does mean that it\u0027s easy to\nmess up the cleanup in case of errors. Yes, a failed mmap() will always\neventually clean up any partial mappings, but without any explicit\nlifetime in the page table mapping itself, it\u0027s very easy to do the\nerror handling in the wrong order.\n\nIn particular, it\u0027s easy to mistakenly free the physical backing store\nbefore the page tables are actually cleaned up and (temporarily) have\nstale dangling PTE entries.\n\nTo make this situation less error-prone, just make sure that any partial\npfn mapping is torn down early, before any other error handling.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47674",
"url": "https://www.suse.com/security/cve/CVE-2024-47674"
},
{
"category": "external",
"summary": "SUSE Bug 1231673 for CVE-2024-47674",
"url": "https://bugzilla.suse.com/1231673"
},
{
"category": "external",
"summary": "SUSE Bug 1231676 for CVE-2024-47674",
"url": "https://bugzilla.suse.com/1231676"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-47674"
},
{
"cve": "CVE-2024-47675",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47675"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix use-after-free in bpf_uprobe_multi_link_attach()\n\nIf bpf_link_prime() fails, bpf_uprobe_multi_link_attach() goes to the\nerror_free label and frees the array of bpf_uprobe\u0027s without calling\nbpf_uprobe_unregister().\n\nThis leaks bpf_uprobe-\u003euprobe and worse, this frees bpf_uprobe-\u003econsumer\nwithout removing it from the uprobe-\u003econsumers list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47675",
"url": "https://www.suse.com/security/cve/CVE-2024-47675"
},
{
"category": "external",
"summary": "SUSE Bug 1231926 for CVE-2024-47675",
"url": "https://bugzilla.suse.com/1231926"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47675"
},
{
"cve": "CVE-2024-47679",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47679"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfs: fix race between evice_inodes() and find_inode()\u0026iput()\n\nHi, all\n\nRecently I noticed a bug[1] in btrfs, after digged it into\nand I believe it\u0027a race in vfs.\n\nLet\u0027s assume there\u0027s a inode (ie ino 261) with i_count 1 is\ncalled by iput(), and there\u0027s a concurrent thread calling\ngeneric_shutdown_super().\n\ncpu0: cpu1:\niput() // i_count is 1\n -\u003espin_lock(inode)\n -\u003edec i_count to 0\n -\u003eiput_final() generic_shutdown_super()\n -\u003e__inode_add_lru() -\u003eevict_inodes()\n // cause some reason[2] -\u003eif (atomic_read(inode-\u003ei_count)) continue;\n // return before // inode 261 passed the above check\n // list_lru_add_obj() // and then schedule out\n -\u003espin_unlock()\n// note here: the inode 261\n// was still at sb list and hash list,\n// and I_FREEING|I_WILL_FREE was not been set\n\nbtrfs_iget()\n // after some function calls\n -\u003efind_inode()\n // found the above inode 261\n -\u003espin_lock(inode)\n // check I_FREEING|I_WILL_FREE\n // and passed\n -\u003e__iget()\n -\u003espin_unlock(inode) // schedule back\n -\u003espin_lock(inode)\n // check (I_NEW|I_FREEING|I_WILL_FREE) flags,\n // passed and set I_FREEING\niput() -\u003espin_unlock(inode)\n -\u003espin_lock(inode)\t\t\t -\u003eevict()\n // dec i_count to 0\n -\u003eiput_final()\n -\u003espin_unlock()\n -\u003eevict()\n\nNow, we have two threads simultaneously evicting\nthe same inode, which may trigger the BUG(inode-\u003ei_state \u0026 I_CLEAR)\nstatement both within clear_inode() and iput().\n\nTo fix the bug, recheck the inode-\u003ei_count after holding i_lock.\nBecause in the most scenarios, the first check is valid, and\nthe overhead of spin_lock() can be reduced.\n\nIf there is any misunderstanding, please let me know, thanks.\n\n[1]: https://lore.kernel.org/linux-btrfs/000000000000eabe1d0619c48986@google.com/\n[2]: The reason might be 1. SB_ACTIVE was removed or 2. mapping_shrinkable()\nreturn false when I reproduced the bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47679",
"url": "https://www.suse.com/security/cve/CVE-2024-47679"
},
{
"category": "external",
"summary": "SUSE Bug 1231930 for CVE-2024-47679",
"url": "https://bugzilla.suse.com/1231930"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47679"
},
{
"cve": "CVE-2024-47681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47681"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7996: fix NULL pointer dereference in mt7996_mcu_sta_bfer_he\n\nFix the NULL pointer dereference in mt7996_mcu_sta_bfer_he\nroutine adding an sta interface to the mt7996 driver.\n\nFound by code review.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47681",
"url": "https://www.suse.com/security/cve/CVE-2024-47681"
},
{
"category": "external",
"summary": "SUSE Bug 1231855 for CVE-2024-47681",
"url": "https://bugzilla.suse.com/1231855"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47681"
},
{
"cve": "CVE-2024-47682",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47682"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: sd: Fix off-by-one error in sd_read_block_characteristics()\n\nFf the device returns page 0xb1 with length 8 (happens with qemu v2.x, for\nexample), sd_read_block_characteristics() may attempt an out-of-bounds\nmemory access when accessing the zoned field at offset 8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47682",
"url": "https://www.suse.com/security/cve/CVE-2024-47682"
},
{
"category": "external",
"summary": "SUSE Bug 1231856 for CVE-2024-47682",
"url": "https://bugzilla.suse.com/1231856"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47682"
},
{
"cve": "CVE-2024-47684",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47684"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: check skb is non-NULL in tcp_rto_delta_us()\n\nWe have some machines running stock Ubuntu 20.04.6 which is their 5.4.0-174-generic\nkernel that are running ceph and recently hit a null ptr dereference in\ntcp_rearm_rto(). Initially hitting it from the TLP path, but then later we also\nsaw it getting hit from the RACK case as well. Here are examples of the oops\nmessages we saw in each of those cases:\n\nJul 26 15:05:02 rx [11061395.780353] BUG: kernel NULL pointer dereference, address: 0000000000000020\nJul 26 15:05:02 rx [11061395.787572] #PF: supervisor read access in kernel mode\nJul 26 15:05:02 rx [11061395.792971] #PF: error_code(0x0000) - not-present page\nJul 26 15:05:02 rx [11061395.798362] PGD 0 P4D 0\nJul 26 15:05:02 rx [11061395.801164] Oops: 0000 [#1] SMP NOPTI\nJul 26 15:05:02 rx [11061395.805091] CPU: 0 PID: 9180 Comm: msgr-worker-1 Tainted: G W 5.4.0-174-generic #193-Ubuntu\nJul 26 15:05:02 rx [11061395.814996] Hardware name: Supermicro SMC 2x26 os-gen8 64C NVME-Y 256G/H12SSW-NTR, BIOS 2.5.V1.2U.NVMe.UEFI 05/09/2023\nJul 26 15:05:02 rx [11061395.825952] RIP: 0010:tcp_rearm_rto+0xe4/0x160\nJul 26 15:05:02 rx [11061395.830656] Code: 87 ca 04 00 00 00 5b 41 5c 41 5d 5d c3 c3 49 8b bc 24 40 06 00 00 eb 8d 48 bb cf f7 53 e3 a5 9b c4 20 4c 89 ef e8 0c fe 0e 00 \u003c48\u003e 8b 78 20 48 c1 ef 03 48 89 f8 41 8b bc 24 80 04 00 00 48 f7 e3\nJul 26 15:05:02 rx [11061395.849665] RSP: 0018:ffffb75d40003e08 EFLAGS: 00010246\nJul 26 15:05:02 rx [11061395.855149] RAX: 0000000000000000 RBX: 20c49ba5e353f7cf RCX: 0000000000000000\nJul 26 15:05:02 rx [11061395.862542] RDX: 0000000062177c30 RSI: 000000000000231c RDI: ffff9874ad283a60\nJul 26 15:05:02 rx [11061395.869933] RBP: ffffb75d40003e20 R08: 0000000000000000 R09: ffff987605e20aa8\nJul 26 15:05:02 rx [11061395.877318] R10: ffffb75d40003f00 R11: ffffb75d4460f740 R12: ffff9874ad283900\nJul 26 15:05:02 rx [11061395.884710] R13: ffff9874ad283a60 R14: ffff9874ad283980 R15: ffff9874ad283d30\nJul 26 15:05:02 rx [11061395.892095] FS: 00007f1ef4a2e700(0000) GS:ffff987605e00000(0000) knlGS:0000000000000000\nJul 26 15:05:02 rx [11061395.900438] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nJul 26 15:05:02 rx [11061395.906435] CR2: 0000000000000020 CR3: 0000003e450ba003 CR4: 0000000000760ef0\nJul 26 15:05:02 rx [11061395.913822] PKRU: 55555554\nJul 26 15:05:02 rx [11061395.916786] Call Trace:\nJul 26 15:05:02 rx [11061395.919488]\nJul 26 15:05:02 rx [11061395.921765] ? show_regs.cold+0x1a/0x1f\nJul 26 15:05:02 rx [11061395.925859] ? __die+0x90/0xd9\nJul 26 15:05:02 rx [11061395.929169] ? no_context+0x196/0x380\nJul 26 15:05:02 rx [11061395.933088] ? ip6_protocol_deliver_rcu+0x4e0/0x4e0\nJul 26 15:05:02 rx [11061395.938216] ? ip6_sublist_rcv_finish+0x3d/0x50\nJul 26 15:05:02 rx [11061395.943000] ? __bad_area_nosemaphore+0x50/0x1a0\nJul 26 15:05:02 rx [11061395.947873] ? bad_area_nosemaphore+0x16/0x20\nJul 26 15:05:02 rx [11061395.952486] ? do_user_addr_fault+0x267/0x450\nJul 26 15:05:02 rx [11061395.957104] ? ipv6_list_rcv+0x112/0x140\nJul 26 15:05:02 rx [11061395.961279] ? __do_page_fault+0x58/0x90\nJul 26 15:05:02 rx [11061395.965458] ? do_page_fault+0x2c/0xe0\nJul 26 15:05:02 rx [11061395.969465] ? page_fault+0x34/0x40\nJul 26 15:05:02 rx [11061395.973217] ? tcp_rearm_rto+0xe4/0x160\nJul 26 15:05:02 rx [11061395.977313] ? tcp_rearm_rto+0xe4/0x160\nJul 26 15:05:02 rx [11061395.981408] tcp_send_loss_probe+0x10b/0x220\nJul 26 15:05:02 rx [11061395.985937] tcp_write_timer_handler+0x1b4/0x240\nJul 26 15:05:02 rx [11061395.990809] tcp_write_timer+0x9e/0xe0\nJul 26 15:05:02 rx [11061395.994814] ? tcp_write_timer_handler+0x240/0x240\nJul 26 15:05:02 rx [11061395.999866] call_timer_fn+0x32/0x130\nJul 26 15:05:02 rx [11061396.003782] __run_timers.part.0+0x180/0x280\nJul 26 15:05:02 rx [11061396.008309] ? recalibrate_cpu_khz+0x10/0x10\nJul 26 15:05:02 rx [11061396.012841] ? native_x2apic_icr_write+0x30/0x30\nJul 26 15:05:02 rx [11061396.017718] ? lapic_next_even\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47684",
"url": "https://www.suse.com/security/cve/CVE-2024-47684"
},
{
"category": "external",
"summary": "SUSE Bug 1231987 for CVE-2024-47684",
"url": "https://bugzilla.suse.com/1231987"
},
{
"category": "external",
"summary": "SUSE Bug 1231993 for CVE-2024-47684",
"url": "https://bugzilla.suse.com/1231993"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-47684"
},
{
"cve": "CVE-2024-47685",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47685"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()\n\nsyzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending\ngarbage on the four reserved tcp bits (th-\u003eres1)\n\nUse skb_put_zero() to clear the whole TCP header,\nas done in nf_reject_ip_tcphdr_put()\n\nBUG: KMSAN: uninit-value in nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255\n nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255\n nf_send_reset6+0xd84/0x15b0 net/ipv6/netfilter/nf_reject_ipv6.c:344\n nft_reject_inet_eval+0x3c1/0x880 net/netfilter/nft_reject_inet.c:48\n expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]\n nft_do_chain+0x438/0x22a0 net/netfilter/nf_tables_core.c:288\n nft_do_chain_inet+0x41a/0x4f0 net/netfilter/nft_chain_filter.c:161\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\n nf_hook include/linux/netfilter.h:269 [inline]\n NF_HOOK include/linux/netfilter.h:312 [inline]\n ipv6_rcv+0x29b/0x390 net/ipv6/ip6_input.c:310\n __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\n __netif_receive_skb+0x1da/0xa00 net/core/dev.c:5775\n process_backlog+0x4ad/0xa50 net/core/dev.c:6108\n __napi_poll+0xe7/0x980 net/core/dev.c:6772\n napi_poll net/core/dev.c:6841 [inline]\n net_rx_action+0xa5a/0x19b0 net/core/dev.c:6963\n handle_softirqs+0x1ce/0x800 kernel/softirq.c:554\n __do_softirq+0x14/0x1a kernel/softirq.c:588\n do_softirq+0x9a/0x100 kernel/softirq.c:455\n __local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:382\n local_bh_enable include/linux/bottom_half.h:33 [inline]\n rcu_read_unlock_bh include/linux/rcupdate.h:908 [inline]\n __dev_queue_xmit+0x2692/0x5610 net/core/dev.c:4450\n dev_queue_xmit include/linux/netdevice.h:3105 [inline]\n neigh_resolve_output+0x9ca/0xae0 net/core/neighbour.c:1565\n neigh_output include/net/neighbour.h:542 [inline]\n ip6_finish_output2+0x2347/0x2ba0 net/ipv6/ip6_output.c:141\n __ip6_finish_output net/ipv6/ip6_output.c:215 [inline]\n ip6_finish_output+0xbb8/0x14b0 net/ipv6/ip6_output.c:226\n NF_HOOK_COND include/linux/netfilter.h:303 [inline]\n ip6_output+0x356/0x620 net/ipv6/ip6_output.c:247\n dst_output include/net/dst.h:450 [inline]\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ip6_xmit+0x1ba6/0x25d0 net/ipv6/ip6_output.c:366\n inet6_csk_xmit+0x442/0x530 net/ipv6/inet6_connection_sock.c:135\n __tcp_transmit_skb+0x3b07/0x4880 net/ipv4/tcp_output.c:1466\n tcp_transmit_skb net/ipv4/tcp_output.c:1484 [inline]\n tcp_connect+0x35b6/0x7130 net/ipv4/tcp_output.c:4143\n tcp_v6_connect+0x1bcc/0x1e40 net/ipv6/tcp_ipv6.c:333\n __inet_stream_connect+0x2ef/0x1730 net/ipv4/af_inet.c:679\n inet_stream_connect+0x6a/0xd0 net/ipv4/af_inet.c:750\n __sys_connect_file net/socket.c:2061 [inline]\n __sys_connect+0x606/0x690 net/socket.c:2078\n __do_sys_connect net/socket.c:2088 [inline]\n __se_sys_connect net/socket.c:2085 [inline]\n __x64_sys_connect+0x91/0xe0 net/socket.c:2085\n x64_sys_call+0x27a5/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:43\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was stored to memory at:\n nf_reject_ip6_tcphdr_put+0x60c/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:249\n nf_send_reset6+0xd84/0x15b0 net/ipv6/netfilter/nf_reject_ipv6.c:344\n nft_reject_inet_eval+0x3c1/0x880 net/netfilter/nft_reject_inet.c:48\n expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]\n nft_do_chain+0x438/0x22a0 net/netfilter/nf_tables_core.c:288\n nft_do_chain_inet+0x41a/0x4f0 net/netfilter/nft_chain_filter.c:161\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\n nf_hook include/linux/netfilter.h:269 [inline]\n NF_HOOK include/linux/netfilter.h:312 [inline]\n ipv6_rcv+0x29b/0x390 net/ipv6/ip6_input.c:310\n __netif_receive_skb_one_core\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47685",
"url": "https://www.suse.com/security/cve/CVE-2024-47685"
},
{
"category": "external",
"summary": "SUSE Bug 1231998 for CVE-2024-47685",
"url": "https://bugzilla.suse.com/1231998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47685"
},
{
"cve": "CVE-2024-47686",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47686"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nep93xx: clock: Fix off by one in ep93xx_div_recalc_rate()\n\nThe psc-\u003ediv[] array has psc-\u003enum_div elements. These values come from\nwhen we call clk_hw_register_div(). It\u0027s adc_divisors and\nARRAY_SIZE(adc_divisors)) and so on. So this condition needs to be \u003e=\ninstead of \u003e to prevent an out of bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47686",
"url": "https://www.suse.com/security/cve/CVE-2024-47686"
},
{
"category": "external",
"summary": "SUSE Bug 1232000 for CVE-2024-47686",
"url": "https://bugzilla.suse.com/1232000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "low"
}
],
"title": "CVE-2024-47686"
},
{
"cve": "CVE-2024-47687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47687"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa/mlx5: Fix invalid mr resource destroy\n\nCertain error paths from mlx5_vdpa_dev_add() can end up releasing mr\nresources which never got initialized in the first place.\n\nThis patch adds the missing check in mlx5_vdpa_destroy_mr_resources()\nto block releasing non-initialized mr resources.\n\nReference trace:\n\n mlx5_core 0000:08:00.2: mlx5_vdpa_dev_add:3274:(pid 2700) warning: No mac address provisioned?\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 140216067 P4D 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 8 PID: 2700 Comm: vdpa Kdump: loaded Not tainted 5.14.0-496.el9.x86_64 #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n RIP: 0010:vhost_iotlb_del_range+0xf/0xe0 [vhost_iotlb]\n Code: [...]\n RSP: 0018:ff1c823ac23077f0 EFLAGS: 00010246\n RAX: ffffffffc1a21a60 RBX: ffffffff899567a0 RCX: 0000000000000000\n RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ff1bda1f7c21e800 R08: 0000000000000000 R09: ff1c823ac2307670\n R10: ff1c823ac2307668 R11: ffffffff8a9e7b68 R12: 0000000000000000\n R13: 0000000000000000 R14: ff1bda1f43e341a0 R15: 00000000ffffffea\n FS: 00007f56eba7c740(0000) GS:ff1bda269f800000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 0000000104d90001 CR4: 0000000000771ef0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n\n ? show_trace_log_lvl+0x1c4/0x2df\n ? show_trace_log_lvl+0x1c4/0x2df\n ? mlx5_vdpa_free+0x3d/0x150 [mlx5_vdpa]\n ? __die_body.cold+0x8/0xd\n ? page_fault_oops+0x134/0x170\n ? __irq_work_queue_local+0x2b/0xc0\n ? irq_work_queue+0x2c/0x50\n ? exc_page_fault+0x62/0x150\n ? asm_exc_page_fault+0x22/0x30\n ? __pfx_mlx5_vdpa_free+0x10/0x10 [mlx5_vdpa]\n ? vhost_iotlb_del_range+0xf/0xe0 [vhost_iotlb]\n mlx5_vdpa_free+0x3d/0x150 [mlx5_vdpa]\n vdpa_release_dev+0x1e/0x50 [vdpa]\n device_release+0x31/0x90\n kobject_cleanup+0x37/0x130\n mlx5_vdpa_dev_add+0x2d2/0x7a0 [mlx5_vdpa]\n vdpa_nl_cmd_dev_add_set_doit+0x277/0x4c0 [vdpa]\n genl_family_rcv_msg_doit+0xd9/0x130\n genl_family_rcv_msg+0x14d/0x220\n ? __pfx_vdpa_nl_cmd_dev_add_set_doit+0x10/0x10 [vdpa]\n ? _copy_to_user+0x1a/0x30\n ? move_addr_to_user+0x4b/0xe0\n genl_rcv_msg+0x47/0xa0\n ? __import_iovec+0x46/0x150\n ? __pfx_genl_rcv_msg+0x10/0x10\n netlink_rcv_skb+0x54/0x100\n genl_rcv+0x24/0x40\n netlink_unicast+0x245/0x370\n netlink_sendmsg+0x206/0x440\n __sys_sendto+0x1dc/0x1f0\n ? do_read_fault+0x10c/0x1d0\n ? do_pte_missing+0x10d/0x190\n __x64_sys_sendto+0x20/0x30\n do_syscall_64+0x5c/0xf0\n ? __count_memcg_events+0x4f/0xb0\n ? mm_account_fault+0x6c/0x100\n ? handle_mm_fault+0x116/0x270\n ? do_user_addr_fault+0x1d6/0x6a0\n ? do_syscall_64+0x6b/0xf0\n ? clear_bhb_loop+0x25/0x80\n ? clear_bhb_loop+0x25/0x80\n ? clear_bhb_loop+0x25/0x80\n ? clear_bhb_loop+0x25/0x80\n ? clear_bhb_loop+0x25/0x80\n entry_SYSCALL_64_after_hwframe+0x78/0x80",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47687",
"url": "https://www.suse.com/security/cve/CVE-2024-47687"
},
{
"category": "external",
"summary": "SUSE Bug 1232003 for CVE-2024-47687",
"url": "https://bugzilla.suse.com/1232003"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47687"
},
{
"cve": "CVE-2024-47688",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47688"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: Fix a potential null-ptr-deref in module_add_driver()\n\nInject fault while probing of-fpga-region, if kasprintf() fails in\nmodule_add_driver(), the second sysfs_remove_link() in exit path will cause\nnull-ptr-deref as below because kernfs_name_hash() will call strlen() with\nNULL driver_name.\n\nFix it by releasing resources based on the exit path sequence.\n\n\t KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\n\t Mem abort info:\n\t ESR = 0x0000000096000005\n\t EC = 0x25: DABT (current EL), IL = 32 bits\n\t SET = 0, FnV = 0\n\t EA = 0, S1PTW = 0\n\t FSC = 0x05: level 1 translation fault\n\t Data abort info:\n\t ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n\t CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n\t GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n\t [dfffffc000000000] address between user and kernel address ranges\n\t Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n\t Dumping ftrace buffer:\n\t (ftrace buffer empty)\n\t Modules linked in: of_fpga_region(+) fpga_region fpga_bridge cfg80211 rfkill 8021q garp mrp stp llc ipv6 [last unloaded: of_fpga_region]\n\t CPU: 2 UID: 0 PID: 2036 Comm: modprobe Not tainted 6.11.0-rc2-g6a0e38264012 #295\n\t Hardware name: linux,dummy-virt (DT)\n\t pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n\t pc : strlen+0x24/0xb0\n\t lr : kernfs_name_hash+0x1c/0xc4\n\t sp : ffffffc081f97380\n\t x29: ffffffc081f97380 x28: ffffffc081f97b90 x27: ffffff80c821c2a0\n\t x26: ffffffedac0be418 x25: 0000000000000000 x24: ffffff80c09d2000\n\t x23: 0000000000000000 x22: 0000000000000000 x21: 0000000000000000\n\t x20: 0000000000000000 x19: 0000000000000000 x18: 0000000000001840\n\t x17: 0000000000000000 x16: 0000000000000000 x15: 1ffffff8103f2e42\n\t x14: 00000000f1f1f1f1 x13: 0000000000000004 x12: ffffffb01812d61d\n\t x11: 1ffffff01812d61c x10: ffffffb01812d61c x9 : dfffffc000000000\n\t x8 : 0000004fe7ed29e4 x7 : ffffff80c096b0e7 x6 : 0000000000000001\n\t x5 : ffffff80c096b0e0 x4 : 1ffffffdb990efa2 x3 : 0000000000000000\n\t x2 : 0000000000000000 x1 : dfffffc000000000 x0 : 0000000000000000\n\t Call trace:\n\t strlen+0x24/0xb0\n\t kernfs_name_hash+0x1c/0xc4\n\t kernfs_find_ns+0x118/0x2e8\n\t kernfs_remove_by_name_ns+0x80/0x100\n\t sysfs_remove_link+0x74/0xa8\n\t module_add_driver+0x278/0x394\n\t bus_add_driver+0x1f0/0x43c\n\t driver_register+0xf4/0x3c0\n\t __platform_driver_register+0x60/0x88\n\t of_fpga_region_init+0x20/0x1000 [of_fpga_region]\n\t do_one_initcall+0x110/0x788\n\t do_init_module+0x1dc/0x5c8\n\t load_module+0x3c38/0x4cac\n\t init_module_from_file+0xd4/0x128\n\t idempotent_init_module+0x2cc/0x528\n\t __arm64_sys_finit_module+0xac/0x100\n\t invoke_syscall+0x6c/0x258\n\t el0_svc_common.constprop.0+0x160/0x22c\n\t do_el0_svc+0x44/0x5c\n\t el0_svc+0x48/0xb8\n\t el0t_64_sync_handler+0x13c/0x158\n\t el0t_64_sync+0x190/0x194\n\t Code: f2fbffe1 a90157f4 12000802 aa0003f5 (38e16861)\n\t ---[ end trace 0000000000000000 ]---\n\t Kernel panic - not syncing: Oops: Fatal exception",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47688",
"url": "https://www.suse.com/security/cve/CVE-2024-47688"
},
{
"category": "external",
"summary": "SUSE Bug 1232009 for CVE-2024-47688",
"url": "https://bugzilla.suse.com/1232009"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47688"
},
{
"cve": "CVE-2024-47692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47692"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: return -EINVAL when namelen is 0\n\nWhen we have a corrupted main.sqlite in /var/lib/nfs/nfsdcld/, it may\nresult in namelen being 0, which will cause memdup_user() to return\nZERO_SIZE_PTR.\nWhen we access the name.data that has been assigned the value of\nZERO_SIZE_PTR in nfs4_client_to_reclaim(), null pointer dereference is\ntriggered.\n\n[ T1205] ==================================================================\n[ T1205] BUG: KASAN: null-ptr-deref in nfs4_client_to_reclaim+0xe9/0x260\n[ T1205] Read of size 1 at addr 0000000000000010 by task nfsdcld/1205\n[ T1205]\n[ T1205] CPU: 11 PID: 1205 Comm: nfsdcld Not tainted 5.10.0-00003-g2c1423731b8d #406\n[ T1205] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20190727_073836-buildvm-ppc64le-16.ppc.fedoraproject.org-3.fc31 04/01/2014\n[ T1205] Call Trace:\n[ T1205] dump_stack+0x9a/0xd0\n[ T1205] ? nfs4_client_to_reclaim+0xe9/0x260\n[ T1205] __kasan_report.cold+0x34/0x84\n[ T1205] ? nfs4_client_to_reclaim+0xe9/0x260\n[ T1205] kasan_report+0x3a/0x50\n[ T1205] nfs4_client_to_reclaim+0xe9/0x260\n[ T1205] ? nfsd4_release_lockowner+0x410/0x410\n[ T1205] cld_pipe_downcall+0x5ca/0x760\n[ T1205] ? nfsd4_cld_tracking_exit+0x1d0/0x1d0\n[ T1205] ? down_write_killable_nested+0x170/0x170\n[ T1205] ? avc_policy_seqno+0x28/0x40\n[ T1205] ? selinux_file_permission+0x1b4/0x1e0\n[ T1205] rpc_pipe_write+0x84/0xb0\n[ T1205] vfs_write+0x143/0x520\n[ T1205] ksys_write+0xc9/0x170\n[ T1205] ? __ia32_sys_read+0x50/0x50\n[ T1205] ? ktime_get_coarse_real_ts64+0xfe/0x110\n[ T1205] ? ktime_get_coarse_real_ts64+0xa2/0x110\n[ T1205] do_syscall_64+0x33/0x40\n[ T1205] entry_SYSCALL_64_after_hwframe+0x67/0xd1\n[ T1205] RIP: 0033:0x7fdbdb761bc7\n[ T1205] Code: 0f 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 514\n[ T1205] RSP: 002b:00007fff8c4b7248 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ T1205] RAX: ffffffffffffffda RBX: 000000000000042b RCX: 00007fdbdb761bc7\n[ T1205] RDX: 000000000000042b RSI: 00007fff8c4b75f0 RDI: 0000000000000008\n[ T1205] RBP: 00007fdbdb761bb0 R08: 0000000000000000 R09: 0000000000000001\n[ T1205] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000042b\n[ T1205] R13: 0000000000000008 R14: 00007fff8c4b75f0 R15: 0000000000000000\n[ T1205] ==================================================================\n\nFix it by checking namelen.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47692",
"url": "https://www.suse.com/security/cve/CVE-2024-47692"
},
{
"category": "external",
"summary": "SUSE Bug 1231857 for CVE-2024-47692",
"url": "https://bugzilla.suse.com/1231857"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47692"
},
{
"cve": "CVE-2024-47693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47693"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/core: Fix ib_cache_setup_one error flow cleanup\n\nWhen ib_cache_update return an error, we exit ib_cache_setup_one\ninstantly with no proper cleanup, even though before this we had\nalready successfully done gid_table_setup_one, that results in\nthe kernel WARN below.\n\nDo proper cleanup using gid_table_cleanup_one before returning\nthe err in order to fix the issue.\n\nWARNING: CPU: 4 PID: 922 at drivers/infiniband/core/cache.c:806 gid_table_release_one+0x181/0x1a0\nModules linked in:\nCPU: 4 UID: 0 PID: 922 Comm: c_repro Not tainted 6.11.0-rc1+ #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:gid_table_release_one+0x181/0x1a0\nCode: 44 8b 38 75 0c e8 2f cb 34 ff 4d 8b b5 28 05 00 00 e8 23 cb 34 ff 44 89 f9 89 da 4c 89 f6 48 c7 c7 d0 58 14 83 e8 4f de 21 ff \u003c0f\u003e 0b 4c 8b 75 30 e9 54 ff ff ff 48 8 3 c4 10 5b 5d 41 5c 41 5d 41\nRSP: 0018:ffffc90002b835b0 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff811c8527\nRDX: 0000000000000000 RSI: ffffffff811c8534 RDI: 0000000000000001\nRBP: ffff8881011b3d00 R08: ffff88810b3abe00 R09: 205d303839303631\nR10: 666572207972746e R11: 72746e6520444947 R12: 0000000000000001\nR13: ffff888106390000 R14: ffff8881011f2110 R15: 0000000000000001\nFS: 00007fecc3b70800(0000) GS:ffff88813bd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020000340 CR3: 000000010435a001 CR4: 00000000003706b0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? show_regs+0x94/0xa0\n ? __warn+0x9e/0x1c0\n ? gid_table_release_one+0x181/0x1a0\n ? report_bug+0x1f9/0x340\n ? gid_table_release_one+0x181/0x1a0\n ? handle_bug+0xa2/0x110\n ? exc_invalid_op+0x31/0xa0\n ? asm_exc_invalid_op+0x16/0x20\n ? __warn_printk+0xc7/0x180\n ? __warn_printk+0xd4/0x180\n ? gid_table_release_one+0x181/0x1a0\n ib_device_release+0x71/0xe0\n ? __pfx_ib_device_release+0x10/0x10\n device_release+0x44/0xd0\n kobject_put+0x135/0x3d0\n put_device+0x20/0x30\n rxe_net_add+0x7d/0xa0\n rxe_newlink+0xd7/0x190\n nldev_newlink+0x1b0/0x2a0\n ? __pfx_nldev_newlink+0x10/0x10\n rdma_nl_rcv_msg+0x1ad/0x2e0\n rdma_nl_rcv_skb.constprop.0+0x176/0x210\n netlink_unicast+0x2de/0x400\n netlink_sendmsg+0x306/0x660\n __sock_sendmsg+0x110/0x120\n ____sys_sendmsg+0x30e/0x390\n ___sys_sendmsg+0x9b/0xf0\n ? kstrtouint+0x6e/0xa0\n ? kstrtouint_from_user+0x7c/0xb0\n ? get_pid_task+0xb0/0xd0\n ? proc_fail_nth_write+0x5b/0x140\n ? __fget_light+0x9a/0x200\n ? preempt_count_add+0x47/0xa0\n __sys_sendmsg+0x61/0xd0\n do_syscall_64+0x50/0x110\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47693",
"url": "https://www.suse.com/security/cve/CVE-2024-47693"
},
{
"category": "external",
"summary": "SUSE Bug 1232013 for CVE-2024-47693",
"url": "https://bugzilla.suse.com/1232013"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47693"
},
{
"cve": "CVE-2024-47695",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47695"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds\n\nIn the function init_conns(), after the create_con() and create_cm() for\nloop if something fails. In the cleanup for loop after the destroy tag, we\naccess out of bound memory because cid is set to clt_path-\u003es.con_num.\n\nThis commits resets the cid to clt_path-\u003es.con_num - 1, to stay in bounds\nin the cleanup loop later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47695",
"url": "https://www.suse.com/security/cve/CVE-2024-47695"
},
{
"category": "external",
"summary": "SUSE Bug 1231931 for CVE-2024-47695",
"url": "https://bugzilla.suse.com/1231931"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47695"
},
{
"cve": "CVE-2024-47696",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47696"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency\n\nIn the commit aee2424246f9 (\"RDMA/iwcm: Fix a use-after-free related to\ndestroying CM IDs\"), the function flush_workqueue is invoked to flush the\nwork queue iwcm_wq.\n\nBut at that time, the work queue iwcm_wq was created via the function\nalloc_ordered_workqueue without the flag WQ_MEM_RECLAIM.\n\nBecause the current process is trying to flush the whole iwcm_wq, if\niwcm_wq doesn\u0027t have the flag WQ_MEM_RECLAIM, verify that the current\nprocess is not reclaiming memory or running on a workqueue which doesn\u0027t\nhave the flag WQ_MEM_RECLAIM as that can break forward-progress guarantee\nleading to a deadlock.\n\nThe call trace is as below:\n\n[ 125.350876][ T1430] Call Trace:\n[ 125.356281][ T1430] \u003cTASK\u003e\n[ 125.361285][ T1430] ? __warn (kernel/panic.c:693)\n[ 125.367640][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))\n[ 125.375689][ T1430] ? report_bug (lib/bug.c:180 lib/bug.c:219)\n[ 125.382505][ T1430] ? handle_bug (arch/x86/kernel/traps.c:239)\n[ 125.388987][ T1430] ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminator 1))\n[ 125.395831][ T1430] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621)\n[ 125.403125][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))\n[ 125.410984][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))\n[ 125.418764][ T1430] __flush_workqueue (kernel/workqueue.c:3970)\n[ 125.426021][ T1430] ? __pfx___might_resched (kernel/sched/core.c:10151)\n[ 125.433431][ T1430] ? destroy_cm_id (drivers/infiniband/core/iwcm.c:375) iw_cm\n[ 125.441209][ T1430] ? __pfx___flush_workqueue (kernel/workqueue.c:3910)\n[ 125.473900][ T1430] ? _raw_spin_lock_irqsave (arch/x86/include/asm/atomic.h:107 include/linux/atomic/atomic-arch-fallback.h:2170 include/linux/atomic/atomic-instrumented.h:1302 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:187 include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)\n[ 125.473909][ T1430] ? __pfx__raw_spin_lock_irqsave (kernel/locking/spinlock.c:161)\n[ 125.482537][ T1430] _destroy_id (drivers/infiniband/core/cma.c:2044) rdma_cm\n[ 125.495072][ T1430] nvme_rdma_free_queue (drivers/nvme/host/rdma.c:656 drivers/nvme/host/rdma.c:650) nvme_rdma\n[ 125.505827][ T1430] nvme_rdma_reset_ctrl_work (drivers/nvme/host/rdma.c:2180) nvme_rdma\n[ 125.505831][ T1430] process_one_work (kernel/workqueue.c:3231)\n[ 125.515122][ T1430] worker_thread (kernel/workqueue.c:3306 kernel/workqueue.c:3393)\n[ 125.515127][ T1430] ? __pfx_worker_thread (kernel/workqueue.c:3339)\n[ 125.531837][ T1430] kthread (kernel/kthread.c:389)\n[ 125.539864][ T1430] ? __pfx_kthread (kernel/kthread.c:342)\n[ 125.550628][ T1430] ret_from_fork (arch/x86/kernel/process.c:147)\n[ 125.558840][ T1430] ? __pfx_kthread (kernel/kthread.c:342)\n[ 125.558844][ T1430] ret_from_fork_asm (arch/x86/entry/entry_64.S:257)\n[ 125.566487][ T1430] \u003c/TASK\u003e\n[ 125.566488][ T1430] ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47696",
"url": "https://www.suse.com/security/cve/CVE-2024-47696"
},
{
"category": "external",
"summary": "SUSE Bug 1231864 for CVE-2024-47696",
"url": "https://bugzilla.suse.com/1231864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47696"
},
{
"cve": "CVE-2024-47697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error\n\nEnsure index in rtl2830_pid_filter does not exceed 31 to prevent\nout-of-bounds access.\n\ndev-\u003efilters is a 32-bit value, so set_bit and clear_bit functions should\nonly operate on indices from 0 to 31. If index is 32, it will attempt to\naccess a non-existent 33rd bit, leading to out-of-bounds access.\nChange the boundary check from index \u003e 32 to index \u003e= 32 to resolve this\nissue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47697",
"url": "https://www.suse.com/security/cve/CVE-2024-47697"
},
{
"category": "external",
"summary": "SUSE Bug 1231858 for CVE-2024-47697",
"url": "https://bugzilla.suse.com/1231858"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47697"
},
{
"cve": "CVE-2024-47698",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47698"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error\n\nEnsure index in rtl2832_pid_filter does not exceed 31 to prevent\nout-of-bounds access.\n\ndev-\u003efilters is a 32-bit value, so set_bit and clear_bit functions should\nonly operate on indices from 0 to 31. If index is 32, it will attempt to\naccess a non-existent 33rd bit, leading to out-of-bounds access.\nChange the boundary check from index \u003e 32 to index \u003e= 32 to resolve this\nissue.\n\n[hverkuil: added fixes tag, rtl2830_pid_filter -\u003e rtl2832_pid_filter in logmsg]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47698",
"url": "https://www.suse.com/security/cve/CVE-2024-47698"
},
{
"category": "external",
"summary": "SUSE Bug 1231859 for CVE-2024-47698",
"url": "https://bugzilla.suse.com/1231859"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47698"
},
{
"cve": "CVE-2024-47699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47699"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential null-ptr-deref in nilfs_btree_insert()\n\nPatch series \"nilfs2: fix potential issues with empty b-tree nodes\".\n\nThis series addresses three potential issues with empty b-tree nodes that\ncan occur with corrupted filesystem images, including one recently\ndiscovered by syzbot.\n\n\nThis patch (of 3):\n\nIf a b-tree is broken on the device, and the b-tree height is greater than\n2 (the level of the root node is greater than 1) even if the number of\nchild nodes of the b-tree root is 0, a NULL pointer dereference occurs in\nnilfs_btree_prepare_insert(), which is called from nilfs_btree_insert().\n\nThis is because, when the number of child nodes of the b-tree root is 0,\nnilfs_btree_do_lookup() does not set the block buffer head in any of\npath[x].bp_bh, leaving it as the initial value of NULL, but if the level\nof the b-tree root node is greater than 1, nilfs_btree_get_nonroot_node(),\nwhich accesses the buffer memory of path[x].bp_bh, is called.\n\nFix this issue by adding a check to nilfs_btree_root_broken(), which\nperforms sanity checks when reading the root node from the device, to\ndetect this inconsistency.\n\nThanks to Lizhi Xu for trying to solve the bug and clarifying the cause\nearly on.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47699",
"url": "https://www.suse.com/security/cve/CVE-2024-47699"
},
{
"category": "external",
"summary": "SUSE Bug 1231916 for CVE-2024-47699",
"url": "https://bugzilla.suse.com/1231916"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47699"
},
{
"cve": "CVE-2024-47701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47701"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid OOB when system.data xattr changes underneath the filesystem\n\nWhen looking up for an entry in an inlined directory, if e_value_offs is\nchanged underneath the filesystem by some change in the block device, it\nwill lead to an out-of-bounds access that KASAN detects as an UAF.\n\nEXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.\nloop0: detected capacity change from 2048 to 2047\n==================================================================\nBUG: KASAN: use-after-free in ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\nRead of size 1 at addr ffff88803e91130f by task syz-executor269/5103\n\nCPU: 0 UID: 0 PID: 5103 Comm: syz-executor269 Not tainted 6.11.0-rc4-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\n ext4_find_inline_entry+0x4be/0x5e0 fs/ext4/inline.c:1697\n __ext4_find_entry+0x2b4/0x1b30 fs/ext4/namei.c:1573\n ext4_lookup_entry fs/ext4/namei.c:1727 [inline]\n ext4_lookup+0x15f/0x750 fs/ext4/namei.c:1795\n lookup_one_qstr_excl+0x11f/0x260 fs/namei.c:1633\n filename_create+0x297/0x540 fs/namei.c:3980\n do_symlinkat+0xf9/0x3a0 fs/namei.c:4587\n __do_sys_symlinkat fs/namei.c:4610 [inline]\n __se_sys_symlinkat fs/namei.c:4607 [inline]\n __x64_sys_symlinkat+0x95/0xb0 fs/namei.c:4607\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f3e73ced469\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fff4d40c258 EFLAGS: 00000246 ORIG_RAX: 000000000000010a\nRAX: ffffffffffffffda RBX: 0032656c69662f2e RCX: 00007f3e73ced469\nRDX: 0000000020000200 RSI: 00000000ffffff9c RDI: 00000000200001c0\nRBP: 0000000000000000 R08: 00007fff4d40c290 R09: 00007fff4d40c290\nR10: 0023706f6f6c2f76 R11: 0000000000000246 R12: 00007fff4d40c27c\nR13: 0000000000000003 R14: 431bde82d7b634db R15: 00007fff4d40c2b0\n \u003c/TASK\u003e\n\nCalling ext4_xattr_ibody_find right after reading the inode with\next4_get_inode_loc will lead to a check of the validity of the xattrs,\navoiding this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47701",
"url": "https://www.suse.com/security/cve/CVE-2024-47701"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-47701",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1231920 for CVE-2024-47701",
"url": "https://bugzilla.suse.com/1231920"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47701"
},
{
"cve": "CVE-2024-47702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fail verification for sign-extension of packet data/data_end/data_meta\n\nsyzbot reported a kernel crash due to\n commit 1f1e864b6555 (\"bpf: Handle sign-extenstin ctx member accesses\").\nThe reason is due to sign-extension of 32-bit load for\npacket data/data_end/data_meta uapi field.\n\nThe original code looks like:\n r2 = *(s32 *)(r1 + 76) /* load __sk_buff-\u003edata */\n r3 = *(u32 *)(r1 + 80) /* load __sk_buff-\u003edata_end */\n r0 = r2\n r0 += 8\n if r3 \u003e r0 goto +1\n ...\nNote that __sk_buff-\u003edata load has 32-bit sign extension.\n\nAfter verification and convert_ctx_accesses(), the final asm code looks like:\n r2 = *(u64 *)(r1 +208)\n r2 = (s32)r2\n r3 = *(u64 *)(r1 +80)\n r0 = r2\n r0 += 8\n if r3 \u003e r0 goto pc+1\n ...\nNote that \u0027r2 = (s32)r2\u0027 may make the kernel __sk_buff-\u003edata address invalid\nwhich may cause runtime failure.\n\nCurrently, in C code, typically we have\n void *data = (void *)(long)skb-\u003edata;\n void *data_end = (void *)(long)skb-\u003edata_end;\n ...\nand it will generate\n r2 = *(u64 *)(r1 +208)\n r3 = *(u64 *)(r1 +80)\n r0 = r2\n r0 += 8\n if r3 \u003e r0 goto pc+1\n\nIf we allow sign-extension,\n void *data = (void *)(long)(int)skb-\u003edata;\n void *data_end = (void *)(long)skb-\u003edata_end;\n ...\nthe generated code looks like\n r2 = *(u64 *)(r1 +208)\n r2 \u003c\u003c= 32\n r2 s\u003e\u003e= 32\n r3 = *(u64 *)(r1 +80)\n r0 = r2\n r0 += 8\n if r3 \u003e r0 goto pc+1\nand this will cause verification failure since \"r2 \u003c\u003c= 32\" is not allowed\nas \"r2\" is a packet pointer.\n\nTo fix this issue for case\n r2 = *(s32 *)(r1 + 76) /* load __sk_buff-\u003edata */\nthis patch added additional checking in is_valid_access() callback\nfunction for packet data/data_end/data_meta access. If those accesses\nare with sign-extenstion, the verification will fail.\n\n [1] https://lore.kernel.org/bpf/000000000000c90eee061d236d37@google.com/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47702",
"url": "https://www.suse.com/security/cve/CVE-2024-47702"
},
{
"category": "external",
"summary": "SUSE Bug 1231924 for CVE-2024-47702",
"url": "https://bugzilla.suse.com/1231924"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47702"
},
{
"cve": "CVE-2024-47703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, lsm: Add check for BPF LSM return value\n\nA bpf prog returning a positive number attached to file_alloc_security\nhook makes kernel panic.\n\nThis happens because file system can not filter out the positive number\nreturned by the LSM prog using IS_ERR, and misinterprets this positive\nnumber as a file pointer.\n\nGiven that hook file_alloc_security never returned positive number\nbefore the introduction of BPF LSM, and other BPF LSM hooks may\nencounter similar issues, this patch adds LSM return value check\nin verifier, to ensure no unexpected value is returned.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47703",
"url": "https://www.suse.com/security/cve/CVE-2024-47703"
},
{
"category": "external",
"summary": "SUSE Bug 1231946 for CVE-2024-47703",
"url": "https://bugzilla.suse.com/1231946"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47703"
},
{
"cve": "CVE-2024-47704",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47704"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check link_res-\u003ehpo_dp_link_enc before using it\n\n[WHAT \u0026 HOW]\nFunctions dp_enable_link_phy and dp_disable_link_phy can pass link_res\nwithout initializing hpo_dp_link_enc and it is necessary to check for\nnull before dereferencing.\n\nThis fixes 2 FORWARD_NULL issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47704",
"url": "https://www.suse.com/security/cve/CVE-2024-47704"
},
{
"category": "external",
"summary": "SUSE Bug 1231944 for CVE-2024-47704",
"url": "https://bugzilla.suse.com/1231944"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47704"
},
{
"cve": "CVE-2024-47705",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47705"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix potential invalid pointer dereference in blk_add_partition\n\nThe blk_add_partition() function initially used a single if-condition\n(IS_ERR(part)) to check for errors when adding a partition. This was\nmodified to handle the specific case of -ENXIO separately, allowing the\nfunction to proceed without logging the error in this case. However,\nthis change unintentionally left a path where md_autodetect_dev()\ncould be called without confirming that part is a valid pointer.\n\nThis commit separates the error handling logic by splitting the\ninitial if-condition, improving code readability and handling specific\nerror scenarios explicitly. The function now distinguishes the general\nerror case from -ENXIO without altering the existing behavior of\nmd_autodetect_dev() calls.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47705",
"url": "https://www.suse.com/security/cve/CVE-2024-47705"
},
{
"category": "external",
"summary": "SUSE Bug 1231872 for CVE-2024-47705",
"url": "https://bugzilla.suse.com/1231872"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47705"
},
{
"cve": "CVE-2024-47706",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47706"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock, bfq: fix possible UAF for bfqq-\u003ebic with merge chain\n\n1) initial state, three tasks:\n\n\t\tProcess 1 Process 2\tProcess 3\n\t\t (BIC1) (BIC2)\t\t (BIC3)\n\t\t | \u039b | \u039b\t\t | \u039b\n\t\t | | | |\t\t | |\n\t\t V | V |\t\t V |\n\t\t bfqq1 bfqq2\t\t bfqq3\nprocess ref:\t 1\t\t 1\t\t 1\n\n2) bfqq1 merged to bfqq2:\n\n\t\tProcess 1 Process 2\tProcess 3\n\t\t (BIC1) (BIC2)\t\t (BIC3)\n\t\t | |\t\t | \u039b\n\t\t \\--------------\\|\t\t | |\n\t\t V\t\t V |\n\t\t bfqq1---------\u003ebfqq2\t\t bfqq3\nprocess ref:\t 0\t\t 2\t\t 1\n\n3) bfqq2 merged to bfqq3:\n\n\t\tProcess 1 Process 2\tProcess 3\n\t\t (BIC1) (BIC2)\t\t (BIC3)\n\t here -\u003e \u039b |\t\t |\n\t\t \\--------------\\ \\-------------\\|\n\t\t V\t\t V\n\t\t bfqq1---------\u003ebfqq2----------\u003ebfqq3\nprocess ref:\t 0\t\t 1\t\t 3\n\nIn this case, IO from Process 1 will get bfqq2 from BIC1 first, and then\nget bfqq3 through merge chain, and finially handle IO by bfqq3.\nHowerver, current code will think bfqq2 is owned by BIC1, like initial\nstate, and set bfqq2-\u003ebic to BIC1.\n\nbfq_insert_request\n-\u003e by Process 1\n bfqq = bfq_init_rq(rq)\n bfqq = bfq_get_bfqq_handle_split\n bfqq = bic_to_bfqq\n -\u003e get bfqq2 from BIC1\n bfqq-\u003eref++\n rq-\u003eelv.priv[0] = bic\n rq-\u003eelv.priv[1] = bfqq\n if (bfqq_process_refs(bfqq) == 1)\n bfqq-\u003ebic = bic\n -\u003e record BIC1 to bfqq2\n\n __bfq_insert_request\n new_bfqq = bfq_setup_cooperator\n -\u003e get bfqq3 from bfqq2-\u003enew_bfqq\n bfqq_request_freed(bfqq)\n new_bfqq-\u003eref++\n rq-\u003eelv.priv[1] = new_bfqq\n -\u003e handle IO by bfqq3\n\nFix the problem by checking bfqq is from merge chain fist. And this\nmight fix a following problem reported by our syzkaller(unreproducible):\n\n==================================================================\nBUG: KASAN: slab-use-after-free in bfq_do_early_stable_merge block/bfq-iosched.c:5692 [inline]\nBUG: KASAN: slab-use-after-free in bfq_do_or_sched_stable_merge block/bfq-iosched.c:5805 [inline]\nBUG: KASAN: slab-use-after-free in bfq_get_queue+0x25b0/0x2610 block/bfq-iosched.c:5889\nWrite of size 1 at addr ffff888123839eb8 by task kworker/0:1H/18595\n\nCPU: 0 PID: 18595 Comm: kworker/0:1H Tainted: G L 6.6.0-07439-gba2303cacfda #6\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\nWorkqueue: kblockd blk_mq_requeue_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x91/0xf0 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:364 [inline]\n print_report+0x10d/0x610 mm/kasan/report.c:475\n kasan_report+0x8e/0xc0 mm/kasan/report.c:588\n bfq_do_early_stable_merge block/bfq-iosched.c:5692 [inline]\n bfq_do_or_sched_stable_merge block/bfq-iosched.c:5805 [inline]\n bfq_get_queue+0x25b0/0x2610 block/bfq-iosched.c:5889\n bfq_get_bfqq_handle_split+0x169/0x5d0 block/bfq-iosched.c:6757\n bfq_init_rq block/bfq-iosched.c:6876 [inline]\n bfq_insert_request block/bfq-iosched.c:6254 [inline]\n bfq_insert_requests+0x1112/0x5cf0 block/bfq-iosched.c:6304\n blk_mq_insert_request+0x290/0x8d0 block/blk-mq.c:2593\n blk_mq_requeue_work+0x6bc/0xa70 block/blk-mq.c:1502\n process_one_work kernel/workqueue.c:2627 [inline]\n process_scheduled_works+0x432/0x13f0 kernel/workqueue.c:2700\n worker_thread+0x6f2/0x1160 kernel/workqueue.c:2781\n kthread+0x33c/0x440 kernel/kthread.c:388\n ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:305\n \u003c/TASK\u003e\n\nAllocated by task 20776:\n kasan_save_stack+0x20/0x40 mm/kasan/common.c:45\n kasan_set_track+0x25/0x30 mm/kasan/common.c:52\n __kasan_slab_alloc+0x87/0x90 mm/kasan/common.c:328\n kasan_slab_alloc include/linux/kasan.h:188 [inline]\n slab_post_alloc_hook mm/slab.h:763 [inline]\n slab_alloc_node mm/slub.c:3458 [inline]\n kmem_cache_alloc_node+0x1a4/0x6f0 mm/slub.c:3503\n ioc_create_icq block/blk-ioc.c:370 [inline]\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47706",
"url": "https://www.suse.com/security/cve/CVE-2024-47706"
},
{
"category": "external",
"summary": "SUSE Bug 1231942 for CVE-2024-47706",
"url": "https://bugzilla.suse.com/1231942"
},
{
"category": "external",
"summary": "SUSE Bug 1231943 for CVE-2024-47706",
"url": "https://bugzilla.suse.com/1231943"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-47706"
},
{
"cve": "CVE-2024-47707",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47707"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev()\n\nBlamed commit accidentally removed a check for rt-\u003ert6i_idev being NULL,\nas spotted by syzbot:\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 1 UID: 0 PID: 10998 Comm: syz-executor Not tainted 6.11.0-rc6-syzkaller-00208-g625403177711 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\n RIP: 0010:rt6_uncached_list_flush_dev net/ipv6/route.c:177 [inline]\n RIP: 0010:rt6_disable_ip+0x33e/0x7e0 net/ipv6/route.c:4914\nCode: 41 80 3c 04 00 74 0a e8 90 d0 9b f7 48 8b 7c 24 08 48 8b 07 48 89 44 24 10 4c 89 f0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df \u003c80\u003e 3c 08 00 74 08 4c 89 f7 e8 64 d0 9b f7 48 8b 44 24 18 49 39 06\nRSP: 0018:ffffc900047374e0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 1ffff1100fdf8f33 RCX: dffffc0000000000\nRDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88807efc78c0\nRBP: ffffc900047375d0 R08: 0000000000000003 R09: fffff520008e6e8c\nR10: dffffc0000000000 R11: fffff520008e6e8c R12: 1ffff1100fdf8f18\nR13: ffff88807efc7998 R14: 0000000000000000 R15: ffff88807efc7930\nFS: 0000000000000000(0000) GS:ffff8880b8900000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020002a80 CR3: 0000000022f62000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n addrconf_ifdown+0x15d/0x1bd0 net/ipv6/addrconf.c:3856\n addrconf_notify+0x3cb/0x1020\n notifier_call_chain+0x19f/0x3e0 kernel/notifier.c:93\n call_netdevice_notifiers_extack net/core/dev.c:2032 [inline]\n call_netdevice_notifiers net/core/dev.c:2046 [inline]\n unregister_netdevice_many_notify+0xd81/0x1c40 net/core/dev.c:11352\n unregister_netdevice_many net/core/dev.c:11414 [inline]\n unregister_netdevice_queue+0x303/0x370 net/core/dev.c:11289\n unregister_netdevice include/linux/netdevice.h:3129 [inline]\n __tun_detach+0x6b9/0x1600 drivers/net/tun.c:685\n tun_detach drivers/net/tun.c:701 [inline]\n tun_chr_close+0x108/0x1b0 drivers/net/tun.c:3510\n __fput+0x24a/0x8a0 fs/file_table.c:422\n task_work_run+0x24f/0x310 kernel/task_work.c:228\n exit_task_work include/linux/task_work.h:40 [inline]\n do_exit+0xa2f/0x27f0 kernel/exit.c:882\n do_group_exit+0x207/0x2c0 kernel/exit.c:1031\n __do_sys_exit_group kernel/exit.c:1042 [inline]\n __se_sys_exit_group kernel/exit.c:1040 [inline]\n __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1040\n x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f1acc77def9\nCode: Unable to access opcode bytes at 0x7f1acc77decf.\nRSP: 002b:00007ffeb26fa738 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1acc77def9\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043\nRBP: 00007f1acc7dd508 R08: 00007ffeb26f84d7 R09: 0000000000000003\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001\nR13: 0000000000000003 R14: 00000000ffffffff R15: 00007ffeb26fa8e0\n \u003c/TASK\u003e\nModules linked in:\n---[ end trace 0000000000000000 ]---\n RIP: 0010:rt6_uncached_list_flush_dev net/ipv6/route.c:177 [inline]\n RIP: 0010:rt6_disable_ip+0x33e/0x7e0 net/ipv6/route.c:4914\nCode: 41 80 3c 04 00 74 0a e8 90 d0 9b f7 48 8b 7c 24 08 48 8b 07 48 89 44 24 10 4c 89 f0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df \u003c80\u003e 3c 08 00 74 08 4c 89 f7 e8 64 d0 9b f7 48 8b 44 24 18 49 39 06\nRSP: 0018:ffffc900047374e0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 1ffff1100fdf8f33 RCX: dffffc0000000000\nRDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88807efc78c0\nR\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47707",
"url": "https://www.suse.com/security/cve/CVE-2024-47707"
},
{
"category": "external",
"summary": "SUSE Bug 1231935 for CVE-2024-47707",
"url": "https://bugzilla.suse.com/1231935"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47707"
},
{
"cve": "CVE-2024-47709",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47709"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: bcm: Clear bo-\u003ebcm_proc_read after remove_proc_entry().\n\nsyzbot reported a warning in bcm_release(). [0]\n\nThe blamed change fixed another warning that is triggered when\nconnect() is issued again for a socket whose connect()ed device has\nbeen unregistered.\n\nHowever, if the socket is just close()d without the 2nd connect(), the\nremaining bo-\u003ebcm_proc_read triggers unnecessary remove_proc_entry()\nin bcm_release().\n\nLet\u0027s clear bo-\u003ebcm_proc_read after remove_proc_entry() in bcm_notify().\n\n[0]\nname \u00274986\u0027\nWARNING: CPU: 0 PID: 5234 at fs/proc/generic.c:711 remove_proc_entry+0x2e7/0x5d0 fs/proc/generic.c:711\nModules linked in:\nCPU: 0 UID: 0 PID: 5234 Comm: syz-executor606 Not tainted 6.11.0-rc5-syzkaller-00178-g5517ae241919 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nRIP: 0010:remove_proc_entry+0x2e7/0x5d0 fs/proc/generic.c:711\nCode: ff eb 05 e8 cb 1e 5e ff 48 8b 5c 24 10 48 c7 c7 e0 f7 aa 8e e8 2a 38 8e 09 90 48 c7 c7 60 3a 1b 8c 48 89 de e8 da 42 20 ff 90 \u003c0f\u003e 0b 90 90 48 8b 44 24 18 48 c7 44 24 40 0e 36 e0 45 49 c7 04 07\nRSP: 0018:ffffc9000345fa20 EFLAGS: 00010246\nRAX: 2a2d0aee2eb64600 RBX: ffff888032f1f548 RCX: ffff888029431e00\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffc9000345fb08 R08: ffffffff8155b2f2 R09: 1ffff1101710519a\nR10: dffffc0000000000 R11: ffffed101710519b R12: ffff888011d38640\nR13: 0000000000000004 R14: 0000000000000000 R15: dffffc0000000000\nFS: 0000000000000000(0000) GS:ffff8880b8800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fcfb52722f0 CR3: 000000000e734000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n bcm_release+0x250/0x880 net/can/bcm.c:1578\n __sock_release net/socket.c:659 [inline]\n sock_close+0xbc/0x240 net/socket.c:1421\n __fput+0x24a/0x8a0 fs/file_table.c:422\n task_work_run+0x24f/0x310 kernel/task_work.c:228\n exit_task_work include/linux/task_work.h:40 [inline]\n do_exit+0xa2f/0x27f0 kernel/exit.c:882\n do_group_exit+0x207/0x2c0 kernel/exit.c:1031\n __do_sys_exit_group kernel/exit.c:1042 [inline]\n __se_sys_exit_group kernel/exit.c:1040 [inline]\n __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1040\n x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fcfb51ee969\nCode: Unable to access opcode bytes at 0x7fcfb51ee93f.\nRSP: 002b:00007ffce0109ca8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fcfb51ee969\nRDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001\nRBP: 00007fcfb526f3b0 R08: ffffffffffffffb8 R09: 0000555500000000\nR10: 0000555500000000 R11: 0000000000000246 R12: 00007fcfb526f3b0\nR13: 0000000000000000 R14: 00007fcfb5271ee0 R15: 00007fcfb51bf160\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47709",
"url": "https://www.suse.com/security/cve/CVE-2024-47709"
},
{
"category": "external",
"summary": "SUSE Bug 1232048 for CVE-2024-47709",
"url": "https://bugzilla.suse.com/1232048"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47709"
},
{
"cve": "CVE-2024-47710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47710"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsock_map: Add a cond_resched() in sock_hash_free()\n\nSeveral syzbot soft lockup reports all have in common sock_hash_free()\n\nIf a map with a large number of buckets is destroyed, we need to yield\nthe cpu when needed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47710",
"url": "https://www.suse.com/security/cve/CVE-2024-47710"
},
{
"category": "external",
"summary": "SUSE Bug 1232049 for CVE-2024-47710",
"url": "https://bugzilla.suse.com/1232049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47710"
},
{
"cve": "CVE-2024-47712",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47712"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param\n\nIn the `wilc_parse_join_bss_param` function, the TSF field of the `ies`\nstructure is accessed after the RCU read-side critical section is\nunlocked. According to RCU usage rules, this is illegal. Reusing this\npointer can lead to unpredictable behavior, including accessing memory\nthat has been updated or causing use-after-free issues.\n\nThis possible bug was identified using a static analysis tool developed\nby myself, specifically designed to detect RCU-related issues.\n\nTo address this, the TSF value is now stored in a local variable\n`ies_tsf` before the RCU lock is released. The `param-\u003etsf_lo` field is\nthen assigned using this local variable, ensuring that the TSF value is\nsafely accessed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47712",
"url": "https://www.suse.com/security/cve/CVE-2024-47712"
},
{
"category": "external",
"summary": "SUSE Bug 1232017 for CVE-2024-47712",
"url": "https://bugzilla.suse.com/1232017"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47712"
},
{
"cve": "CVE-2024-47713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47713"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop()\n\nSince \u0027__dev_queue_xmit()\u0027 should be called with interrupts enabled,\nthe following backtrace:\n\nieee80211_do_stop()\n ...\n spin_lock_irqsave(\u0026local-\u003equeue_stop_reason_lock, flags)\n ...\n ieee80211_free_txskb()\n ieee80211_report_used_skb()\n ieee80211_report_ack_skb()\n cfg80211_mgmt_tx_status_ext()\n nl80211_frame_tx_status()\n genlmsg_multicast_netns()\n genlmsg_multicast_netns_filtered()\n nlmsg_multicast_filtered()\n\t netlink_broadcast_filtered()\n\t do_one_broadcast()\n\t netlink_broadcast_deliver()\n\t __netlink_sendskb()\n\t netlink_deliver_tap()\n\t __netlink_deliver_tap_skb()\n\t dev_queue_xmit()\n\t __dev_queue_xmit() ; with IRQS disabled\n ...\n spin_unlock_irqrestore(\u0026local-\u003equeue_stop_reason_lock, flags)\n\nissues the warning (as reported by syzbot reproducer):\n\nWARNING: CPU: 2 PID: 5128 at kernel/softirq.c:362 __local_bh_enable_ip+0xc3/0x120\n\nFix this by implementing a two-phase skb reclamation in\n\u0027ieee80211_do_stop()\u0027, where actual work is performed\noutside of a section with interrupts disabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47713",
"url": "https://www.suse.com/security/cve/CVE-2024-47713"
},
{
"category": "external",
"summary": "SUSE Bug 1232016 for CVE-2024-47713",
"url": "https://bugzilla.suse.com/1232016"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47713"
},
{
"cve": "CVE-2024-47714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47714"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7996: use hweight16 to get correct tx antenna\n\nThe chainmask is u16 so using hweight8 cannot get correct tx_ant.\nWithout this patch, the tx_ant of band 2 would be -1 and lead to the\nfollowing issue:\nBUG: KASAN: stack-out-of-bounds in mt7996_mcu_add_sta+0x12e0/0x16e0 [mt7996e]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47714",
"url": "https://www.suse.com/security/cve/CVE-2024-47714"
},
{
"category": "external",
"summary": "SUSE Bug 1232018 for CVE-2024-47714",
"url": "https://bugzilla.suse.com/1232018"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47714"
},
{
"cve": "CVE-2024-47715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47715"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7915: fix oops on non-dbdc mt7986\n\nmt7915_band_config() sets band_idx = 1 on the main phy for mt7986\nwith MT7975_ONE_ADIE or MT7976_ONE_ADIE.\n\nCommit 0335c034e726 (\"wifi: mt76: fix race condition related to\nchecking tx queue fill status\") introduced a dereference of the\nphys array indirectly indexed by band_idx via wcid-\u003ephy_idx in\nmt76_wcid_cleanup(). This caused the following Oops on affected\nmt7986 devices:\n\n Unable to handle kernel read from unreadable memory at virtual address 0000000000000024\n Mem abort info:\n ESR = 0x0000000096000005\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x05: level 1 translation fault\n Data abort info:\n ISV = 0, ISS = 0x00000005\n CM = 0, WnR = 0\n user pgtable: 4k pages, 39-bit VAs, pgdp=0000000042545000\n [0000000000000024] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n Internal error: Oops: 0000000096000005 [#1] SMP\n Modules linked in: ... mt7915e mt76_connac_lib mt76 mac80211 cfg80211 ...\n CPU: 2 PID: 1631 Comm: hostapd Not tainted 5.15.150 #0\n Hardware name: ZyXEL EX5700 (Telenor) (DT)\n pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : mt76_wcid_cleanup+0x84/0x22c [mt76]\n lr : mt76_wcid_cleanup+0x64/0x22c [mt76]\n sp : ffffffc00a803700\n x29: ffffffc00a803700 x28: ffffff80008f7300 x27: ffffff80003f3c00\n x26: ffffff80000a7880 x25: ffffffc008c26e00 x24: 0000000000000001\n x23: ffffffc000a68114 x22: 0000000000000000 x21: ffffff8004172cc8\n x20: ffffffc00a803748 x19: ffffff8004152020 x18: 0000000000000000\n x17: 00000000000017c0 x16: ffffffc008ef5000 x15: 0000000000000be0\n x14: ffffff8004172e28 x13: ffffff8004172e28 x12: 0000000000000000\n x11: 0000000000000000 x10: ffffff8004172e30 x9 : ffffff8004172e28\n x8 : 0000000000000000 x7 : ffffff8004156020 x6 : 0000000000000000\n x5 : 0000000000000031 x4 : 0000000000000000 x3 : 0000000000000001\n x2 : 0000000000000000 x1 : ffffff80008f7300 x0 : 0000000000000024\n Call trace:\n mt76_wcid_cleanup+0x84/0x22c [mt76]\n __mt76_sta_remove+0x70/0xbc [mt76]\n mt76_sta_state+0x8c/0x1a4 [mt76]\n mt7915_eeprom_get_power_delta+0x11e4/0x23a0 [mt7915e]\n drv_sta_state+0x144/0x274 [mac80211]\n sta_info_move_state+0x1cc/0x2a4 [mac80211]\n sta_set_sinfo+0xaf8/0xc24 [mac80211]\n sta_info_destroy_addr_bss+0x4c/0x6c [mac80211]\n\n ieee80211_color_change_finish+0x1c08/0x1e70 [mac80211]\n cfg80211_check_station_change+0x1360/0x4710 [cfg80211]\n genl_family_rcv_msg_doit+0xb4/0x110\n genl_rcv_msg+0xd0/0x1bc\n netlink_rcv_skb+0x58/0x120\n genl_rcv+0x34/0x50\n netlink_unicast+0x1f0/0x2ec\n netlink_sendmsg+0x198/0x3d0\n ____sys_sendmsg+0x1b0/0x210\n ___sys_sendmsg+0x80/0xf0\n __sys_sendmsg+0x44/0xa0\n __arm64_sys_sendmsg+0x20/0x30\n invoke_syscall.constprop.0+0x4c/0xe0\n do_el0_svc+0x40/0xd0\n el0_svc+0x14/0x4c\n el0t_64_sync_handler+0x100/0x110\n el0t_64_sync+0x15c/0x160\n Code: d2800002 910092c0 52800023 f9800011 (885f7c01)\n ---[ end trace 7e42dd9a39ed2281 ]---\n\nFix by using mt76_dev_phy() which will map band_idx to the correct phy\nfor all hardware combinations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47715",
"url": "https://www.suse.com/security/cve/CVE-2024-47715"
},
{
"category": "external",
"summary": "SUSE Bug 1231860 for CVE-2024-47715",
"url": "https://bugzilla.suse.com/1231860"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47715"
},
{
"cve": "CVE-2024-47718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: always wait for both firmware loading attempts\n\nIn \u0027rtw_wait_firmware_completion()\u0027, always wait for both (regular and\nwowlan) firmware loading attempts. Otherwise if \u0027rtw_usb_intf_init()\u0027\nhas failed in \u0027rtw_usb_probe()\u0027, \u0027rtw_usb_disconnect()\u0027 may issue\n\u0027ieee80211_free_hw()\u0027 when one of \u0027rtw_load_firmware_cb()\u0027 (usually\nthe wowlan one) is still in progress, causing UAF detected by KASAN.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47718",
"url": "https://www.suse.com/security/cve/CVE-2024-47718"
},
{
"category": "external",
"summary": "SUSE Bug 1232015 for CVE-2024-47718",
"url": "https://bugzilla.suse.com/1232015"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47718"
},
{
"cve": "CVE-2024-47719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47719"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommufd: Protect against overflow of ALIGN() during iova allocation\n\nUserspace can supply an iova and uptr such that the target iova alignment\nbecomes really big and ALIGN() overflows which corrupts the selected area\nrange during allocation. CONFIG_IOMMUFD_TEST can detect this:\n\n WARNING: CPU: 1 PID: 5092 at drivers/iommu/iommufd/io_pagetable.c:268 iopt_alloc_area_pages drivers/iommu/iommufd/io_pagetable.c:268 [inline]\n WARNING: CPU: 1 PID: 5092 at drivers/iommu/iommufd/io_pagetable.c:268 iopt_map_pages+0xf95/0x1050 drivers/iommu/iommufd/io_pagetable.c:352\n Modules linked in:\n CPU: 1 PID: 5092 Comm: syz-executor294 Not tainted 6.10.0-rc5-syzkaller-00294-g3ffea9a7a6f7 #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024\n RIP: 0010:iopt_alloc_area_pages drivers/iommu/iommufd/io_pagetable.c:268 [inline]\n RIP: 0010:iopt_map_pages+0xf95/0x1050 drivers/iommu/iommufd/io_pagetable.c:352\n Code: fc e9 a4 f3 ff ff e8 1a 8b 4c fc 41 be e4 ff ff ff e9 8a f3 ff ff e8 0a 8b 4c fc 90 0f 0b 90 e9 37 f5 ff ff e8 fc 8a 4c fc 90 \u003c0f\u003e 0b 90 e9 68 f3 ff ff 48 c7 c1 ec 82 ad 8f 80 e1 07 80 c1 03 38\n RSP: 0018:ffffc90003ebf9e0 EFLAGS: 00010293\n RAX: ffffffff85499fa4 RBX: 00000000ffffffef RCX: ffff888079b49e00\n RDX: 0000000000000000 RSI: 00000000ffffffef RDI: 0000000000000000\n RBP: ffffc90003ebfc50 R08: ffffffff85499b30 R09: ffffffff85499942\n R10: 0000000000000002 R11: ffff888079b49e00 R12: ffff8880228e0010\n R13: 0000000000000000 R14: 1ffff920007d7f68 R15: ffffc90003ebfd00\n FS: 000055557d760380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00000000005fdeb8 CR3: 000000007404a000 CR4: 00000000003506f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n iommufd_ioas_copy+0x610/0x7b0 drivers/iommu/iommufd/ioas.c:274\n iommufd_fops_ioctl+0x4d9/0x5a0 drivers/iommu/iommufd/main.c:421\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCap the automatic alignment to the huge page size, which is probably a\nbetter idea overall. Huge automatic alignments can fragment and chew up\nthe available IOVA space without any reason.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47719",
"url": "https://www.suse.com/security/cve/CVE-2024-47719"
},
{
"category": "external",
"summary": "SUSE Bug 1231865 for CVE-2024-47719",
"url": "https://bugzilla.suse.com/1231865"
},
{
"category": "external",
"summary": "SUSE Bug 1231866 for CVE-2024-47719",
"url": "https://bugzilla.suse.com/1231866"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-47719"
},
{
"cve": "CVE-2024-47720",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47720"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func\n\nThis commit adds a null check for the set_output_gamma function pointer\nin the dcn30_set_output_transfer_func function. Previously,\nset_output_gamma was being checked for nullity at line 386, but then it\nwas being dereferenced without any nullity check at line 401. This\ncould potentially lead to a null pointer dereference error if\nset_output_gamma is indeed null.\n\nTo fix this, we now ensure that set_output_gamma is not null before\ndereferencing it. We do this by adding a nullity check for\nset_output_gamma before the call to set_output_gamma at line 401. If\nset_output_gamma is null, we log an error message and do not call the\nfunction.\n\nThis fix prevents a potential null pointer dereference error.\n\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:401 dcn30_set_output_transfer_func()\nerror: we previously assumed \u0027mpc-\u003efuncs-\u003eset_output_gamma\u0027 could be null (see line 386)\n\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c\n 373 bool dcn30_set_output_transfer_func(struct dc *dc,\n 374 struct pipe_ctx *pipe_ctx,\n 375 const struct dc_stream_state *stream)\n 376 {\n 377 int mpcc_id = pipe_ctx-\u003eplane_res.hubp-\u003einst;\n 378 struct mpc *mpc = pipe_ctx-\u003estream_res.opp-\u003ectx-\u003edc-\u003eres_pool-\u003empc;\n 379 const struct pwl_params *params = NULL;\n 380 bool ret = false;\n 381\n 382 /* program OGAM or 3DLUT only for the top pipe*/\n 383 if (pipe_ctx-\u003etop_pipe == NULL) {\n 384 /*program rmu shaper and 3dlut in MPC*/\n 385 ret = dcn30_set_mpc_shaper_3dlut(pipe_ctx, stream);\n 386 if (ret == false \u0026\u0026 mpc-\u003efuncs-\u003eset_output_gamma) {\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ If this is NULL\n\n 387 if (stream-\u003eout_transfer_func.type == TF_TYPE_HWPWL)\n 388 params = \u0026stream-\u003eout_transfer_func.pwl;\n 389 else if (pipe_ctx-\u003estream-\u003eout_transfer_func.type ==\n 390 TF_TYPE_DISTRIBUTED_POINTS \u0026\u0026\n 391 cm3_helper_translate_curve_to_hw_format(\n 392 \u0026stream-\u003eout_transfer_func,\n 393 \u0026mpc-\u003eblender_params, false))\n 394 params = \u0026mpc-\u003eblender_params;\n 395 /* there are no ROM LUTs in OUTGAM */\n 396 if (stream-\u003eout_transfer_func.type == TF_TYPE_PREDEFINED)\n 397 BREAK_TO_DEBUGGER();\n 398 }\n 399 }\n 400\n--\u003e 401 mpc-\u003efuncs-\u003eset_output_gamma(mpc, mpcc_id, params);\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Then it will crash\n\n 402 return ret;\n 403 }",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47720",
"url": "https://www.suse.com/security/cve/CVE-2024-47720"
},
{
"category": "external",
"summary": "SUSE Bug 1232043 for CVE-2024-47720",
"url": "https://bugzilla.suse.com/1232043"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47720"
},
{
"cve": "CVE-2024-47723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47723"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix out-of-bounds in dbNextAG() and diAlloc()\n\nIn dbNextAG() , there is no check for the case where bmp-\u003edb_numag is\ngreater or same than MAXAG due to a polluted image, which causes an\nout-of-bounds. Therefore, a bounds check should be added in dbMount().\n\nAnd in dbNextAG(), a check for the case where agpref is greater than\nbmp-\u003edb_numag should be added, so an out-of-bounds exception should be\nprevented.\n\nAdditionally, a check for the case where agno is greater or same than\nMAXAG should be added in diAlloc() to prevent out-of-bounds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47723",
"url": "https://www.suse.com/security/cve/CVE-2024-47723"
},
{
"category": "external",
"summary": "SUSE Bug 1232050 for CVE-2024-47723",
"url": "https://bugzilla.suse.com/1232050"
},
{
"category": "external",
"summary": "SUSE Bug 1232051 for CVE-2024-47723",
"url": "https://bugzilla.suse.com/1232051"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-47723"
},
{
"cve": "CVE-2024-47727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47727"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/tdx: Fix \"in-kernel MMIO\" check\n\nTDX only supports kernel-initiated MMIO operations. The handle_mmio()\nfunction checks if the #VE exception occurred in the kernel and rejects\nthe operation if it did not.\n\nHowever, userspace can deceive the kernel into performing MMIO on its\nbehalf. For example, if userspace can point a syscall to an MMIO address,\nsyscall does get_user() or put_user() on it, triggering MMIO #VE. The\nkernel will treat the #VE as in-kernel MMIO.\n\nEnsure that the target MMIO address is within the kernel before decoding\ninstruction.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47727",
"url": "https://www.suse.com/security/cve/CVE-2024-47727"
},
{
"category": "external",
"summary": "SUSE Bug 1232116 for CVE-2024-47727",
"url": "https://bugzilla.suse.com/1232116"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47727"
},
{
"cve": "CVE-2024-47728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47728"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error\n\nFor all non-tracing helpers which formerly had ARG_PTR_TO_{LONG,INT} as input\narguments, zero the value for the case of an error as otherwise it could leak\nmemory. For tracing, it is not needed given CAP_PERFMON can already read all\nkernel memory anyway hence bpf_get_func_arg() and bpf_get_func_ret() is skipped\nin here.\n\nAlso, the MTU helpers mtu_len pointer value is being written but also read.\nTechnically, the MEM_UNINIT should not be there in order to always force init.\nRemoving MEM_UNINIT needs more verifier rework though: MEM_UNINIT right now\nimplies two things actually: i) write into memory, ii) memory does not have\nto be initialized. If we lift MEM_UNINIT, it then becomes: i) read into memory,\nii) memory must be initialized. This means that for bpf_*_check_mtu() we\u0027re\nreadding the issue we\u0027re trying to fix, that is, it would then be able to\nwrite back into things like .rodata BPF maps. Follow-up work will rework the\nMEM_UNINIT semantics such that the intent can be better expressed. For now\njust clear the *mtu_len on error path which can be lifted later again.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47728",
"url": "https://www.suse.com/security/cve/CVE-2024-47728"
},
{
"category": "external",
"summary": "SUSE Bug 1232076 for CVE-2024-47728",
"url": "https://bugzilla.suse.com/1232076"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47728"
},
{
"cve": "CVE-2024-47730",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47730"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: hisilicon/qm - inject error before stopping queue\n\nThe master ooo cannot be completely closed when the\naccelerator core reports memory error. Therefore, the driver\nneeds to inject the qm error to close the master ooo. Currently,\nthe qm error is injected after stopping queue, memory may be\nreleased immediately after stopping queue, causing the device to\naccess the released memory. Therefore, error is injected to close master\nooo before stopping queue to ensure that the device does not access\nthe released memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47730",
"url": "https://www.suse.com/security/cve/CVE-2024-47730"
},
{
"category": "external",
"summary": "SUSE Bug 1232075 for CVE-2024-47730",
"url": "https://bugzilla.suse.com/1232075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47730"
},
{
"cve": "CVE-2024-47731",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47731"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/perf: Fix ali_drw_pmu driver interrupt status clearing\n\nThe alibaba_uncore_pmu driver forgot to clear all interrupt status\nin the interrupt processing function. After the PMU counter overflow\ninterrupt occurred, an interrupt storm occurred, causing the system\nto hang.\n\nTherefore, clear the correct interrupt status in the interrupt handling\nfunction to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47731",
"url": "https://www.suse.com/security/cve/CVE-2024-47731"
},
{
"category": "external",
"summary": "SUSE Bug 1232117 for CVE-2024-47731",
"url": "https://bugzilla.suse.com/1232117"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47731"
},
{
"cve": "CVE-2024-47732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47732"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: iaa - Fix potential use after free bug\n\nThe free_device_compression_mode(iaa_device, device_mode) function frees\n\"device_mode\" but it iss passed to iaa_compression_modes[i]-\u003efree() a few\nlines later resulting in a use after free.\n\nThe good news is that, so far as I can tell, nothing implements the\n-\u003efree() function and the use after free happens in dead code. But, with\nthis fix, when something does implement it, we\u0027ll be ready. :)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47732",
"url": "https://www.suse.com/security/cve/CVE-2024-47732"
},
{
"category": "external",
"summary": "SUSE Bug 1232109 for CVE-2024-47732",
"url": "https://bugzilla.suse.com/1232109"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47732"
},
{
"cve": "CVE-2024-47735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47735"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled\n\nFix missuse of spin_lock_irq()/spin_unlock_irq() when\nspin_lock_irqsave()/spin_lock_irqrestore() was hold.\n\nThis was discovered through the lock debugging, and the corresponding\nlog is as follows:\n\nraw_local_irq_restore() called with IRQs enabled\nWARNING: CPU: 96 PID: 2074 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x30/0x40\n...\nCall trace:\n warn_bogus_irq_restore+0x30/0x40\n _raw_spin_unlock_irqrestore+0x84/0xc8\n add_qp_to_list+0x11c/0x148 [hns_roce_hw_v2]\n hns_roce_create_qp_common.constprop.0+0x240/0x780 [hns_roce_hw_v2]\n hns_roce_create_qp+0x98/0x160 [hns_roce_hw_v2]\n create_qp+0x138/0x258\n ib_create_qp_kernel+0x50/0xe8\n create_mad_qp+0xa8/0x128\n ib_mad_port_open+0x218/0x448\n ib_mad_init_device+0x70/0x1f8\n add_client_context+0xfc/0x220\n enable_device_and_get+0xd0/0x140\n ib_register_device.part.0+0xf4/0x1c8\n ib_register_device+0x34/0x50\n hns_roce_register_device+0x174/0x3d0 [hns_roce_hw_v2]\n hns_roce_init+0xfc/0x2c0 [hns_roce_hw_v2]\n __hns_roce_hw_v2_init_instance+0x7c/0x1d0 [hns_roce_hw_v2]\n hns_roce_hw_v2_init_instance+0x9c/0x180 [hns_roce_hw_v2]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47735",
"url": "https://www.suse.com/security/cve/CVE-2024-47735"
},
{
"category": "external",
"summary": "SUSE Bug 1232111 for CVE-2024-47735",
"url": "https://bugzilla.suse.com/1232111"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47735"
},
{
"cve": "CVE-2024-47737",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47737"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: call cache_put if xdr_reserve_space returns NULL\n\nIf not enough buffer space available, but idmap_lookup has triggered\nlookup_fn which calls cache_get and returns successfully. Then we\nmissed to call cache_put here which pairs with cache_get.\n\nReviwed-by: Jeff Layton \u003cjlayton@kernel.org\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47737",
"url": "https://www.suse.com/security/cve/CVE-2024-47737"
},
{
"category": "external",
"summary": "SUSE Bug 1232056 for CVE-2024-47737",
"url": "https://bugzilla.suse.com/1232056"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47737"
},
{
"cve": "CVE-2024-47738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47738"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: don\u0027t use rate mask for offchannel TX either\n\nLike the commit ab9177d83c04 (\"wifi: mac80211: don\u0027t use rate mask for\nscanning\"), ignore incorrect settings to avoid no supported rate warning\nreported by syzbot.\n\nThe syzbot did bisect and found cause is commit 9df66d5b9f45 (\"cfg80211:\nfix default HE tx bitrate mask in 2G band\"), which however corrects\nbitmask of HE MCS and recognizes correctly settings of empty legacy rate\nplus HE MCS rate instead of returning -EINVAL.\n\nAs suggestions [1], follow the change of SCAN TX to consider this case of\noffchannel TX as well.\n\n[1] https://lore.kernel.org/linux-wireless/6ab2dc9c3afe753ca6fdcdd1421e7a1f47e87b84.camel@sipsolutions.net/T/#m2ac2a6d2be06a37c9c47a3d8a44b4f647ed4f024",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47738",
"url": "https://www.suse.com/security/cve/CVE-2024-47738"
},
{
"category": "external",
"summary": "SUSE Bug 1232114 for CVE-2024-47738",
"url": "https://bugzilla.suse.com/1232114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47738"
},
{
"cve": "CVE-2024-47739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47739"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npadata: use integer wrap around to prevent deadlock on seq_nr overflow\n\nWhen submitting more than 2^32 padata objects to padata_do_serial, the\ncurrent sorting implementation incorrectly sorts padata objects with\noverflowed seq_nr, causing them to be placed before existing objects in\nthe reorder list. This leads to a deadlock in the serialization process\nas padata_find_next cannot match padata-\u003eseq_nr and pd-\u003eprocessed\nbecause the padata instance with overflowed seq_nr will be selected\nnext.\n\nTo fix this, we use an unsigned integer wrap around to correctly sort\npadata objects in scenarios with integer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47739",
"url": "https://www.suse.com/security/cve/CVE-2024-47739"
},
{
"category": "external",
"summary": "SUSE Bug 1232124 for CVE-2024-47739",
"url": "https://bugzilla.suse.com/1232124"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47739"
},
{
"cve": "CVE-2024-47741",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47741"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix race setting file private on concurrent lseek using same fd\n\nWhen doing concurrent lseek(2) system calls against the same file\ndescriptor, using multiple threads belonging to the same process, we have\na short time window where a race happens and can result in a memory leak.\n\nThe race happens like this:\n\n1) A program opens a file descriptor for a file and then spawns two\n threads (with the pthreads library for example), lets call them\n task A and task B;\n\n2) Task A calls lseek with SEEK_DATA or SEEK_HOLE and ends up at\n file.c:find_desired_extent() while holding a read lock on the inode;\n\n3) At the start of find_desired_extent(), it extracts the file\u0027s\n private_data pointer into a local variable named \u0027private\u0027, which has\n a value of NULL;\n\n4) Task B also calls lseek with SEEK_DATA or SEEK_HOLE, locks the inode\n in shared mode and enters file.c:find_desired_extent(), where it also\n extracts file-\u003eprivate_data into its local variable \u0027private\u0027, which\n has a NULL value;\n\n5) Because it saw a NULL file private, task A allocates a private\n structure and assigns to the file structure;\n\n6) Task B also saw a NULL file private so it also allocates its own file\n private and then assigns it to the same file structure, since both\n tasks are using the same file descriptor.\n\n At this point we leak the private structure allocated by task A.\n\nBesides the memory leak, there\u0027s also the detail that both tasks end up\nusing the same cached state record in the private structure (struct\nbtrfs_file_private::llseek_cached_state), which can result in a\nuse-after-free problem since one task can free it while the other is\nstill using it (only one task took a reference count on it). Also, sharing\nthe cached state is not a good idea since it could result in incorrect\nresults in the future - right now it should not be a problem because it\nend ups being used only in extent-io-tree.c:count_range_bits() where we do\nrange validation before using the cached state.\n\nFix this by protecting the private assignment and check of a file while\nholding the inode\u0027s spinlock and keep track of the task that allocated\nthe private, so that it\u0027s used only by that task in order to prevent\nuser-after-free issues with the cached state record as well as potentially\nusing it incorrectly in the future.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47741",
"url": "https://www.suse.com/security/cve/CVE-2024-47741"
},
{
"category": "external",
"summary": "SUSE Bug 1231869 for CVE-2024-47741",
"url": "https://bugzilla.suse.com/1231869"
},
{
"category": "external",
"summary": "SUSE Bug 1231870 for CVE-2024-47741",
"url": "https://bugzilla.suse.com/1231870"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-47741"
},
{
"cve": "CVE-2024-47742",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47742"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware_loader: Block path traversal\n\nMost firmware names are hardcoded strings, or are constructed from fairly\nconstrained format strings where the dynamic parts are just some hex\nnumbers or such.\n\nHowever, there are a couple codepaths in the kernel where firmware file\nnames contain string components that are passed through from a device or\nsemi-privileged userspace; the ones I could find (not counting interfaces\nthat require root privileges) are:\n\n - lpfc_sli4_request_firmware_update() seems to construct the firmware\n filename from \"ModelName\", a string that was previously parsed out of\n some descriptor (\"Vital Product Data\") in lpfc_fill_vpd()\n - nfp_net_fw_find() seems to construct a firmware filename from a model\n name coming from nfp_hwinfo_lookup(pf-\u003ehwinfo, \"nffw.partno\"), which I\n think parses some descriptor that was read from the device.\n (But this case likely isn\u0027t exploitable because the format string looks\n like \"netronome/nic_%s\", and there shouldn\u0027t be any *folders* starting\n with \"netronome/nic_\". The previous case was different because there,\n the \"%s\" is *at the start* of the format string.)\n - module_flash_fw_schedule() is reachable from the\n ETHTOOL_MSG_MODULE_FW_FLASH_ACT netlink command, which is marked as\n GENL_UNS_ADMIN_PERM (meaning CAP_NET_ADMIN inside a user namespace is\n enough to pass the privilege check), and takes a userspace-provided\n firmware name.\n (But I think to reach this case, you need to have CAP_NET_ADMIN over a\n network namespace that a special kind of ethernet device is mapped into,\n so I think this is not a viable attack path in practice.)\n\nFix it by rejecting any firmware names containing \"..\" path components.\n\nFor what it\u0027s worth, I went looking and haven\u0027t found any USB device\ndrivers that use the firmware loader dangerously.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47742",
"url": "https://www.suse.com/security/cve/CVE-2024-47742"
},
{
"category": "external",
"summary": "SUSE Bug 1232126 for CVE-2024-47742",
"url": "https://bugzilla.suse.com/1232126"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47742"
},
{
"cve": "CVE-2024-47743",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47743"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKEYS: prevent NULL pointer dereference in find_asymmetric_key()\n\nIn find_asymmetric_key(), if all NULLs are passed in the id_{0,1,2}\narguments, the kernel will first emit WARN but then have an oops\nbecause id_2 gets dereferenced anyway.\n\nAdd the missing id_2 check and move WARN_ON() to the final else branch\nto avoid duplicate NULL checks.\n\nFound by Linux Verification Center (linuxtesting.org) with Svace static\nanalysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47743",
"url": "https://www.suse.com/security/cve/CVE-2024-47743"
},
{
"category": "external",
"summary": "SUSE Bug 1232129 for CVE-2024-47743",
"url": "https://bugzilla.suse.com/1232129"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47743"
},
{
"cve": "CVE-2024-47744",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47744"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock\n\nUse a dedicated mutex to guard kvm_usage_count to fix a potential deadlock\non x86 due to a chain of locks and SRCU synchronizations. Translating the\nbelow lockdep splat, CPU1 #6 will wait on CPU0 #1, CPU0 #8 will wait on\nCPU2 #3, and CPU2 #7 will wait on CPU1 #4 (if there\u0027s a writer, due to the\nfairness of r/w semaphores).\n\n CPU0 CPU1 CPU2\n1 lock(\u0026kvm-\u003eslots_lock);\n2 lock(\u0026vcpu-\u003emutex);\n3 lock(\u0026kvm-\u003esrcu);\n4 lock(cpu_hotplug_lock);\n5 lock(kvm_lock);\n6 lock(\u0026kvm-\u003eslots_lock);\n7 lock(cpu_hotplug_lock);\n8 sync(\u0026kvm-\u003esrcu);\n\nNote, there are likely more potential deadlocks in KVM x86, e.g. the same\npattern of taking cpu_hotplug_lock outside of kvm_lock likely exists with\n__kvmclock_cpufreq_notifier():\n\n cpuhp_cpufreq_online()\n |\n -\u003e cpufreq_online()\n |\n -\u003e cpufreq_gov_performance_limits()\n |\n -\u003e __cpufreq_driver_target()\n |\n -\u003e __target_index()\n |\n -\u003e cpufreq_freq_transition_begin()\n |\n -\u003e cpufreq_notify_transition()\n |\n -\u003e ... __kvmclock_cpufreq_notifier()\n\nBut, actually triggering such deadlocks is beyond rare due to the\ncombination of dependencies and timings involved. E.g. the cpufreq\nnotifier is only used on older CPUs without a constant TSC, mucking with\nthe NX hugepage mitigation while VMs are running is very uncommon, and\ndoing so while also onlining/offlining a CPU (necessary to generate\ncontention on cpu_hotplug_lock) would be even more unusual.\n\nThe most robust solution to the general cpu_hotplug_lock issue is likely\nto switch vm_list to be an RCU-protected list, e.g. so that x86\u0027s cpufreq\nnotifier doesn\u0027t to take kvm_lock. For now, settle for fixing the most\nblatant deadlock, as switching to an RCU-protected list is a much more\ninvolved change, but add a comment in locking.rst to call out that care\nneeds to be taken when walking holding kvm_lock and walking vm_list.\n\n ======================================================\n WARNING: possible circular locking dependency detected\n 6.10.0-smp--c257535a0c9d-pip #330 Tainted: G S O\n ------------------------------------------------------\n tee/35048 is trying to acquire lock:\n ff6a80eced71e0a8 (\u0026kvm-\u003eslots_lock){+.+.}-{3:3}, at: set_nx_huge_pages+0x179/0x1e0 [kvm]\n\n but task is already holding lock:\n ffffffffc07abb08 (kvm_lock){+.+.}-{3:3}, at: set_nx_huge_pages+0x14a/0x1e0 [kvm]\n\n which lock already depends on the new lock.\n\n the existing dependency chain (in reverse order) is:\n\n -\u003e #3 (kvm_lock){+.+.}-{3:3}:\n __mutex_lock+0x6a/0xb40\n mutex_lock_nested+0x1f/0x30\n kvm_dev_ioctl+0x4fb/0xe50 [kvm]\n __se_sys_ioctl+0x7b/0xd0\n __x64_sys_ioctl+0x21/0x30\n x64_sys_call+0x15d0/0x2e60\n do_syscall_64+0x83/0x160\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n -\u003e #2 (cpu_hotplug_lock){++++}-{0:0}:\n cpus_read_lock+0x2e/0xb0\n static_key_slow_inc+0x16/0x30\n kvm_lapic_set_base+0x6a/0x1c0 [kvm]\n kvm_set_apic_base+0x8f/0xe0 [kvm]\n kvm_set_msr_common+0x9ae/0xf80 [kvm]\n vmx_set_msr+0xa54/0xbe0 [kvm_intel]\n __kvm_set_msr+0xb6/0x1a0 [kvm]\n kvm_arch_vcpu_ioctl+0xeca/0x10c0 [kvm]\n kvm_vcpu_ioctl+0x485/0x5b0 [kvm]\n __se_sys_ioctl+0x7b/0xd0\n __x64_sys_ioctl+0x21/0x30\n x64_sys_call+0x15d0/0x2e60\n do_syscall_64+0x83/0x160\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n -\u003e #1 (\u0026kvm-\u003esrcu){.+.+}-{0:0}:\n __synchronize_srcu+0x44/0x1a0\n \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47744",
"url": "https://www.suse.com/security/cve/CVE-2024-47744"
},
{
"category": "external",
"summary": "SUSE Bug 1232132 for CVE-2024-47744",
"url": "https://bugzilla.suse.com/1232132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47744"
},
{
"cve": "CVE-2024-47745",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47745"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: call the security_mmap_file() LSM hook in remap_file_pages()\n\nThe remap_file_pages syscall handler calls do_mmap() directly, which\ndoesn\u0027t contain the LSM security check. And if the process has called\npersonality(READ_IMPLIES_EXEC) before and remap_file_pages() is called for\nRW pages, this will actually result in remapping the pages to RWX,\nbypassing a W^X policy enforced by SELinux.\n\nSo we should check prot by security_mmap_file LSM hook in the\nremap_file_pages syscall handler before do_mmap() is called. Otherwise, it\npotentially permits an attacker to bypass a W^X policy enforced by\nSELinux.\n\nThe bypass is similar to CVE-2016-10044, which bypass the same thing via\nAIO and can be found in [1].\n\nThe PoC:\n\n$ cat \u003e test.c\n\nint main(void) {\n\tsize_t pagesz = sysconf(_SC_PAGE_SIZE);\n\tint mfd = syscall(SYS_memfd_create, \"test\", 0);\n\tconst char *buf = mmap(NULL, 4 * pagesz, PROT_READ | PROT_WRITE,\n\t\tMAP_SHARED, mfd, 0);\n\tunsigned int old = syscall(SYS_personality, 0xffffffff);\n\tsyscall(SYS_personality, READ_IMPLIES_EXEC | old);\n\tsyscall(SYS_remap_file_pages, buf, pagesz, 0, 2, 0);\n\tsyscall(SYS_personality, old);\n\t// show the RWX page exists even if W^X policy is enforced\n\tint fd = open(\"/proc/self/maps\", O_RDONLY);\n\tunsigned char buf2[1024];\n\twhile (1) {\n\t\tint ret = read(fd, buf2, 1024);\n\t\tif (ret \u003c= 0) break;\n\t\twrite(1, buf2, ret);\n\t}\n\tclose(fd);\n}\n\n$ gcc test.c -o test\n$ ./test | grep rwx\n7f1836c34000-7f1836c35000 rwxs 00002000 00:01 2050 /memfd:test (deleted)\n\n[PM: subject line tweaks]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47745",
"url": "https://www.suse.com/security/cve/CVE-2024-47745"
},
{
"category": "external",
"summary": "SUSE Bug 1232135 for CVE-2024-47745",
"url": "https://bugzilla.suse.com/1232135"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47745"
},
{
"cve": "CVE-2024-47747",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47747"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition\n\nIn the ether3_probe function, a timer is initialized with a callback\nfunction ether3_ledoff, bound to \u0026prev(dev)-\u003etimer. Once the timer is\nstarted, there is a risk of a race condition if the module or device\nis removed, triggering the ether3_remove function to perform cleanup.\nThe sequence of operations that may lead to a UAF bug is as follows:\n\nCPU0 CPU1\n\n | ether3_ledoff\nether3_remove |\n free_netdev(dev); |\n put_devic |\n kfree(dev); |\n | ether3_outw(priv(dev)-\u003eregs.config2 |= CFG2_CTRLO, REG_CONFIG2);\n | // use dev\n\nFix it by ensuring that the timer is canceled before proceeding with\nthe cleanup in ether3_remove.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47747",
"url": "https://www.suse.com/security/cve/CVE-2024-47747"
},
{
"category": "external",
"summary": "SUSE Bug 1232145 for CVE-2024-47747",
"url": "https://bugzilla.suse.com/1232145"
},
{
"category": "external",
"summary": "SUSE Bug 1232146 for CVE-2024-47747",
"url": "https://bugzilla.suse.com/1232146"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-47747"
},
{
"cve": "CVE-2024-47748",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47748"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost_vdpa: assign irq bypass producer token correctly\n\nWe used to call irq_bypass_unregister_producer() in\nvhost_vdpa_setup_vq_irq() which is problematic as we don\u0027t know if the\ntoken pointer is still valid or not.\n\nActually, we use the eventfd_ctx as the token so the life cycle of the\ntoken should be bound to the VHOST_SET_VRING_CALL instead of\nvhost_vdpa_setup_vq_irq() which could be called by set_status().\n\nFixing this by setting up irq bypass producer\u0027s token when handling\nVHOST_SET_VRING_CALL and un-registering the producer before calling\nvhost_vring_ioctl() to prevent a possible use after free as eventfd\ncould have been released in vhost_vring_ioctl(). And such registering\nand unregistering will only be done if DRIVER_OK is set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47748",
"url": "https://www.suse.com/security/cve/CVE-2024-47748"
},
{
"category": "external",
"summary": "SUSE Bug 1232174 for CVE-2024-47748",
"url": "https://bugzilla.suse.com/1232174"
},
{
"category": "external",
"summary": "SUSE Bug 1232177 for CVE-2024-47748",
"url": "https://bugzilla.suse.com/1232177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-47748"
},
{
"cve": "CVE-2024-47749",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47749"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/cxgb4: Added NULL check for lookup_atid\n\nThe lookup_atid() function can return NULL if the ATID is\ninvalid or does not exist in the identifier table, which\ncould lead to dereferencing a null pointer without a\ncheck in the `act_establish()` and `act_open_rpl()` functions.\nAdd a NULL check to prevent null pointer dereferencing.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47749",
"url": "https://www.suse.com/security/cve/CVE-2024-47749"
},
{
"category": "external",
"summary": "SUSE Bug 1232180 for CVE-2024-47749",
"url": "https://bugzilla.suse.com/1232180"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47749"
},
{
"cve": "CVE-2024-47750",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47750"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix Use-After-Free of rsv_qp on HIP08\n\nCurrently rsv_qp is freed before ib_unregister_device() is called\non HIP08. During the time interval, users can still dereg MR and\nrsv_qp will be used in this process, leading to a UAF. Move the\nrelease of rsv_qp after calling ib_unregister_device() to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47750",
"url": "https://www.suse.com/security/cve/CVE-2024-47750"
},
{
"category": "external",
"summary": "SUSE Bug 1232182 for CVE-2024-47750",
"url": "https://bugzilla.suse.com/1232182"
},
{
"category": "external",
"summary": "SUSE Bug 1232829 for CVE-2024-47750",
"url": "https://bugzilla.suse.com/1232829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-47750"
},
{
"cve": "CVE-2024-47751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47751"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: kirin: Fix buffer overflow in kirin_pcie_parse_port()\n\nWithin kirin_pcie_parse_port(), the pcie-\u003enum_slots is compared to\npcie-\u003egpio_id_reset size (MAX_PCI_SLOTS) which is correct and would lead\nto an overflow.\n\nThus, fix condition to pcie-\u003enum_slots + 1 \u003e= MAX_PCI_SLOTS and move\npcie-\u003enum_slots increment below the if-statement to avoid out-of-bounds\narray access.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[kwilczynski: commit log]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47751",
"url": "https://www.suse.com/security/cve/CVE-2024-47751"
},
{
"category": "external",
"summary": "SUSE Bug 1232127 for CVE-2024-47751",
"url": "https://bugzilla.suse.com/1232127"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47751"
},
{
"cve": "CVE-2024-47752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47752"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Fix H264 stateless decoder smatch warning\n\nFix a smatch static checker warning on vdec_h264_req_if.c.\nWhich leads to a kernel crash when fb is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47752",
"url": "https://www.suse.com/security/cve/CVE-2024-47752"
},
{
"category": "external",
"summary": "SUSE Bug 1232130 for CVE-2024-47752",
"url": "https://bugzilla.suse.com/1232130"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47752"
},
{
"cve": "CVE-2024-47753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47753"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Fix VP8 stateless decoder smatch warning\n\nFix a smatch static checker warning on vdec_vp8_req_if.c.\nWhich leads to a kernel crash when fb is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47753",
"url": "https://www.suse.com/security/cve/CVE-2024-47753"
},
{
"category": "external",
"summary": "SUSE Bug 1231868 for CVE-2024-47753",
"url": "https://bugzilla.suse.com/1231868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47753"
},
{
"cve": "CVE-2024-47754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47754"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning\n\nFix a smatch static checker warning on vdec_h264_req_multi_if.c.\nWhich leads to a kernel crash when fb is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47754",
"url": "https://www.suse.com/security/cve/CVE-2024-47754"
},
{
"category": "external",
"summary": "SUSE Bug 1232131 for CVE-2024-47754",
"url": "https://bugzilla.suse.com/1232131"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47754"
},
{
"cve": "CVE-2024-47756",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47756"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: keystone: Fix if-statement expression in ks_pcie_quirk()\n\nThis code accidentally uses \u0026\u0026 where || was intended. It potentially\nresults in a NULL dereference.\n\nThus, fix the if-statement expression to use the correct condition.\n\n[kwilczynski: commit log]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47756",
"url": "https://www.suse.com/security/cve/CVE-2024-47756"
},
{
"category": "external",
"summary": "SUSE Bug 1232185 for CVE-2024-47756",
"url": "https://bugzilla.suse.com/1232185"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-47756"
},
{
"cve": "CVE-2024-47757",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47757"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential oob read in nilfs_btree_check_delete()\n\nThe function nilfs_btree_check_delete(), which checks whether degeneration\nto direct mapping occurs before deleting a b-tree entry, causes memory\naccess outside the block buffer when retrieving the maximum key if the\nroot node has no entries.\n\nThis does not usually happen because b-tree mappings with 0 child nodes\nare never created by mkfs.nilfs2 or nilfs2 itself. However, it can happen\nif the b-tree root node read from a device is configured that way, so fix\nthis potential issue by adding a check for that case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47757",
"url": "https://www.suse.com/security/cve/CVE-2024-47757"
},
{
"category": "external",
"summary": "SUSE Bug 1232187 for CVE-2024-47757",
"url": "https://bugzilla.suse.com/1232187"
},
{
"category": "external",
"summary": "SUSE Bug 1232188 for CVE-2024-47757",
"url": "https://bugzilla.suse.com/1232188"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-47757"
},
{
"cve": "CVE-2024-49850",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49850"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos\n\nIn case of malformed relocation record of kind BPF_CORE_TYPE_ID_LOCAL\nreferencing a non-existing BTF type, function bpf_core_calc_relo_insn\nwould cause a null pointer deference.\n\nFix this by adding a proper check upper in call stack, as malformed\nrelocation records could be passed from user space.\n\nSimplest reproducer is a program:\n\n r0 = 0\n exit\n\nWith a single relocation record:\n\n .insn_off = 0, /* patch first instruction */\n .type_id = 100500, /* this type id does not exist */\n .access_str_off = 6, /* offset of string \"0\" */\n .kind = BPF_CORE_TYPE_ID_LOCAL,\n\nSee the link for original reproducer or next commit for a test case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49850",
"url": "https://www.suse.com/security/cve/CVE-2024-49850"
},
{
"category": "external",
"summary": "SUSE Bug 1232189 for CVE-2024-49850",
"url": "https://bugzilla.suse.com/1232189"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49850"
},
{
"cve": "CVE-2024-49851",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49851"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: Clean up TPM space after command failure\n\ntpm_dev_transmit prepares the TPM space before attempting command\ntransmission. However if the command fails no rollback of this\npreparation is done. This can result in transient handles being leaked\nif the device is subsequently closed with no further commands performed.\n\nFix this by flushing the space in the event of command transmission\nfailure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49851",
"url": "https://www.suse.com/security/cve/CVE-2024-49851"
},
{
"category": "external",
"summary": "SUSE Bug 1232134 for CVE-2024-49851",
"url": "https://bugzilla.suse.com/1232134"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49851"
},
{
"cve": "CVE-2024-49852",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49852"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: elx: libefc: Fix potential use after free in efc_nport_vport_del()\n\nThe kref_put() function will call nport-\u003erelease if the refcount drops to\nzero. The nport-\u003erelease release function is _efc_nport_free() which frees\n\"nport\". But then we dereference \"nport\" on the next line which is a use\nafter free. Re-order these lines to avoid the use after free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49852",
"url": "https://www.suse.com/security/cve/CVE-2024-49852"
},
{
"category": "external",
"summary": "SUSE Bug 1232819 for CVE-2024-49852",
"url": "https://bugzilla.suse.com/1232819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49852"
},
{
"cve": "CVE-2024-49853",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49853"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_scmi: Fix double free in OPTEE transport\n\nChannels can be shared between protocols, avoid freeing the same channel\ndescriptors twice when unloading the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49853",
"url": "https://www.suse.com/security/cve/CVE-2024-49853"
},
{
"category": "external",
"summary": "SUSE Bug 1232192 for CVE-2024-49853",
"url": "https://bugzilla.suse.com/1232192"
},
{
"category": "external",
"summary": "SUSE Bug 1232828 for CVE-2024-49853",
"url": "https://bugzilla.suse.com/1232828"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-49853"
},
{
"cve": "CVE-2024-49855",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49855"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: fix race between timeout and normal completion\n\nIf request timetout is handled by nbd_requeue_cmd(), normal completion\nhas to be stopped for avoiding to complete this requeued request, other\nuse-after-free can be triggered.\n\nFix the race by clearing NBD_CMD_INFLIGHT in nbd_requeue_cmd(), meantime\nmake sure that cmd-\u003elock is grabbed for clearing the flag and the\nrequeue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49855",
"url": "https://www.suse.com/security/cve/CVE-2024-49855"
},
{
"category": "external",
"summary": "SUSE Bug 1232195 for CVE-2024-49855",
"url": "https://bugzilla.suse.com/1232195"
},
{
"category": "external",
"summary": "SUSE Bug 1232900 for CVE-2024-49855",
"url": "https://bugzilla.suse.com/1232900"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-49855"
},
{
"cve": "CVE-2024-49858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49858"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nefistub/tpm: Use ACPI reclaim memory for event log to avoid corruption\n\nThe TPM event log table is a Linux specific construct, where the data\nproduced by the GetEventLog() boot service is cached in memory, and\npassed on to the OS using an EFI configuration table.\n\nThe use of EFI_LOADER_DATA here results in the region being left\nunreserved in the E820 memory map constructed by the EFI stub, and this\nis the memory description that is passed on to the incoming kernel by\nkexec, which is therefore unaware that the region should be reserved.\n\nEven though the utility of the TPM2 event log after a kexec is\nquestionable, any corruption might send the parsing code off into the\nweeds and crash the kernel. So let\u0027s use EFI_ACPI_RECLAIM_MEMORY\ninstead, which is always treated as reserved by the E820 conversion\nlogic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49858",
"url": "https://www.suse.com/security/cve/CVE-2024-49858"
},
{
"category": "external",
"summary": "SUSE Bug 1232251 for CVE-2024-49858",
"url": "https://bugzilla.suse.com/1232251"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49858"
},
{
"cve": "CVE-2024-49860",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49860"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: sysfs: validate return type of _STR method\n\nOnly buffer objects are valid return values of _STR.\n\nIf something else is returned description_show() will access invalid\nmemory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49860",
"url": "https://www.suse.com/security/cve/CVE-2024-49860"
},
{
"category": "external",
"summary": "SUSE Bug 1231861 for CVE-2024-49860",
"url": "https://bugzilla.suse.com/1231861"
},
{
"category": "external",
"summary": "SUSE Bug 1231862 for CVE-2024-49860",
"url": "https://bugzilla.suse.com/1231862"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-49860"
},
{
"cve": "CVE-2024-49861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49861"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix helper writes to read-only maps\n\nLonial found an issue that despite user- and BPF-side frozen BPF map\n(like in case of .rodata), it was still possible to write into it from\na BPF program side through specific helpers having ARG_PTR_TO_{LONG,INT}\nas arguments.\n\nIn check_func_arg() when the argument is as mentioned, the meta-\u003eraw_mode\nis never set. Later, check_helper_mem_access(), under the case of\nPTR_TO_MAP_VALUE as register base type, it assumes BPF_READ for the\nsubsequent call to check_map_access_type() and given the BPF map is\nread-only it succeeds.\n\nThe helpers really need to be annotated as ARG_PTR_TO_{LONG,INT} | MEM_UNINIT\nwhen results are written into them as opposed to read out of them. The\nlatter indicates that it\u0027s okay to pass a pointer to uninitialized memory\nas the memory is written to anyway.\n\nHowever, ARG_PTR_TO_{LONG,INT} is a special case of ARG_PTR_TO_FIXED_SIZE_MEM\njust with additional alignment requirement. So it is better to just get\nrid of the ARG_PTR_TO_{LONG,INT} special cases altogether and reuse the\nfixed size memory types. For this, add MEM_ALIGNED to additionally ensure\nalignment given these helpers write directly into the args via *\u003cptr\u003e = val.\nThe .arg*_size has been initialized reflecting the actual sizeof(*\u003cptr\u003e).\n\nMEM_ALIGNED can only be used in combination with MEM_FIXED_SIZE annotated\nargument types, since in !MEM_FIXED_SIZE cases the verifier does not know\nthe buffer size a priori and therefore cannot blindly write *\u003cptr\u003e = val.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49861",
"url": "https://www.suse.com/security/cve/CVE-2024-49861"
},
{
"category": "external",
"summary": "SUSE Bug 1232254 for CVE-2024-49861",
"url": "https://bugzilla.suse.com/1232254"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49861"
},
{
"cve": "CVE-2024-49862",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49862"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowercap: intel_rapl: Fix off by one in get_rpi()\n\nThe rp-\u003epriv-\u003erpi array is either rpi_msr or rpi_tpmi which have\nNR_RAPL_PRIMITIVES number of elements. Thus the \u003e needs to be \u003e=\nto prevent an off by one access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49862",
"url": "https://www.suse.com/security/cve/CVE-2024-49862"
},
{
"category": "external",
"summary": "SUSE Bug 1231871 for CVE-2024-49862",
"url": "https://bugzilla.suse.com/1231871"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49862"
},
{
"cve": "CVE-2024-49863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49863"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost/scsi: null-ptr-dereference in vhost_scsi_get_req()\n\nSince commit 3f8ca2e115e5 (\"vhost/scsi: Extract common handling code\nfrom control queue handler\") a null pointer dereference bug can be\ntriggered when guest sends an SCSI AN request.\n\nIn vhost_scsi_ctl_handle_vq(), `vc.target` is assigned with\n`\u0026v_req.tmf.lun[1]` within a switch-case block and is then passed to\nvhost_scsi_get_req() which extracts `vc-\u003ereq` and `tpg`. However, for\na `VIRTIO_SCSI_T_AN_*` request, tpg is not required, so `vc.target` is\nset to NULL in this branch. Later, in vhost_scsi_get_req(),\n`vc-\u003etarget` is dereferenced without being checked, leading to a null\npointer dereference bug. This bug can be triggered from guest.\n\nWhen this bug occurs, the vhost_worker process is killed while holding\n`vq-\u003emutex` and the corresponding tpg will remain occupied\nindefinitely.\n\nBelow is the KASAN report:\nOops: general protection fault, probably for non-canonical address\n0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 1 PID: 840 Comm: poc Not tainted 6.10.0+ #1\nHardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS\n1.16.3-debian-1.16.3-2 04/01/2014\nRIP: 0010:vhost_scsi_get_req+0x165/0x3a0\nCode: 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 2b 02 00 00\n48 b8 00 00 00 00 00 fc ff df 4d 8b 65 30 4c 89 e2 48 c1 ea 03 \u003c0f\u003e b6\n04 02 4c 89 e2 83 e2 07 38 d0 7f 08 84 c0 0f 85 be 01 00 00\nRSP: 0018:ffff888017affb50 EFLAGS: 00010246\nRAX: dffffc0000000000 RBX: ffff88801b000000 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888017affcb8\nRBP: ffff888017affb80 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000\nR13: ffff888017affc88 R14: ffff888017affd1c R15: ffff888017993000\nFS: 000055556e076500(0000) GS:ffff88806b100000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000200027c0 CR3: 0000000010ed0004 CR4: 0000000000370ef0\nCall Trace:\n \u003cTASK\u003e\n ? show_regs+0x86/0xa0\n ? die_addr+0x4b/0xd0\n ? exc_general_protection+0x163/0x260\n ? asm_exc_general_protection+0x27/0x30\n ? vhost_scsi_get_req+0x165/0x3a0\n vhost_scsi_ctl_handle_vq+0x2a4/0xca0\n ? __pfx_vhost_scsi_ctl_handle_vq+0x10/0x10\n ? __switch_to+0x721/0xeb0\n ? __schedule+0xda5/0x5710\n ? __kasan_check_write+0x14/0x30\n ? _raw_spin_lock+0x82/0xf0\n vhost_scsi_ctl_handle_kick+0x52/0x90\n vhost_run_work_list+0x134/0x1b0\n vhost_task_fn+0x121/0x350\n...\n \u003c/TASK\u003e\n---[ end trace 0000000000000000 ]---\n\nLet\u0027s add a check in vhost_scsi_get_req.\n\n[whitespace fixes]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49863",
"url": "https://www.suse.com/security/cve/CVE-2024-49863"
},
{
"category": "external",
"summary": "SUSE Bug 1232255 for CVE-2024-49863",
"url": "https://bugzilla.suse.com/1232255"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49863"
},
{
"cve": "CVE-2024-49864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49864"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix a race between socket set up and I/O thread creation\n\nIn rxrpc_open_socket(), it sets up the socket and then sets up the I/O\nthread that will handle it. This is a problem, however, as there\u0027s a gap\nbetween the two phases in which a packet may come into rxrpc_encap_rcv()\nfrom the UDP packet but we oops when trying to wake the not-yet created I/O\nthread.\n\nAs a quick fix, just make rxrpc_encap_rcv() discard the packet if there\u0027s\nno I/O thread yet.\n\nA better, but more intrusive fix would perhaps be to rearrange things such\nthat the socket creation is done by the I/O thread.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49864",
"url": "https://www.suse.com/security/cve/CVE-2024-49864"
},
{
"category": "external",
"summary": "SUSE Bug 1232256 for CVE-2024-49864",
"url": "https://bugzilla.suse.com/1232256"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49864"
},
{
"cve": "CVE-2024-49866",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49866"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/timerlat: Fix a race during cpuhp processing\n\nThere is another found exception that the \"timerlat/1\" thread was\nscheduled on CPU0, and lead to timer corruption finally:\n\n```\nODEBUG: init active (active state 0) object: ffff888237c2e108 object type: hrtimer hint: timerlat_irq+0x0/0x220\nWARNING: CPU: 0 PID: 426 at lib/debugobjects.c:518 debug_print_object+0x7d/0xb0\nModules linked in:\nCPU: 0 UID: 0 PID: 426 Comm: timerlat/1 Not tainted 6.11.0-rc7+ #45\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\nRIP: 0010:debug_print_object+0x7d/0xb0\n...\nCall Trace:\n \u003cTASK\u003e\n ? __warn+0x7c/0x110\n ? debug_print_object+0x7d/0xb0\n ? report_bug+0xf1/0x1d0\n ? prb_read_valid+0x17/0x20\n ? handle_bug+0x3f/0x70\n ? exc_invalid_op+0x13/0x60\n ? asm_exc_invalid_op+0x16/0x20\n ? debug_print_object+0x7d/0xb0\n ? debug_print_object+0x7d/0xb0\n ? __pfx_timerlat_irq+0x10/0x10\n __debug_object_init+0x110/0x150\n hrtimer_init+0x1d/0x60\n timerlat_main+0xab/0x2d0\n ? __pfx_timerlat_main+0x10/0x10\n kthread+0xb7/0xe0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2d/0x40\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n```\n\nAfter tracing the scheduling event, it was discovered that the migration\nof the \"timerlat/1\" thread was performed during thread creation. Further\nanalysis confirmed that it is because the CPU online processing for\nosnoise is implemented through workers, which is asynchronous with the\noffline processing. When the worker was scheduled to create a thread, the\nCPU may has already been removed from the cpu_online_mask during the offline\nprocess, resulting in the inability to select the right CPU:\n\nT1 | T2\n[CPUHP_ONLINE] | cpu_device_down()\nosnoise_hotplug_workfn() |\n | cpus_write_lock()\n | takedown_cpu(1)\n | cpus_write_unlock()\n[CPUHP_OFFLINE] |\n cpus_read_lock() |\n start_kthread(1) |\n cpus_read_unlock() |\n\nTo fix this, skip online processing if the CPU is already offline.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49866",
"url": "https://www.suse.com/security/cve/CVE-2024-49866"
},
{
"category": "external",
"summary": "SUSE Bug 1232259 for CVE-2024-49866",
"url": "https://bugzilla.suse.com/1232259"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49866"
},
{
"cve": "CVE-2024-49867",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49867"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: wait for fixup workers before stopping cleaner kthread during umount\n\nDuring unmount, at close_ctree(), we have the following steps in this order:\n\n1) Park the cleaner kthread - this doesn\u0027t destroy the kthread, it basically\n halts its execution (wake ups against it work but do nothing);\n\n2) We stop the cleaner kthread - this results in freeing the respective\n struct task_struct;\n\n3) We call btrfs_stop_all_workers() which waits for any jobs running in all\n the work queues and then free the work queues.\n\nSyzbot reported a case where a fixup worker resulted in a crash when doing\na delayed iput on its inode while attempting to wake up the cleaner at\nbtrfs_add_delayed_iput(), because the task_struct of the cleaner kthread\nwas already freed. This can happen during unmount because we don\u0027t wait\nfor any fixup workers still running before we call kthread_stop() against\nthe cleaner kthread, which stops and free all its resources.\n\nFix this by waiting for any fixup workers at close_ctree() before we call\nkthread_stop() against the cleaner and run pending delayed iputs.\n\nThe stack traces reported by syzbot were the following:\n\n BUG: KASAN: slab-use-after-free in __lock_acquire+0x77/0x2050 kernel/locking/lockdep.c:5065\n Read of size 8 at addr ffff8880272a8a18 by task kworker/u8:3/52\n\n CPU: 1 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted 6.12.0-rc1-syzkaller #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\n Workqueue: btrfs-fixup btrfs_work_helper\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n __lock_acquire+0x77/0x2050 kernel/locking/lockdep.c:5065\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825\n __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]\n _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162\n class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:551 [inline]\n try_to_wake_up+0xb0/0x1480 kernel/sched/core.c:4154\n btrfs_writepage_fixup_worker+0xc16/0xdf0 fs/btrfs/inode.c:2842\n btrfs_work_helper+0x390/0xc50 fs/btrfs/async-thread.c:314\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\n Allocated by task 2:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n unpoison_slab_object mm/kasan/common.c:319 [inline]\n __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:345\n kasan_slab_alloc include/linux/kasan.h:247 [inline]\n slab_post_alloc_hook mm/slub.c:4086 [inline]\n slab_alloc_node mm/slub.c:4135 [inline]\n kmem_cache_alloc_node_noprof+0x16b/0x320 mm/slub.c:4187\n alloc_task_struct_node kernel/fork.c:180 [inline]\n dup_task_struct+0x57/0x8c0 kernel/fork.c:1107\n copy_process+0x5d1/0x3d50 kernel/fork.c:2206\n kernel_clone+0x223/0x880 kernel/fork.c:2787\n kernel_thread+0x1bc/0x240 kernel/fork.c:2849\n create_kthread kernel/kthread.c:412 [inline]\n kthreadd+0x60d/0x810 kernel/kthread.c:765\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\n Freed by task 61:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:230 [inline]\n slab_free_h\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49867",
"url": "https://www.suse.com/security/cve/CVE-2024-49867"
},
{
"category": "external",
"summary": "SUSE Bug 1232262 for CVE-2024-49867",
"url": "https://bugzilla.suse.com/1232262"
},
{
"category": "external",
"summary": "SUSE Bug 1232271 for CVE-2024-49867",
"url": "https://bugzilla.suse.com/1232271"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-49867"
},
{
"cve": "CVE-2024-49868",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49868"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix a NULL pointer dereference when failed to start a new trasacntion\n\n[BUG]\nSyzbot reported a NULL pointer dereference with the following crash:\n\n FAULT_INJECTION: forcing a failure.\n start_transaction+0x830/0x1670 fs/btrfs/transaction.c:676\n prepare_to_relocate+0x31f/0x4c0 fs/btrfs/relocation.c:3642\n relocate_block_group+0x169/0xd20 fs/btrfs/relocation.c:3678\n ...\n BTRFS info (device loop0): balance: ended with status: -12\n Oops: general protection fault, probably for non-canonical address 0xdffffc00000000cc: 0000 [#1] PREEMPT SMP KASAN NOPTI\n KASAN: null-ptr-deref in range [0x0000000000000660-0x0000000000000667]\n RIP: 0010:btrfs_update_reloc_root+0x362/0xa80 fs/btrfs/relocation.c:926\n Call Trace:\n \u003cTASK\u003e\n commit_fs_roots+0x2ee/0x720 fs/btrfs/transaction.c:1496\n btrfs_commit_transaction+0xfaf/0x3740 fs/btrfs/transaction.c:2430\n del_balance_item fs/btrfs/volumes.c:3678 [inline]\n reset_balance_state+0x25e/0x3c0 fs/btrfs/volumes.c:3742\n btrfs_balance+0xead/0x10c0 fs/btrfs/volumes.c:4574\n btrfs_ioctl_balance+0x493/0x7c0 fs/btrfs/ioctl.c:3673\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n[CAUSE]\nThe allocation failure happens at the start_transaction() inside\nprepare_to_relocate(), and during the error handling we call\nunset_reloc_control(), which makes fs_info-\u003ebalance_ctl to be NULL.\n\nThen we continue the error path cleanup in btrfs_balance() by calling\nreset_balance_state() which will call del_balance_item() to fully delete\nthe balance item in the root tree.\n\nHowever during the small window between set_reloc_contrl() and\nunset_reloc_control(), we can have a subvolume tree update and created a\nreloc_root for that subvolume.\n\nThen we go into the final btrfs_commit_transaction() of\ndel_balance_item(), and into btrfs_update_reloc_root() inside\ncommit_fs_roots().\n\nThat function checks if fs_info-\u003ereloc_ctl is in the merge_reloc_tree\nstage, but since fs_info-\u003ereloc_ctl is NULL, it results a NULL pointer\ndereference.\n\n[FIX]\nJust add extra check on fs_info-\u003ereloc_ctl inside\nbtrfs_update_reloc_root(), before checking\nfs_info-\u003ereloc_ctl-\u003emerge_reloc_tree.\n\nThat DEAD_RELOC_TREE handling is to prevent further modification to the\nreloc tree during merge stage, but since there is no reloc_ctl at all,\nwe do not need to bother that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49868",
"url": "https://www.suse.com/security/cve/CVE-2024-49868"
},
{
"category": "external",
"summary": "SUSE Bug 1232272 for CVE-2024-49868",
"url": "https://bugzilla.suse.com/1232272"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49868"
},
{
"cve": "CVE-2024-49870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49870"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: fix dentry leak in cachefiles_open_file()\n\nA dentry leak may be caused when a lookup cookie and a cull are concurrent:\n\n P1 | P2\n-----------------------------------------------------------\ncachefiles_lookup_cookie\n cachefiles_look_up_object\n lookup_one_positive_unlocked\n // get dentry\n cachefiles_cull\n inode-\u003ei_flags |= S_KERNEL_FILE;\n cachefiles_open_file\n cachefiles_mark_inode_in_use\n __cachefiles_mark_inode_in_use\n can_use = false\n if (!(inode-\u003ei_flags \u0026 S_KERNEL_FILE))\n can_use = true\n\t return false\n return false\n // Returns an error but doesn\u0027t put dentry\n\nAfter that the following WARNING will be triggered when the backend folder\nis umounted:\n\n==================================================================\nBUG: Dentry 000000008ad87947{i=7a,n=Dx_1_1.img} still in use (1) [unmount of ext4 sda]\nWARNING: CPU: 4 PID: 359261 at fs/dcache.c:1767 umount_check+0x5d/0x70\nCPU: 4 PID: 359261 Comm: umount Not tainted 6.6.0-dirty #25\nRIP: 0010:umount_check+0x5d/0x70\nCall Trace:\n \u003cTASK\u003e\n d_walk+0xda/0x2b0\n do_one_tree+0x20/0x40\n shrink_dcache_for_umount+0x2c/0x90\n generic_shutdown_super+0x20/0x160\n kill_block_super+0x1a/0x40\n ext4_kill_sb+0x22/0x40\n deactivate_locked_super+0x35/0x80\n cleanup_mnt+0x104/0x160\n==================================================================\n\nWhether cachefiles_open_file() returns true or false, the reference count\nobtained by lookup_positive_unlocked() in cachefiles_look_up_object()\nshould be released.\n\nTherefore release that reference count in cachefiles_look_up_object() to\nfix the above issue and simplify the code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49870",
"url": "https://www.suse.com/security/cve/CVE-2024-49870"
},
{
"category": "external",
"summary": "SUSE Bug 1232279 for CVE-2024-49870",
"url": "https://bugzilla.suse.com/1232279"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49870"
},
{
"cve": "CVE-2024-49871",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49871"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: adp5589-keys - fix NULL pointer dereference\n\nWe register a devm action to call adp5589_clear_config() and then pass\nthe i2c client as argument so that we can call i2c_get_clientdata() in\norder to get our device object. However, i2c_set_clientdata() is only\nbeing set at the end of the probe function which means that we\u0027ll get a\nNULL pointer dereference in case the probe function fails early.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49871",
"url": "https://www.suse.com/security/cve/CVE-2024-49871"
},
{
"category": "external",
"summary": "SUSE Bug 1232287 for CVE-2024-49871",
"url": "https://bugzilla.suse.com/1232287"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49871"
},
{
"cve": "CVE-2024-49874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49874"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: master: svc: Fix use after free vulnerability in svc_i3c_master Driver Due to Race Condition\n\nIn the svc_i3c_master_probe function, \u0026master-\u003ehj_work is bound with\nsvc_i3c_master_hj_work, \u0026master-\u003eibi_work is bound with\nsvc_i3c_master_ibi_work. And svc_i3c_master_ibi_work can start the\nhj_work, svc_i3c_master_irq_handler can start the ibi_work.\n\nIf we remove the module which will call svc_i3c_master_remove to\nmake cleanup, it will free master-\u003ebase through i3c_master_unregister\nwhile the work mentioned above will be used. The sequence of operations\nthat may lead to a UAF bug is as follows:\n\nCPU0 CPU1\n\n | svc_i3c_master_hj_work\nsvc_i3c_master_remove |\ni3c_master_unregister(\u0026master-\u003ebase)|\ndevice_unregister(\u0026master-\u003edev) |\ndevice_release |\n//free master-\u003ebase |\n | i3c_master_do_daa(\u0026master-\u003ebase)\n | //use master-\u003ebase\n\nFix it by ensuring that the work is canceled before proceeding with the\ncleanup in svc_i3c_master_remove.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49874",
"url": "https://www.suse.com/security/cve/CVE-2024-49874"
},
{
"category": "external",
"summary": "SUSE Bug 1232295 for CVE-2024-49874",
"url": "https://bugzilla.suse.com/1232295"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49874"
},
{
"cve": "CVE-2024-49875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49875"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: map the EBADMSG to nfserr_io to avoid warning\n\nExt4 will throw -EBADMSG through ext4_readdir when a checksum error\noccurs, resulting in the following WARNING.\n\nFix it by mapping EBADMSG to nfserr_io.\n\nnfsd_buffered_readdir\n iterate_dir // -EBADMSG -74\n ext4_readdir // .iterate_shared\n ext4_dx_readdir\n ext4_htree_fill_tree\n htree_dirblock_to_tree\n ext4_read_dirblock\n __ext4_read_dirblock\n ext4_dirblock_csum_verify\n warn_no_space_for_csum\n __warn_no_space_for_csum\n return ERR_PTR(-EFSBADCRC) // -EBADMSG -74\n nfserrno // WARNING\n\n[ 161.115610] ------------[ cut here ]------------\n[ 161.116465] nfsd: non-standard errno: -74\n[ 161.117315] WARNING: CPU: 1 PID: 780 at fs/nfsd/nfsproc.c:878 nfserrno+0x9d/0xd0\n[ 161.118596] Modules linked in:\n[ 161.119243] CPU: 1 PID: 780 Comm: nfsd Not tainted 5.10.0-00014-g79679361fd5d #138\n[ 161.120684] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qe\nmu.org 04/01/2014\n[ 161.123601] RIP: 0010:nfserrno+0x9d/0xd0\n[ 161.124676] Code: 0f 87 da 30 dd 00 83 e3 01 b8 00 00 00 05 75 d7 44 89 ee 48 c7 c7 c0 57 24 98 89 44 24 04 c6\n 05 ce 2b 61 03 01 e8 99 20 d8 00 \u003c0f\u003e 0b 8b 44 24 04 eb b5 4c 89 e6 48 c7 c7 a0 6d a4 99 e8 cc 15 33\n[ 161.127797] RSP: 0018:ffffc90000e2f9c0 EFLAGS: 00010286\n[ 161.128794] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000\n[ 161.130089] RDX: 1ffff1103ee16f6d RSI: 0000000000000008 RDI: fffff520001c5f2a\n[ 161.131379] RBP: 0000000000000022 R08: 0000000000000001 R09: ffff8881f70c1827\n[ 161.132664] R10: ffffed103ee18304 R11: 0000000000000001 R12: 0000000000000021\n[ 161.133949] R13: 00000000ffffffb6 R14: ffff8881317c0000 R15: ffffc90000e2fbd8\n[ 161.135244] FS: 0000000000000000(0000) GS:ffff8881f7080000(0000) knlGS:0000000000000000\n[ 161.136695] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 161.137761] CR2: 00007fcaad70b348 CR3: 0000000144256006 CR4: 0000000000770ee0\n[ 161.139041] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 161.140291] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 161.141519] PKRU: 55555554\n[ 161.142076] Call Trace:\n[ 161.142575] ? __warn+0x9b/0x140\n[ 161.143229] ? nfserrno+0x9d/0xd0\n[ 161.143872] ? report_bug+0x125/0x150\n[ 161.144595] ? handle_bug+0x41/0x90\n[ 161.145284] ? exc_invalid_op+0x14/0x70\n[ 161.146009] ? asm_exc_invalid_op+0x12/0x20\n[ 161.146816] ? nfserrno+0x9d/0xd0\n[ 161.147487] nfsd_buffered_readdir+0x28b/0x2b0\n[ 161.148333] ? nfsd4_encode_dirent_fattr+0x380/0x380\n[ 161.149258] ? nfsd_buffered_filldir+0xf0/0xf0\n[ 161.150093] ? wait_for_concurrent_writes+0x170/0x170\n[ 161.151004] ? generic_file_llseek_size+0x48/0x160\n[ 161.151895] nfsd_readdir+0x132/0x190\n[ 161.152606] ? nfsd4_encode_dirent_fattr+0x380/0x380\n[ 161.153516] ? nfsd_unlink+0x380/0x380\n[ 161.154256] ? override_creds+0x45/0x60\n[ 161.155006] nfsd4_encode_readdir+0x21a/0x3d0\n[ 161.155850] ? nfsd4_encode_readlink+0x210/0x210\n[ 161.156731] ? write_bytes_to_xdr_buf+0x97/0xe0\n[ 161.157598] ? __write_bytes_to_xdr_buf+0xd0/0xd0\n[ 161.158494] ? lock_downgrade+0x90/0x90\n[ 161.159232] ? nfs4svc_decode_voidarg+0x10/0x10\n[ 161.160092] nfsd4_encode_operation+0x15a/0x440\n[ 161.160959] nfsd4_proc_compound+0x718/0xe90\n[ 161.161818] nfsd_dispatch+0x18e/0x2c0\n[ 161.162586] svc_process_common+0x786/0xc50\n[ 161.163403] ? nfsd_svc+0x380/0x380\n[ 161.164137] ? svc_printk+0x160/0x160\n[ 161.164846] ? svc_xprt_do_enqueue.part.0+0x365/0x380\n[ 161.165808] ? nfsd_svc+0x380/0x380\n[ 161.166523] ? rcu_is_watching+0x23/0x40\n[ 161.167309] svc_process+0x1a5/0x200\n[ 161.168019] nfsd+0x1f5/0x380\n[ 161.168663] ? nfsd_shutdown_threads+0x260/0x260\n[ 161.169554] kthread+0x1c4/0x210\n[ 161.170224] ? kthread_insert_work_sanity_check+0x80/0x80\n[ 161.171246] ret_from_fork+0x1f/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49875",
"url": "https://www.suse.com/security/cve/CVE-2024-49875"
},
{
"category": "external",
"summary": "SUSE Bug 1232333 for CVE-2024-49875",
"url": "https://bugzilla.suse.com/1232333"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49875"
},
{
"cve": "CVE-2024-49877",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49877"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate\n\nWhen doing cleanup, if flags without OCFS2_BH_READAHEAD, it may trigger\nNULL pointer dereference in the following ocfs2_set_buffer_uptodate() if\nbh is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49877",
"url": "https://www.suse.com/security/cve/CVE-2024-49877"
},
{
"category": "external",
"summary": "SUSE Bug 1232339 for CVE-2024-49877",
"url": "https://bugzilla.suse.com/1232339"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49877"
},
{
"cve": "CVE-2024-49878",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49878"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nresource: fix region_intersects() vs add_memory_driver_managed()\n\nOn a system with CXL memory, the resource tree (/proc/iomem) related to\nCXL memory may look like something as follows.\n\n490000000-50fffffff : CXL Window 0\n 490000000-50fffffff : region0\n 490000000-50fffffff : dax0.0\n 490000000-50fffffff : System RAM (kmem)\n\nBecause drivers/dax/kmem.c calls add_memory_driver_managed() during\nonlining CXL memory, which makes \"System RAM (kmem)\" a descendant of \"CXL\nWindow X\". This confuses region_intersects(), which expects all \"System\nRAM\" resources to be at the top level of iomem_resource. This can lead to\nbugs.\n\nFor example, when the following command line is executed to write some\nmemory in CXL memory range via /dev/mem,\n\n $ dd if=data of=/dev/mem bs=$((1 \u003c\u003c 10)) seek=$((0x490000000 \u003e\u003e 10)) count=1\n dd: error writing \u0027/dev/mem\u0027: Bad address\n 1+0 records in\n 0+0 records out\n 0 bytes copied, 0.0283507 s, 0.0 kB/s\n\nthe command fails as expected. However, the error code is wrong. It\nshould be \"Operation not permitted\" instead of \"Bad address\". More\nseriously, the /dev/mem permission checking in devmem_is_allowed() passes\nincorrectly. Although the accessing is prevented later because ioremap()\nisn\u0027t allowed to map system RAM, it is a potential security issue. During\ncommand executing, the following warning is reported in the kernel log for\ncalling ioremap() on system RAM.\n\n ioremap on RAM at 0x0000000490000000 - 0x0000000490000fff\n WARNING: CPU: 2 PID: 416 at arch/x86/mm/ioremap.c:216 __ioremap_caller.constprop.0+0x131/0x35d\n Call Trace:\n memremap+0xcb/0x184\n xlate_dev_mem_ptr+0x25/0x2f\n write_mem+0x94/0xfb\n vfs_write+0x128/0x26d\n ksys_write+0xac/0xfe\n do_syscall_64+0x9a/0xfd\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nThe details of command execution process are as follows. In the above\nresource tree, \"System RAM\" is a descendant of \"CXL Window 0\" instead of a\ntop level resource. So, region_intersects() will report no System RAM\nresources in the CXL memory region incorrectly, because it only checks the\ntop level resources. Consequently, devmem_is_allowed() will return 1\n(allow access via /dev/mem) for CXL memory region incorrectly. \nFortunately, ioremap() doesn\u0027t allow to map System RAM and reject the\naccess.\n\nSo, region_intersects() needs to be fixed to work correctly with the\nresource tree with \"System RAM\" not at top level as above. To fix it, if\nwe found a unmatched resource in the top level, we will continue to search\nmatched resources in its descendant resources. So, we will not miss any\nmatched resources in resource tree anymore.\n\nIn the new implementation, an example resource tree\n\n|------------- \"CXL Window 0\" ------------|\n|-- \"System RAM\" --|\n\nwill behave similar as the following fake resource tree for\nregion_intersects(, IORESOURCE_SYSTEM_RAM, ),\n\n|-- \"System RAM\" --||-- \"CXL Window 0a\" --|\n\nWhere \"CXL Window 0a\" is part of the original \"CXL Window 0\" that\nisn\u0027t covered by \"System RAM\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49878",
"url": "https://www.suse.com/security/cve/CVE-2024-49878"
},
{
"category": "external",
"summary": "SUSE Bug 1232340 for CVE-2024-49878",
"url": "https://bugzilla.suse.com/1232340"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49878"
},
{
"cve": "CVE-2024-49879",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49879"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: omapdrm: Add missing check for alloc_ordered_workqueue\n\nAs it may return NULL pointer and cause NULL pointer dereference. Add check\nfor the return value of alloc_ordered_workqueue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49879",
"url": "https://www.suse.com/security/cve/CVE-2024-49879"
},
{
"category": "external",
"summary": "SUSE Bug 1232349 for CVE-2024-49879",
"url": "https://bugzilla.suse.com/1232349"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49879"
},
{
"cve": "CVE-2024-49881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49881"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: update orig_path in ext4_find_extent()\n\nIn ext4_find_extent(), if the path is not big enough, we free it and set\n*orig_path to NULL. But after reallocating and successfully initializing\nthe path, we don\u0027t update *orig_path, in which case the caller gets a\nvalid path but a NULL ppath, and this may cause a NULL pointer dereference\nor a path memory leak. For example:\n\next4_split_extent\n path = *ppath = 2000\n ext4_find_extent\n if (depth \u003e path[0].p_maxdepth)\n kfree(path = 2000);\n *orig_path = path = NULL;\n path = kcalloc() = 3000\n ext4_split_extent_at(*ppath = NULL)\n path = *ppath;\n ex = path[depth].p_ext;\n // NULL pointer dereference!\n\n==================================================================\nBUG: kernel NULL pointer dereference, address: 0000000000000010\nCPU: 6 UID: 0 PID: 576 Comm: fsstress Not tainted 6.11.0-rc2-dirty #847\nRIP: 0010:ext4_split_extent_at+0x6d/0x560\nCall Trace:\n \u003cTASK\u003e\n ext4_split_extent.isra.0+0xcb/0x1b0\n ext4_ext_convert_to_initialized+0x168/0x6c0\n ext4_ext_handle_unwritten_extents+0x325/0x4d0\n ext4_ext_map_blocks+0x520/0xdb0\n ext4_map_blocks+0x2b0/0x690\n ext4_iomap_begin+0x20e/0x2c0\n[...]\n==================================================================\n\nTherefore, *orig_path is updated when the extent lookup succeeds, so that\nthe caller can safely use path or *ppath.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49881",
"url": "https://www.suse.com/security/cve/CVE-2024-49881"
},
{
"category": "external",
"summary": "SUSE Bug 1232201 for CVE-2024-49881",
"url": "https://bugzilla.suse.com/1232201"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49881"
},
{
"cve": "CVE-2024-49882",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49882"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix double brelse() the buffer of the extents path\n\nIn ext4_ext_try_to_merge_up(), set path[1].p_bh to NULL after it has been\nreleased, otherwise it may be released twice. An example of what triggers\nthis is as follows:\n\n split2 map split1\n|--------|-------|--------|\n\next4_ext_map_blocks\n ext4_ext_handle_unwritten_extents\n ext4_split_convert_extents\n // path-\u003ep_depth == 0\n ext4_split_extent\n // 1. do split1\n ext4_split_extent_at\n |ext4_ext_insert_extent\n | ext4_ext_create_new_leaf\n | ext4_ext_grow_indepth\n | le16_add_cpu(\u0026neh-\u003eeh_depth, 1)\n | ext4_find_extent\n | // return -ENOMEM\n |// get error and try zeroout\n |path = ext4_find_extent\n | path-\u003ep_depth = 1\n |ext4_ext_try_to_merge\n | ext4_ext_try_to_merge_up\n | path-\u003ep_depth = 0\n | brelse(path[1].p_bh) ---\u003e not set to NULL here\n |// zeroout success\n // 2. update path\n ext4_find_extent\n // 3. do split2\n ext4_split_extent_at\n ext4_ext_insert_extent\n ext4_ext_create_new_leaf\n ext4_ext_grow_indepth\n le16_add_cpu(\u0026neh-\u003eeh_depth, 1)\n ext4_find_extent\n path[0].p_bh = NULL;\n path-\u003ep_depth = 1\n read_extent_tree_block ---\u003e return err\n // path[1].p_bh is still the old value\n ext4_free_ext_path\n ext4_ext_drop_refs\n // path-\u003ep_depth == 1\n brelse(path[1].p_bh) ---\u003e brelse a buffer twice\n\nFinally got the following WARRNING when removing the buffer from lru:\n\n============================================\nVFS: brelse: Trying to free free buffer\nWARNING: CPU: 2 PID: 72 at fs/buffer.c:1241 __brelse+0x58/0x90\nCPU: 2 PID: 72 Comm: kworker/u19:1 Not tainted 6.9.0-dirty #716\nRIP: 0010:__brelse+0x58/0x90\nCall Trace:\n \u003cTASK\u003e\n __find_get_block+0x6e7/0x810\n bdev_getblk+0x2b/0x480\n __ext4_get_inode_loc+0x48a/0x1240\n ext4_get_inode_loc+0xb2/0x150\n ext4_reserve_inode_write+0xb7/0x230\n __ext4_mark_inode_dirty+0x144/0x6a0\n ext4_ext_insert_extent+0x9c8/0x3230\n ext4_ext_map_blocks+0xf45/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n============================================",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49882",
"url": "https://www.suse.com/security/cve/CVE-2024-49882"
},
{
"category": "external",
"summary": "SUSE Bug 1232200 for CVE-2024-49882",
"url": "https://bugzilla.suse.com/1232200"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49882"
},
{
"cve": "CVE-2024-49883",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49883"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: aovid use-after-free in ext4_ext_insert_extent()\n\nAs Ojaswin mentioned in Link, in ext4_ext_insert_extent(), if the path is\nreallocated in ext4_ext_create_new_leaf(), we\u0027ll use the stale path and\ncause UAF. Below is a sample trace with dummy values:\n\next4_ext_insert_extent\n path = *ppath = 2000\n ext4_ext_create_new_leaf(ppath)\n ext4_find_extent(ppath)\n path = *ppath = 2000\n if (depth \u003e path[0].p_maxdepth)\n kfree(path = 2000);\n *ppath = path = NULL;\n path = kcalloc() = 3000\n *ppath = 3000;\n return path;\n /* here path is still 2000, UAF! */\n eh = path[depth].p_hdr\n\n==================================================================\nBUG: KASAN: slab-use-after-free in ext4_ext_insert_extent+0x26d4/0x3330\nRead of size 8 at addr ffff8881027bf7d0 by task kworker/u36:1/179\nCPU: 3 UID: 0 PID: 179 Comm: kworker/u6:1 Not tainted 6.11.0-rc2-dirty #866\nCall Trace:\n \u003cTASK\u003e\n ext4_ext_insert_extent+0x26d4/0x3330\n ext4_ext_map_blocks+0xe22/0x2d40\n ext4_map_blocks+0x71e/0x1700\n ext4_do_writepages+0x1290/0x2800\n[...]\n\nAllocated by task 179:\n ext4_find_extent+0x81c/0x1f70\n ext4_ext_map_blocks+0x146/0x2d40\n ext4_map_blocks+0x71e/0x1700\n ext4_do_writepages+0x1290/0x2800\n ext4_writepages+0x26d/0x4e0\n do_writepages+0x175/0x700\n[...]\n\nFreed by task 179:\n kfree+0xcb/0x240\n ext4_find_extent+0x7c0/0x1f70\n ext4_ext_insert_extent+0xa26/0x3330\n ext4_ext_map_blocks+0xe22/0x2d40\n ext4_map_blocks+0x71e/0x1700\n ext4_do_writepages+0x1290/0x2800\n ext4_writepages+0x26d/0x4e0\n do_writepages+0x175/0x700\n[...]\n==================================================================\n\nSo use *ppath to update the path to avoid the above problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49883",
"url": "https://www.suse.com/security/cve/CVE-2024-49883"
},
{
"category": "external",
"summary": "SUSE Bug 1232199 for CVE-2024-49883",
"url": "https://bugzilla.suse.com/1232199"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49883"
},
{
"cve": "CVE-2024-49884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49884"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix slab-use-after-free in ext4_split_extent_at()\n\nWe hit the following use-after-free:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in ext4_split_extent_at+0xba8/0xcc0\nRead of size 2 at addr ffff88810548ed08 by task kworker/u20:0/40\nCPU: 0 PID: 40 Comm: kworker/u20:0 Not tainted 6.9.0-dirty #724\nCall Trace:\n \u003cTASK\u003e\n kasan_report+0x93/0xc0\n ext4_split_extent_at+0xba8/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nAllocated by task 40:\n __kmalloc_noprof+0x1ac/0x480\n ext4_find_extent+0xf3b/0x1e70\n ext4_ext_map_blocks+0x188/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nFreed by task 40:\n kfree+0xf1/0x2b0\n ext4_find_extent+0xa71/0x1e70\n ext4_ext_insert_extent+0xa22/0x3260\n ext4_split_extent_at+0x3ef/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n==================================================================\n\nThe flow of issue triggering is as follows:\n\next4_split_extent_at\n path = *ppath\n ext4_ext_insert_extent(ppath)\n ext4_ext_create_new_leaf(ppath)\n ext4_find_extent(orig_path)\n path = *orig_path\n read_extent_tree_block\n // return -ENOMEM or -EIO\n ext4_free_ext_path(path)\n kfree(path)\n *orig_path = NULL\n a. If err is -ENOMEM:\n ext4_ext_dirty(path + path-\u003ep_depth)\n // path use-after-free !!!\n b. If err is -EIO and we have EXT_DEBUG defined:\n ext4_ext_show_leaf(path)\n eh = path[depth].p_hdr\n // path also use-after-free !!!\n\nSo when trying to zeroout or fix the extent length, call ext4_find_extent()\nto update the path.\n\nIn addition we use *ppath directly as an ext4_ext_show_leaf() input to\navoid possible use-after-free when EXT_DEBUG is defined, and to avoid\nunnecessary path updates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49884",
"url": "https://www.suse.com/security/cve/CVE-2024-49884"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-49884",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232198 for CVE-2024-49884",
"url": "https://bugzilla.suse.com/1232198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49884"
},
{
"cve": "CVE-2024-49886",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49886"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug\n\nAttaching SST PCI device to VM causes \"BUG: KASAN: slab-out-of-bounds\".\nkasan report:\n[ 19.411889] ==================================================================\n[ 19.413702] BUG: KASAN: slab-out-of-bounds in _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common]\n[ 19.415634] Read of size 8 at addr ffff888829e65200 by task cpuhp/16/113\n[ 19.417368]\n[ 19.418627] CPU: 16 PID: 113 Comm: cpuhp/16 Tainted: G E 6.9.0 #10\n[ 19.420435] Hardware name: VMware, Inc. VMware20,1/440BX Desktop Reference Platform, BIOS VMW201.00V.20192059.B64.2207280713 07/28/2022\n[ 19.422687] Call Trace:\n[ 19.424091] \u003cTASK\u003e\n[ 19.425448] dump_stack_lvl+0x5d/0x80\n[ 19.426963] ? _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common]\n[ 19.428694] print_report+0x19d/0x52e\n[ 19.430206] ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n[ 19.431837] ? _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common]\n[ 19.433539] kasan_report+0xf0/0x170\n[ 19.435019] ? _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common]\n[ 19.436709] _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common]\n[ 19.438379] ? __pfx_sched_clock_cpu+0x10/0x10\n[ 19.439910] isst_if_cpu_online+0x406/0x58f [isst_if_common]\n[ 19.441573] ? __pfx_isst_if_cpu_online+0x10/0x10 [isst_if_common]\n[ 19.443263] ? ttwu_queue_wakelist+0x2c1/0x360\n[ 19.444797] cpuhp_invoke_callback+0x221/0xec0\n[ 19.446337] cpuhp_thread_fun+0x21b/0x610\n[ 19.447814] ? __pfx_cpuhp_thread_fun+0x10/0x10\n[ 19.449354] smpboot_thread_fn+0x2e7/0x6e0\n[ 19.450859] ? __pfx_smpboot_thread_fn+0x10/0x10\n[ 19.452405] kthread+0x29c/0x350\n[ 19.453817] ? __pfx_kthread+0x10/0x10\n[ 19.455253] ret_from_fork+0x31/0x70\n[ 19.456685] ? __pfx_kthread+0x10/0x10\n[ 19.458114] ret_from_fork_asm+0x1a/0x30\n[ 19.459573] \u003c/TASK\u003e\n[ 19.460853]\n[ 19.462055] Allocated by task 1198:\n[ 19.463410] kasan_save_stack+0x30/0x50\n[ 19.464788] kasan_save_track+0x14/0x30\n[ 19.466139] __kasan_kmalloc+0xaa/0xb0\n[ 19.467465] __kmalloc+0x1cd/0x470\n[ 19.468748] isst_if_cdev_register+0x1da/0x350 [isst_if_common]\n[ 19.470233] isst_if_mbox_init+0x108/0xff0 [isst_if_mbox_msr]\n[ 19.471670] do_one_initcall+0xa4/0x380\n[ 19.472903] do_init_module+0x238/0x760\n[ 19.474105] load_module+0x5239/0x6f00\n[ 19.475285] init_module_from_file+0xd1/0x130\n[ 19.476506] idempotent_init_module+0x23b/0x650\n[ 19.477725] __x64_sys_finit_module+0xbe/0x130\n[ 19.476506] idempotent_init_module+0x23b/0x650\n[ 19.477725] __x64_sys_finit_module+0xbe/0x130\n[ 19.478920] do_syscall_64+0x82/0x160\n[ 19.480036] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 19.481292]\n[ 19.482205] The buggy address belongs to the object at ffff888829e65000\n which belongs to the cache kmalloc-512 of size 512\n[ 19.484818] The buggy address is located 0 bytes to the right of\n allocated 512-byte region [ffff888829e65000, ffff888829e65200)\n[ 19.487447]\n[ 19.488328] The buggy address belongs to the physical page:\n[ 19.489569] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888829e60c00 pfn:0x829e60\n[ 19.491140] head: order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0\n[ 19.492466] anon flags: 0x57ffffc0000840(slab|head|node=1|zone=2|lastcpupid=0x1fffff)\n[ 19.493914] page_type: 0xffffffff()\n[ 19.494988] raw: 0057ffffc0000840 ffff88810004cc80 0000000000000000 0000000000000001\n[ 19.496451] raw: ffff888829e60c00 0000000080200018 00000001ffffffff 0000000000000000\n[ 19.497906] head: 0057ffffc0000840 ffff88810004cc80 0000000000000000 0000000000000001\n[ 19.499379] head: ffff888829e60c00 0000000080200018 00000001ffffffff 0000000000000000\n[ 19.500844] head: 0057ffffc0000003 ffffea0020a79801 ffffea0020a79848 00000000ffffffff\n[ 19.502316] head: 0000000800000000 0000000000000000 00000000ffffffff 0000000000000000\n[ 19.503784] page dumped because: k\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49886",
"url": "https://www.suse.com/security/cve/CVE-2024-49886"
},
{
"category": "external",
"summary": "SUSE Bug 1232196 for CVE-2024-49886",
"url": "https://bugzilla.suse.com/1232196"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49886"
},
{
"cve": "CVE-2024-49888",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49888"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a sdiv overflow issue\n\nZac Ecob reported a problem where a bpf program may cause kernel crash due\nto the following error:\n Oops: divide error: 0000 [#1] PREEMPT SMP KASAN PTI\n\nThe failure is due to the below signed divide:\n LLONG_MIN/-1 where LLONG_MIN equals to -9,223,372,036,854,775,808.\nLLONG_MIN/-1 is supposed to give a positive number 9,223,372,036,854,775,808,\nbut it is impossible since for 64-bit system, the maximum positive\nnumber is 9,223,372,036,854,775,807. On x86_64, LLONG_MIN/-1 will\ncause a kernel exception. On arm64, the result for LLONG_MIN/-1 is\nLLONG_MIN.\n\nFurther investigation found all the following sdiv/smod cases may trigger\nan exception when bpf program is running on x86_64 platform:\n - LLONG_MIN/-1 for 64bit operation\n - INT_MIN/-1 for 32bit operation\n - LLONG_MIN%-1 for 64bit operation\n - INT_MIN%-1 for 32bit operation\nwhere -1 can be an immediate or in a register.\n\nOn arm64, there are no exceptions:\n - LLONG_MIN/-1 = LLONG_MIN\n - INT_MIN/-1 = INT_MIN\n - LLONG_MIN%-1 = 0\n - INT_MIN%-1 = 0\nwhere -1 can be an immediate or in a register.\n\nInsn patching is needed to handle the above cases and the patched codes\nproduced results aligned with above arm64 result. The below are pseudo\ncodes to handle sdiv/smod exceptions including both divisor -1 and divisor 0\nand the divisor is stored in a register.\n\nsdiv:\n tmp = rX\n tmp += 1 /* [-1, 0] -\u003e [0, 1]\n if tmp \u003e(unsigned) 1 goto L2\n if tmp == 0 goto L1\n rY = 0\n L1:\n rY = -rY;\n goto L3\n L2:\n rY /= rX\n L3:\n\nsmod:\n tmp = rX\n tmp += 1 /* [-1, 0] -\u003e [0, 1]\n if tmp \u003e(unsigned) 1 goto L1\n if tmp == 1 (is64 ? goto L2 : goto L3)\n rY = 0;\n goto L2\n L1:\n rY %= rX\n L2:\n goto L4 // only when !is64\n L3:\n wY = wY // only when !is64\n L4:\n\n [1] https://lore.kernel.org/bpf/tPJLTEh7S_DxFEqAI2Ji5MBSoZVg7_G-Py2iaZpAaWtM961fFTWtsnlzwvTbzBzaUzwQAoNATXKUlt0LZOFgnDcIyKCswAnAGdUF3LBrhGQ=@protonmail.com/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49888",
"url": "https://www.suse.com/security/cve/CVE-2024-49888"
},
{
"category": "external",
"summary": "SUSE Bug 1232208 for CVE-2024-49888",
"url": "https://bugzilla.suse.com/1232208"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49888"
},
{
"cve": "CVE-2024-49890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49890"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: ensure the fw_info is not null before using it\n\nThis resolves the dereference null return value warning\nreported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49890",
"url": "https://www.suse.com/security/cve/CVE-2024-49890"
},
{
"category": "external",
"summary": "SUSE Bug 1232217 for CVE-2024-49890",
"url": "https://bugzilla.suse.com/1232217"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49890"
},
{
"cve": "CVE-2024-49891",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49891"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths\n\nWhen the HBA is undergoing a reset or is handling an errata event, NULL ptr\ndereference crashes may occur in routines such as\nlpfc_sli_flush_io_rings(), lpfc_dev_loss_tmo_callbk(), or\nlpfc_abort_handler().\n\nAdd NULL ptr checks before dereferencing hdwq pointers that may have been\nfreed due to operations colliding with a reset or errata event handler.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49891",
"url": "https://www.suse.com/security/cve/CVE-2024-49891"
},
{
"category": "external",
"summary": "SUSE Bug 1232218 for CVE-2024-49891",
"url": "https://bugzilla.suse.com/1232218"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49891"
},
{
"cve": "CVE-2024-49892",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49892"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Initialize get_bytes_per_element\u0027s default to 1\n\nVariables, used as denominators and maybe not assigned to other values,\nshould not be 0. bytes_per_element_y \u0026 bytes_per_element_c are\ninitialized by get_bytes_per_element() which should never return 0.\n\nThis fixes 10 DIVIDE_BY_ZERO issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49892",
"url": "https://www.suse.com/security/cve/CVE-2024-49892"
},
{
"category": "external",
"summary": "SUSE Bug 1232220 for CVE-2024-49892",
"url": "https://bugzilla.suse.com/1232220"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49892"
},
{
"cve": "CVE-2024-49894",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49894"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix index out of bounds in degamma hardware format translation\n\nFixes index out of bounds issue in\n`cm_helper_translate_curve_to_degamma_hw_format` function. The issue\ncould occur when the index \u0027i\u0027 exceeds the number of transfer function\npoints (TRANSFER_FUNC_POINTS).\n\nThe fix adds a check to ensure \u0027i\u0027 is within bounds before accessing the\ntransfer function points. If \u0027i\u0027 is out of bounds the function returns\nfalse to indicate an error.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:594 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.red\u0027 1025 \u003c= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:595 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.green\u0027 1025 \u003c= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:596 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.blue\u0027 1025 \u003c= s32max",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49894",
"url": "https://www.suse.com/security/cve/CVE-2024-49894"
},
{
"category": "external",
"summary": "SUSE Bug 1232354 for CVE-2024-49894",
"url": "https://bugzilla.suse.com/1232354"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49894"
},
{
"cve": "CVE-2024-49895",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49895"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation\n\nThis commit addresses a potential index out of bounds issue in the\n`cm3_helper_translate_curve_to_degamma_hw_format` function in the DCN30\ncolor management module. The issue could occur when the index \u0027i\u0027\nexceeds the number of transfer function points (TRANSFER_FUNC_POINTS).\n\nThe fix adds a check to ensure \u0027i\u0027 is within bounds before accessing the\ntransfer function points. If \u0027i\u0027 is out of bounds, the function returns\nfalse to indicate an error.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:338 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.red\u0027 1025 \u003c= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:339 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.green\u0027 1025 \u003c= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:340 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.blue\u0027 1025 \u003c= s32max",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49895",
"url": "https://www.suse.com/security/cve/CVE-2024-49895"
},
{
"category": "external",
"summary": "SUSE Bug 1232352 for CVE-2024-49895",
"url": "https://bugzilla.suse.com/1232352"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "low"
}
],
"title": "CVE-2024-49895"
},
{
"cve": "CVE-2024-49896",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49896"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check stream before comparing them\n\n[WHAT \u0026 HOW]\namdgpu_dm can pass a null stream to dc_is_stream_unchanged. It is\nnecessary to check for null before dereferencing them.\n\nThis fixes 1 FORWARD_NULL issue reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49896",
"url": "https://www.suse.com/security/cve/CVE-2024-49896"
},
{
"category": "external",
"summary": "SUSE Bug 1232221 for CVE-2024-49896",
"url": "https://bugzilla.suse.com/1232221"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49896"
},
{
"cve": "CVE-2024-49897",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49897"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check phantom_stream before it is used\n\ndcn32_enable_phantom_stream can return null, so returned value\nmust be checked before used.\n\nThis fixes 1 NULL_RETURNS issue reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49897",
"url": "https://www.suse.com/security/cve/CVE-2024-49897"
},
{
"category": "external",
"summary": "SUSE Bug 1232355 for CVE-2024-49897",
"url": "https://bugzilla.suse.com/1232355"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49897"
},
{
"cve": "CVE-2024-49898",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49898"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check null-initialized variables\n\n[WHAT \u0026 HOW]\ndrr_timing and subvp_pipe are initialized to null and they are not\nalways assigned new values. It is necessary to check for null before\ndereferencing.\n\nThis fixes 2 FORWARD_NULL issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49898",
"url": "https://www.suse.com/security/cve/CVE-2024-49898"
},
{
"category": "external",
"summary": "SUSE Bug 1232222 for CVE-2024-49898",
"url": "https://bugzilla.suse.com/1232222"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49898"
},
{
"cve": "CVE-2024-49899",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49899"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Initialize denominators\u0027 default to 1\n\n[WHAT \u0026 HOW]\nVariables used as denominators and maybe not assigned to other values,\nshould not be 0. Change their default to 1 so they are never 0.\n\nThis fixes 10 DIVIDE_BY_ZERO issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49899",
"url": "https://www.suse.com/security/cve/CVE-2024-49899"
},
{
"category": "external",
"summary": "SUSE Bug 1232358 for CVE-2024-49899",
"url": "https://bugzilla.suse.com/1232358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49899"
},
{
"cve": "CVE-2024-49900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49900"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix uninit-value access of new_ea in ea_buffer\n\nsyzbot reports that lzo1x_1_do_compress is using uninit-value:\n\n=====================================================\nBUG: KMSAN: uninit-value in lzo1x_1_do_compress+0x19f9/0x2510 lib/lzo/lzo1x_compress.c:178\n\n...\n\nUninit was stored to memory at:\n ea_put fs/jfs/xattr.c:639 [inline]\n\n...\n\nLocal variable ea_buf created at:\n __jfs_setxattr+0x5d/0x1ae0 fs/jfs/xattr.c:662\n __jfs_xattr_set+0xe6/0x1f0 fs/jfs/xattr.c:934\n\n=====================================================\n\nThe reason is ea_buf-\u003enew_ea is not initialized properly.\n\nFix this by using memset to empty its content at the beginning\nin ea_get().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49900",
"url": "https://www.suse.com/security/cve/CVE-2024-49900"
},
{
"category": "external",
"summary": "SUSE Bug 1232359 for CVE-2024-49900",
"url": "https://bugzilla.suse.com/1232359"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49900"
},
{
"cve": "CVE-2024-49901",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49901"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/adreno: Assign msm_gpu-\u003epdev earlier to avoid nullptrs\n\nThere are some cases, such as the one uncovered by Commit 46d4efcccc68\n(\"drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails\")\nwhere\n\nmsm_gpu_cleanup() : platform_set_drvdata(gpu-\u003epdev, NULL);\n\nis called on gpu-\u003epdev == NULL, as the GPU device has not been fully\ninitialized yet.\n\nTurns out that there\u0027s more than just the aforementioned path that\ncauses this to happen (e.g. the case when there\u0027s speedbin data in the\ncatalog, but opp-supported-hw is missing in DT).\n\nAssigning msm_gpu-\u003epdev earlier seems like the least painful solution\nto this, therefore do so.\n\nPatchwork: https://patchwork.freedesktop.org/patch/602742/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49901",
"url": "https://www.suse.com/security/cve/CVE-2024-49901"
},
{
"category": "external",
"summary": "SUSE Bug 1232305 for CVE-2024-49901",
"url": "https://bugzilla.suse.com/1232305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49901"
},
{
"cve": "CVE-2024-49902",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49902"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: check if leafidx greater than num leaves per dmap tree\n\nsyzbot report a out of bounds in dbSplit, it because dmt_leafidx greater\nthan num leaves per dmap tree, add a checking for dmt_leafidx in dbFindLeaf.\n\nShaggy:\nModified sanity check to apply to control pages as well as leaf pages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49902",
"url": "https://www.suse.com/security/cve/CVE-2024-49902"
},
{
"category": "external",
"summary": "SUSE Bug 1232378 for CVE-2024-49902",
"url": "https://bugzilla.suse.com/1232378"
},
{
"category": "external",
"summary": "SUSE Bug 1232379 for CVE-2024-49902",
"url": "https://bugzilla.suse.com/1232379"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-49902"
},
{
"cve": "CVE-2024-49903",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49903"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix uaf in dbFreeBits\n\n[syzbot reported]\n==================================================================\nBUG: KASAN: slab-use-after-free in __mutex_lock_common kernel/locking/mutex.c:587 [inline]\nBUG: KASAN: slab-use-after-free in __mutex_lock+0xfe/0xd70 kernel/locking/mutex.c:752\nRead of size 8 at addr ffff8880229254b0 by task syz-executor357/5216\n\nCPU: 0 UID: 0 PID: 5216 Comm: syz-executor357 Not tainted 6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n __mutex_lock_common kernel/locking/mutex.c:587 [inline]\n __mutex_lock+0xfe/0xd70 kernel/locking/mutex.c:752\n dbFreeBits+0x7ea/0xd90 fs/jfs/jfs_dmap.c:2390\n dbFreeDmap fs/jfs/jfs_dmap.c:2089 [inline]\n dbFree+0x35b/0x680 fs/jfs/jfs_dmap.c:409\n dbDiscardAG+0x8a9/0xa20 fs/jfs/jfs_dmap.c:1650\n jfs_ioc_trim+0x433/0x670 fs/jfs/jfs_discard.c:100\n jfs_ioctl+0x2d0/0x3e0 fs/jfs/ioctl.c:131\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n\nFreed by task 5218:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579\n poison_slab_object+0xe0/0x150 mm/kasan/common.c:240\n __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256\n kasan_slab_free include/linux/kasan.h:184 [inline]\n slab_free_hook mm/slub.c:2252 [inline]\n slab_free mm/slub.c:4473 [inline]\n kfree+0x149/0x360 mm/slub.c:4594\n dbUnmount+0x11d/0x190 fs/jfs/jfs_dmap.c:278\n jfs_mount_rw+0x4ac/0x6a0 fs/jfs/jfs_mount.c:247\n jfs_remount+0x3d1/0x6b0 fs/jfs/super.c:454\n reconfigure_super+0x445/0x880 fs/super.c:1083\n vfs_cmd_reconfigure fs/fsopen.c:263 [inline]\n vfs_fsconfig_locked fs/fsopen.c:292 [inline]\n __do_sys_fsconfig fs/fsopen.c:473 [inline]\n __se_sys_fsconfig+0xb6e/0xf80 fs/fsopen.c:345\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n[Analysis]\nThere are two paths (dbUnmount and jfs_ioc_trim) that generate race\ncondition when accessing bmap, which leads to the occurrence of uaf.\n\nUse the lock s_umount to synchronize them, in order to avoid uaf caused\nby race condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49903",
"url": "https://www.suse.com/security/cve/CVE-2024-49903"
},
{
"category": "external",
"summary": "SUSE Bug 1232362 for CVE-2024-49903",
"url": "https://bugzilla.suse.com/1232362"
},
{
"category": "external",
"summary": "SUSE Bug 1233020 for CVE-2024-49903",
"url": "https://bugzilla.suse.com/1233020"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-49903"
},
{
"cve": "CVE-2024-49905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49905"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check for \u0027afb\u0027 in amdgpu_dm_plane_handle_cursor_update (v2)\n\nThis commit adds a null check for the \u0027afb\u0027 variable in the\namdgpu_dm_plane_handle_cursor_update function. Previously, \u0027afb\u0027 was\nassumed to be null, but was used later in the code without a null check.\nThis could potentially lead to a null pointer dereference.\n\nChanges since v1:\n- Moved the null check for \u0027afb\u0027 to the line where \u0027afb\u0027 is used. (Alex)\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_plane.c:1298 amdgpu_dm_plane_handle_cursor_update() error: we previously assumed \u0027afb\u0027 could be null (see line 1252)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49905",
"url": "https://www.suse.com/security/cve/CVE-2024-49905"
},
{
"category": "external",
"summary": "SUSE Bug 1232357 for CVE-2024-49905",
"url": "https://bugzilla.suse.com/1232357"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49905"
},
{
"cve": "CVE-2024-49906",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49906"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check null pointer before try to access it\n\n[why \u0026 how]\nChange the order of the pipe_ctx-\u003eplane_state check to ensure that\nplane_state is not null before accessing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49906",
"url": "https://www.suse.com/security/cve/CVE-2024-49906"
},
{
"category": "external",
"summary": "SUSE Bug 1232332 for CVE-2024-49906",
"url": "https://bugzilla.suse.com/1232332"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49906"
},
{
"cve": "CVE-2024-49907",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49907"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check null pointers before using dc-\u003eclk_mgr\n\n[WHY \u0026 HOW]\ndc-\u003eclk_mgr is null checked previously in the same function, indicating\nit might be null.\n\nPassing \"dc\" to \"dc-\u003ehwss.apply_idle_power_optimizations\", which\ndereferences null \"dc-\u003eclk_mgr\". (The function pointer resolves to\n\"dcn35_apply_idle_power_optimizations\".)\n\nThis fixes 1 FORWARD_NULL issue reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49907",
"url": "https://www.suse.com/security/cve/CVE-2024-49907"
},
{
"category": "external",
"summary": "SUSE Bug 1232334 for CVE-2024-49907",
"url": "https://bugzilla.suse.com/1232334"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49907"
},
{
"cve": "CVE-2024-49908",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49908"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check for \u0027afb\u0027 in amdgpu_dm_update_cursor (v2)\n\nThis commit adds a null check for the \u0027afb\u0027 variable in the\namdgpu_dm_update_cursor function. Previously, \u0027afb\u0027 was assumed to be\nnull at line 8388, but was used later in the code without a null check.\nThis could potentially lead to a null pointer dereference.\n\nChanges since v1:\n- Moved the null check for \u0027afb\u0027 to the line where \u0027afb\u0027 is used. (Alex)\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:8433 amdgpu_dm_update_cursor()\n\terror: we previously assumed \u0027afb\u0027 could be null (see line 8388)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49908",
"url": "https://www.suse.com/security/cve/CVE-2024-49908"
},
{
"category": "external",
"summary": "SUSE Bug 1232335 for CVE-2024-49908",
"url": "https://bugzilla.suse.com/1232335"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49908"
},
{
"cve": "CVE-2024-49909",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49909"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func\n\nThis commit adds a null check for the set_output_gamma function pointer\nin the dcn32_set_output_transfer_func function. Previously,\nset_output_gamma was being checked for null, but then it was being\ndereferenced without any null check. This could lead to a null pointer\ndereference if set_output_gamma is null.\n\nTo fix this, we now ensure that set_output_gamma is not null before\ndereferencing it. We do this by adding a null check for set_output_gamma\nbefore the call to set_output_gamma.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49909",
"url": "https://www.suse.com/security/cve/CVE-2024-49909"
},
{
"category": "external",
"summary": "SUSE Bug 1232337 for CVE-2024-49909",
"url": "https://bugzilla.suse.com/1232337"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49909"
},
{
"cve": "CVE-2024-49911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49911"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func\n\nThis commit adds a null check for the set_output_gamma function pointer\nin the dcn20_set_output_transfer_func function. Previously,\nset_output_gamma was being checked for null at line 1030, but then it\nwas being dereferenced without any null check at line 1048. This could\npotentially lead to a null pointer dereference error if set_output_gamma\nis null.\n\nTo fix this, we now ensure that set_output_gamma is not null before\ndereferencing it. We do this by adding a null check for set_output_gamma\nbefore the call to set_output_gamma at line 1048.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49911",
"url": "https://www.suse.com/security/cve/CVE-2024-49911"
},
{
"category": "external",
"summary": "SUSE Bug 1232366 for CVE-2024-49911",
"url": "https://bugzilla.suse.com/1232366"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49911"
},
{
"cve": "CVE-2024-49912",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49912"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Handle null \u0027stream_status\u0027 in \u0027planes_changed_for_existing_stream\u0027\n\nThis commit adds a null check for \u0027stream_status\u0027 in the function\n\u0027planes_changed_for_existing_stream\u0027. Previously, the code assumed\n\u0027stream_status\u0027 could be null, but did not handle the case where it was\nactually null. This could lead to a null pointer dereference.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_resource.c:3784 planes_changed_for_existing_stream() error: we previously assumed \u0027stream_status\u0027 could be null (see line 3774)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49912",
"url": "https://www.suse.com/security/cve/CVE-2024-49912"
},
{
"category": "external",
"summary": "SUSE Bug 1232367 for CVE-2024-49912",
"url": "https://bugzilla.suse.com/1232367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49912"
},
{
"cve": "CVE-2024-49913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49913"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream\n\nThis commit addresses a null pointer dereference issue in the\n`commit_planes_for_stream` function at line 4140. The issue could occur\nwhen `top_pipe_to_program` is null.\n\nThe fix adds a check to ensure `top_pipe_to_program` is not null before\naccessing its stream_res. This prevents a null pointer dereference.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/core/dc.c:4140 commit_planes_for_stream() error: we previously assumed \u0027top_pipe_to_program\u0027 could be null (see line 3906)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49913",
"url": "https://www.suse.com/security/cve/CVE-2024-49913"
},
{
"category": "external",
"summary": "SUSE Bug 1232307 for CVE-2024-49913",
"url": "https://bugzilla.suse.com/1232307"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49913"
},
{
"cve": "CVE-2024-49914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49914"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check for pipe_ctx-\u003eplane_state in dcn20_program_pipe\n\nThis commit addresses a null pointer dereference issue in the\n`dcn20_program_pipe` function. The issue could occur when\n`pipe_ctx-\u003eplane_state` is null.\n\nThe fix adds a check to ensure `pipe_ctx-\u003eplane_state` is not null\nbefore accessing. This prevents a null pointer dereference.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn20/dcn20_hwseq.c:1925 dcn20_program_pipe() error: we previously assumed \u0027pipe_ctx-\u003eplane_state\u0027 could be null (see line 1877)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49914",
"url": "https://www.suse.com/security/cve/CVE-2024-49914"
},
{
"category": "external",
"summary": "SUSE Bug 1232369 for CVE-2024-49914",
"url": "https://bugzilla.suse.com/1232369"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49914"
},
{
"cve": "CVE-2024-49917",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49917"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL check for clk_mgr and clk_mgr-\u003efuncs in dcn30_init_hw\n\nThis commit addresses a potential null pointer dereference issue in the\n`dcn30_init_hw` function. The issue could occur when `dc-\u003eclk_mgr` or\n`dc-\u003eclk_mgr-\u003efuncs` is null.\n\nThe fix adds a check to ensure `dc-\u003eclk_mgr` and `dc-\u003eclk_mgr-\u003efuncs` is\nnot null before accessing its functions. This prevents a potential null\npointer dereference.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:789 dcn30_init_hw() error: we previously assumed \u0027dc-\u003eclk_mgr\u0027 could be null (see line 628)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49917",
"url": "https://www.suse.com/security/cve/CVE-2024-49917"
},
{
"category": "external",
"summary": "SUSE Bug 1231965 for CVE-2024-49917",
"url": "https://bugzilla.suse.com/1231965"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49917"
},
{
"cve": "CVE-2024-49918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49918"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer\n\nThis commit addresses a potential null pointer dereference issue in the\n`dcn32_acquire_idle_pipe_for_head_pipe_in_layer` function. The issue\ncould occur when `head_pipe` is null.\n\nThe fix adds a check to ensure `head_pipe` is not null before asserting\nit. If `head_pipe` is null, the function returns NULL to prevent a\npotential null pointer dereference.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn32/dcn32_resource.c:2690 dcn32_acquire_idle_pipe_for_head_pipe_in_layer() error: we previously assumed \u0027head_pipe\u0027 could be null (see line 2681)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49918",
"url": "https://www.suse.com/security/cve/CVE-2024-49918"
},
{
"category": "external",
"summary": "SUSE Bug 1231967 for CVE-2024-49918",
"url": "https://bugzilla.suse.com/1231967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49918"
},
{
"cve": "CVE-2024-49919",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49919"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer\n\nThis commit addresses a potential null pointer dereference issue in the\n`dcn201_acquire_free_pipe_for_layer` function. The issue could occur\nwhen `head_pipe` is null.\n\nThe fix adds a check to ensure `head_pipe` is not null before asserting\nit. If `head_pipe` is null, the function returns NULL to prevent a\npotential null pointer dereference.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn201/dcn201_resource.c:1016 dcn201_acquire_free_pipe_for_layer() error: we previously assumed \u0027head_pipe\u0027 could be null (see line 1010)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49919",
"url": "https://www.suse.com/security/cve/CVE-2024-49919"
},
{
"category": "external",
"summary": "SUSE Bug 1231968 for CVE-2024-49919",
"url": "https://bugzilla.suse.com/1231968"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49919"
},
{
"cve": "CVE-2024-49920",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49920"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check null pointers before multiple uses\n\n[WHAT \u0026 HOW]\nPoniters, such as stream_enc and dc-\u003ebw_vbios, are null checked previously\nin the same function, so Coverity warns \"implies that stream_enc and\ndc-\u003ebw_vbios might be null\". They are used multiple times in the\nsubsequent code and need to be checked.\n\nThis fixes 10 FORWARD_NULL issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49920",
"url": "https://www.suse.com/security/cve/CVE-2024-49920"
},
{
"category": "external",
"summary": "SUSE Bug 1232313 for CVE-2024-49920",
"url": "https://bugzilla.suse.com/1232313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49920"
},
{
"cve": "CVE-2024-49921",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49921"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check null pointers before used\n\n[WHAT \u0026 HOW]\nPoniters, such as dc-\u003eclk_mgr, are null checked previously in the same\nfunction, so Coverity warns \"implies that \"dc-\u003eclk_mgr\" might be null\".\nAs a result, these pointers need to be checked when used again.\n\nThis fixes 10 FORWARD_NULL issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49921",
"url": "https://www.suse.com/security/cve/CVE-2024-49921"
},
{
"category": "external",
"summary": "SUSE Bug 1232371 for CVE-2024-49921",
"url": "https://bugzilla.suse.com/1232371"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49921"
},
{
"cve": "CVE-2024-49922",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49922"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check null pointers before using them\n\n[WHAT \u0026 HOW]\nThese pointers are null checked previously in the same function,\nindicating they might be null as reported by Coverity. As a result,\nthey need to be checked when used again.\n\nThis fixes 3 FORWARD_NULL issue reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49922",
"url": "https://www.suse.com/security/cve/CVE-2024-49922"
},
{
"category": "external",
"summary": "SUSE Bug 1232374 for CVE-2024-49922",
"url": "https://bugzilla.suse.com/1232374"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49922"
},
{
"cve": "CVE-2024-49923",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49923"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags\n\n[WHAT \u0026 HOW]\n\"dcn20_validate_apply_pipe_split_flags\" dereferences merge, and thus it\ncannot be a null pointer. Let\u0027s pass a valid pointer to avoid null\ndereference.\n\nThis fixes 2 FORWARD_NULL issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49923",
"url": "https://www.suse.com/security/cve/CVE-2024-49923"
},
{
"category": "external",
"summary": "SUSE Bug 1232361 for CVE-2024-49923",
"url": "https://bugzilla.suse.com/1232361"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49923"
},
{
"cve": "CVE-2024-49925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49925"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: efifb: Register sysfs groups through driver core\n\nThe driver core can register and cleanup sysfs groups already.\nMake use of that functionality to simplify the error handling and\ncleanup.\n\nAlso avoid a UAF race during unregistering where the sysctl attributes\nwere usable after the info struct was freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49925",
"url": "https://www.suse.com/security/cve/CVE-2024-49925"
},
{
"category": "external",
"summary": "SUSE Bug 1232224 for CVE-2024-49925",
"url": "https://bugzilla.suse.com/1232224"
},
{
"category": "external",
"summary": "SUSE Bug 1232225 for CVE-2024-49925",
"url": "https://bugzilla.suse.com/1232225"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49925"
},
{
"cve": "CVE-2024-49928",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49928"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: avoid reading out of bounds when loading TX power FW elements\n\nBecause the loop-expression will do one more time before getting false from\ncond-expression, the original code copied one more entry size beyond valid\nregion.\n\nFix it by moving the entry copy to loop-body.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49928",
"url": "https://www.suse.com/security/cve/CVE-2024-49928"
},
{
"category": "external",
"summary": "SUSE Bug 1232250 for CVE-2024-49928",
"url": "https://bugzilla.suse.com/1232250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49928"
},
{
"cve": "CVE-2024-49929",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49929"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: avoid NULL pointer dereference\n\niwl_mvm_tx_skb_sta() and iwl_mvm_tx_mpdu() verify that the mvmvsta\npointer is not NULL.\nIt retrieves this pointer using iwl_mvm_sta_from_mac80211, which is\ndereferencing the ieee80211_sta pointer.\nIf sta is NULL, iwl_mvm_sta_from_mac80211 will dereference a NULL\npointer.\nFix this by checking the sta pointer before retrieving the mvmsta\nfrom it. If sta is not NULL, then mvmsta isn\u0027t either.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49929",
"url": "https://www.suse.com/security/cve/CVE-2024-49929"
},
{
"category": "external",
"summary": "SUSE Bug 1232253 for CVE-2024-49929",
"url": "https://bugzilla.suse.com/1232253"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49929"
},
{
"cve": "CVE-2024-49930",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49930"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix array out-of-bound access in SoC stats\n\nCurrently, the ath11k_soc_dp_stats::hal_reo_error array is defined with a\nmaximum size of DP_REO_DST_RING_MAX. However, the ath11k_dp_process_rx()\nfunction access ath11k_soc_dp_stats::hal_reo_error using the REO\ndestination SRNG ring ID, which is incorrect. SRNG ring ID differ from\nnormal ring ID, and this usage leads to out-of-bounds array access. To fix\nthis issue, modify ath11k_dp_process_rx() to use the normal ring ID\ndirectly instead of the SRNG ring ID to avoid out-of-bounds array access.\n\nTested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49930",
"url": "https://www.suse.com/security/cve/CVE-2024-49930"
},
{
"category": "external",
"summary": "SUSE Bug 1232260 for CVE-2024-49930",
"url": "https://bugzilla.suse.com/1232260"
},
{
"category": "external",
"summary": "SUSE Bug 1232261 for CVE-2024-49930",
"url": "https://bugzilla.suse.com/1232261"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-49930"
},
{
"cve": "CVE-2024-49931",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49931"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix array out-of-bound access in SoC stats\n\nCurrently, the ath12k_soc_dp_stats::hal_reo_error array is defined with a\nmaximum size of DP_REO_DST_RING_MAX. However, the ath12k_dp_rx_process()\nfunction access ath12k_soc_dp_stats::hal_reo_error using the REO\ndestination SRNG ring ID, which is incorrect. SRNG ring ID differ from\nnormal ring ID, and this usage leads to out-of-bounds array access. To\nfix this issue, modify ath12k_dp_rx_process() to use the normal ring ID\ndirectly instead of the SRNG ring ID to avoid out-of-bounds array access.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49931",
"url": "https://www.suse.com/security/cve/CVE-2024-49931"
},
{
"category": "external",
"summary": "SUSE Bug 1232275 for CVE-2024-49931",
"url": "https://bugzilla.suse.com/1232275"
},
{
"category": "external",
"summary": "SUSE Bug 1232277 for CVE-2024-49931",
"url": "https://bugzilla.suse.com/1232277"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-49931"
},
{
"cve": "CVE-2024-49933",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49933"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk_iocost: fix more out of bound shifts\n\nRecently running UBSAN caught few out of bound shifts in the\nioc_forgive_debts() function:\n\nUBSAN: shift-out-of-bounds in block/blk-iocost.c:2142:38\nshift exponent 80 is too large for 64-bit type \u0027u64\u0027 (aka \u0027unsigned long\nlong\u0027)\n...\nUBSAN: shift-out-of-bounds in block/blk-iocost.c:2144:30\nshift exponent 80 is too large for 64-bit type \u0027u64\u0027 (aka \u0027unsigned long\nlong\u0027)\n...\nCall Trace:\n\u003cIRQ\u003e\ndump_stack_lvl+0xca/0x130\n__ubsan_handle_shift_out_of_bounds+0x22c/0x280\n? __lock_acquire+0x6441/0x7c10\nioc_timer_fn+0x6cec/0x7750\n? blk_iocost_init+0x720/0x720\n? call_timer_fn+0x5d/0x470\ncall_timer_fn+0xfa/0x470\n? blk_iocost_init+0x720/0x720\n__run_timer_base+0x519/0x700\n...\n\nActual impact of this issue was not identified but I propose to fix the\nundefined behaviour.\nThe proposed fix to prevent those out of bound shifts consist of\nprecalculating exponent before using it the shift operations by taking\nmin value from the actual exponent and maximum possible number of bits.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49933",
"url": "https://www.suse.com/security/cve/CVE-2024-49933"
},
{
"category": "external",
"summary": "SUSE Bug 1232368 for CVE-2024-49933",
"url": "https://bugzilla.suse.com/1232368"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49933"
},
{
"cve": "CVE-2024-49934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49934"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name\n\nIt\u0027s observed that a crash occurs during hot-remove a memory device,\nin which user is accessing the hugetlb. See calltrace as following:\n\n------------[ cut here ]------------\nWARNING: CPU: 1 PID: 14045 at arch/x86/mm/fault.c:1278 do_user_addr_fault+0x2a0/0x790\nModules linked in: kmem device_dax cxl_mem cxl_pmem cxl_port cxl_pci dax_hmem dax_pmem nd_pmem cxl_acpi nd_btt cxl_core crc32c_intel nvme virtiofs fuse nvme_core nfit libnvdimm dm_multipath scsi_dh_rdac scsi_dh_emc s\nmirror dm_region_hash dm_log dm_mod\nCPU: 1 PID: 14045 Comm: daxctl Not tainted 6.10.0-rc2-lizhijian+ #492\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nRIP: 0010:do_user_addr_fault+0x2a0/0x790\nCode: 48 8b 00 a8 04 0f 84 b5 fe ff ff e9 1c ff ff ff 4c 89 e9 4c 89 e2 be 01 00 00 00 bf 02 00 00 00 e8 b5 ef 24 00 e9 42 fe ff ff \u003c0f\u003e 0b 48 83 c4 08 4c 89 ea 48 89 ee 4c 89 e7 5b 5d 41 5c 41 5d 41\nRSP: 0000:ffffc90000a575f0 EFLAGS: 00010046\nRAX: ffff88800c303600 RBX: 0000000000000000 RCX: 0000000000000000\nRDX: 0000000000001000 RSI: ffffffff82504162 RDI: ffffffff824b2c36\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffc90000a57658\nR13: 0000000000001000 R14: ffff88800bc2e040 R15: 0000000000000000\nFS: 00007f51cb57d880(0000) GS:ffff88807fd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000001000 CR3: 00000000072e2004 CR4: 00000000001706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? __warn+0x8d/0x190\n ? do_user_addr_fault+0x2a0/0x790\n ? report_bug+0x1c3/0x1d0\n ? handle_bug+0x3c/0x70\n ? exc_invalid_op+0x14/0x70\n ? asm_exc_invalid_op+0x16/0x20\n ? do_user_addr_fault+0x2a0/0x790\n ? exc_page_fault+0x31/0x200\n exc_page_fault+0x68/0x200\n\u003c...snip...\u003e\nBUG: unable to handle page fault for address: 0000000000001000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 800000000ad92067 P4D 800000000ad92067 PUD 7677067 PMD 0\n Oops: Oops: 0000 [#1] PREEMPT SMP PTI\n ---[ end trace 0000000000000000 ]---\n BUG: unable to handle page fault for address: 0000000000001000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 800000000ad92067 P4D 800000000ad92067 PUD 7677067 PMD 0\n Oops: Oops: 0000 [#1] PREEMPT SMP PTI\n CPU: 1 PID: 14045 Comm: daxctl Kdump: loaded Tainted: G W 6.10.0-rc2-lizhijian+ #492\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n RIP: 0010:dentry_name+0x1f4/0x440\n\u003c...snip...\u003e\n? dentry_name+0x2fa/0x440\nvsnprintf+0x1f3/0x4f0\nvprintk_store+0x23a/0x540\nvprintk_emit+0x6d/0x330\n_printk+0x58/0x80\ndump_mapping+0x10b/0x1a0\n? __pfx_free_object_rcu+0x10/0x10\n__dump_page+0x26b/0x3e0\n? vprintk_emit+0xe0/0x330\n? _printk+0x58/0x80\n? dump_page+0x17/0x50\ndump_page+0x17/0x50\ndo_migrate_range+0x2f7/0x7f0\n? do_migrate_range+0x42/0x7f0\n? offline_pages+0x2f4/0x8c0\noffline_pages+0x60a/0x8c0\nmemory_subsys_offline+0x9f/0x1c0\n? lockdep_hardirqs_on+0x77/0x100\n? _raw_spin_unlock_irqrestore+0x38/0x60\ndevice_offline+0xe3/0x110\nstate_store+0x6e/0xc0\nkernfs_fop_write_iter+0x143/0x200\nvfs_write+0x39f/0x560\nksys_write+0x65/0xf0\ndo_syscall_64+0x62/0x130\n\nPreviously, some sanity check have been done in dump_mapping() before\nthe print facility parsing \u0027%pd\u0027 though, it\u0027s still possible to run into\nan invalid dentry.d_name.name.\n\nSince dump_mapping() only needs to dump the filename only, retrieve it\nby itself in a safer way to prevent an unnecessary crash.\n\nNote that either retrieving the filename with \u0027%pd\u0027 or\nstrncpy_from_kernel_nofault(), the filename could be unreliable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49934",
"url": "https://www.suse.com/security/cve/CVE-2024-49934"
},
{
"category": "external",
"summary": "SUSE Bug 1232387 for CVE-2024-49934",
"url": "https://bugzilla.suse.com/1232387"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49934"
},
{
"cve": "CVE-2024-49935",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49935"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: PAD: fix crash in exit_round_robin()\n\nThe kernel occasionally crashes in cpumask_clear_cpu(), which is called\nwithin exit_round_robin(), because when executing clear_bit(nr, addr) with\nnr set to 0xffffffff, the address calculation may cause misalignment within\nthe memory, leading to access to an invalid memory address.\n\n----------\nBUG: unable to handle kernel paging request at ffffffffe0740618\n ...\nCPU: 3 PID: 2919323 Comm: acpi_pad/14 Kdump: loaded Tainted: G OE X --------- - - 4.18.0-425.19.2.el8_7.x86_64 #1\n ...\nRIP: 0010:power_saving_thread+0x313/0x411 [acpi_pad]\nCode: 89 cd 48 89 d3 eb d1 48 c7 c7 55 70 72 c0 e8 64 86 b0 e4 c6 05 0d a1 02 00 01 e9 bc fd ff ff 45 89 e4 42 8b 04 a5 20 82 72 c0 \u003cf0\u003e 48 0f b3 05 f4 9c 01 00 42 c7 04 a5 20 82 72 c0 ff ff ff ff 31\nRSP: 0018:ff72a5d51fa77ec8 EFLAGS: 00010202\nRAX: 00000000ffffffff RBX: ff462981e5d8cb80 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000246 RDI: 0000000000000246\nRBP: ff46297556959d80 R08: 0000000000000382 R09: ff46297c8d0f38d8\nR10: 0000000000000000 R11: 0000000000000001 R12: 000000000000000e\nR13: 0000000000000000 R14: ffffffffffffffff R15: 000000000000000e\nFS: 0000000000000000(0000) GS:ff46297a800c0000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffffffffe0740618 CR3: 0000007e20410004 CR4: 0000000000771ee0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n ? acpi_pad_add+0x120/0x120 [acpi_pad]\n kthread+0x10b/0x130\n ? set_kthread_struct+0x50/0x50\n ret_from_fork+0x1f/0x40\n ...\nCR2: ffffffffe0740618\n\ncrash\u003e dis -lr ffffffffc0726923\n ...\n/usr/src/debug/kernel-4.18.0-425.19.2.el8_7/linux-4.18.0-425.19.2.el8_7.x86_64/./include/linux/cpumask.h: 114\n0xffffffffc0726918 \u003cpower_saving_thread+776\u003e:\tmov %r12d,%r12d\n/usr/src/debug/kernel-4.18.0-425.19.2.el8_7/linux-4.18.0-425.19.2.el8_7.x86_64/./include/linux/cpumask.h: 325\n0xffffffffc072691b \u003cpower_saving_thread+779\u003e:\tmov -0x3f8d7de0(,%r12,4),%eax\n/usr/src/debug/kernel-4.18.0-425.19.2.el8_7/linux-4.18.0-425.19.2.el8_7.x86_64/./arch/x86/include/asm/bitops.h: 80\n0xffffffffc0726923 \u003cpower_saving_thread+787\u003e:\tlock btr %rax,0x19cf4(%rip) # 0xffffffffc0740620 \u003cpad_busy_cpus_bits\u003e\n\ncrash\u003e px tsk_in_cpu[14]\n$66 = 0xffffffff\n\ncrash\u003e px 0xffffffffc072692c+0x19cf4\n$99 = 0xffffffffc0740620\n\ncrash\u003e sym 0xffffffffc0740620\nffffffffc0740620 (b) pad_busy_cpus_bits [acpi_pad]\n\ncrash\u003e px pad_busy_cpus_bits[0]\n$42 = 0xfffc0\n----------\n\nTo fix this, ensure that tsk_in_cpu[tsk_index] != -1 before calling\ncpumask_clear_cpu() in exit_round_robin(), just as it is done in\nround_robin_cpu().\n\n[ rjw: Subject edit, avoid updates to the same value ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49935",
"url": "https://www.suse.com/security/cve/CVE-2024-49935"
},
{
"category": "external",
"summary": "SUSE Bug 1232370 for CVE-2024-49935",
"url": "https://bugzilla.suse.com/1232370"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49935"
},
{
"cve": "CVE-2024-49936",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49936"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/xen-netback: prevent UAF in xenvif_flush_hash()\n\nDuring the list_for_each_entry_rcu iteration call of xenvif_flush_hash,\nkfree_rcu does not exist inside the rcu read critical section, so if\nkfree_rcu is called when the rcu grace period ends during the iteration,\nUAF occurs when accessing head-\u003enext after the entry becomes free.\n\nTherefore, to solve this, you need to change it to list_for_each_entry_safe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49936",
"url": "https://www.suse.com/security/cve/CVE-2024-49936"
},
{
"category": "external",
"summary": "SUSE Bug 1232424 for CVE-2024-49936",
"url": "https://bugzilla.suse.com/1232424"
},
{
"category": "external",
"summary": "SUSE Bug 1232426 for CVE-2024-49936",
"url": "https://bugzilla.suse.com/1232426"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-49936"
},
{
"cve": "CVE-2024-49937",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49937"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: Set correct chandef when starting CAC\n\nWhen starting CAC in a mode other than AP mode, it return a\n\"WARNING: CPU: 0 PID: 63 at cfg80211_chandef_dfs_usable+0x20/0xaf [cfg80211]\"\ncaused by the chandef.chan being null at the end of CAC.\n\nSolution: Ensure the channel definition is set for the different modes\nwhen starting CAC to avoid getting a NULL \u0027chan\u0027 at the end of CAC.\n\n Call Trace:\n ? show_regs.part.0+0x14/0x16\n ? __warn+0x67/0xc0\n ? cfg80211_chandef_dfs_usable+0x20/0xaf [cfg80211]\n ? report_bug+0xa7/0x130\n ? exc_overflow+0x30/0x30\n ? handle_bug+0x27/0x50\n ? exc_invalid_op+0x18/0x60\n ? handle_exception+0xf6/0xf6\n ? exc_overflow+0x30/0x30\n ? cfg80211_chandef_dfs_usable+0x20/0xaf [cfg80211]\n ? exc_overflow+0x30/0x30\n ? cfg80211_chandef_dfs_usable+0x20/0xaf [cfg80211]\n ? regulatory_propagate_dfs_state.cold+0x1b/0x4c [cfg80211]\n ? cfg80211_propagate_cac_done_wk+0x1a/0x30 [cfg80211]\n ? process_one_work+0x165/0x280\n ? worker_thread+0x120/0x3f0\n ? kthread+0xc2/0xf0\n ? process_one_work+0x280/0x280\n ? kthread_complete_and_exit+0x20/0x20\n ? ret_from_fork+0x19/0x24\n\n[shorten subject, remove OCB, reorder cases to match previous list]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49937",
"url": "https://www.suse.com/security/cve/CVE-2024-49937"
},
{
"category": "external",
"summary": "SUSE Bug 1232427 for CVE-2024-49937",
"url": "https://bugzilla.suse.com/1232427"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49937"
},
{
"cve": "CVE-2024-49938",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49938"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit\n\nSyzbot points out that skb_trim() has a sanity check on the existing length of\nthe skb, which can be uninitialised in some error paths. The intent here is\nclearly just to reset the length to zero before resubmitting, so switch to\ncalling __skb_set_length(skb, 0) directly. In addition, __skb_set_length()\nalready contains a call to skb_reset_tail_pointer(), so remove the redundant\ncall.\n\nThe syzbot report came from ath9k_hif_usb_reg_in_cb(), but there\u0027s a similar\nusage of skb_trim() in ath9k_hif_usb_rx_cb(), change both while we\u0027re at it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49938",
"url": "https://www.suse.com/security/cve/CVE-2024-49938"
},
{
"category": "external",
"summary": "SUSE Bug 1232552 for CVE-2024-49938",
"url": "https://bugzilla.suse.com/1232552"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49938"
},
{
"cve": "CVE-2024-49939",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49939"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: avoid to add interface to list twice when SER\n\nIf SER L2 occurs during the WoWLAN resume flow, the add interface flow\nis triggered by ieee80211_reconfig(). However, due to\nrtw89_wow_resume() return failure, it will cause the add interface flow\nto be executed again, resulting in a double add list and causing a kernel\npanic. Therefore, we have added a check to prevent double adding of the\nlist.\n\nlist_add double add: new=ffff99d6992e2010, prev=ffff99d6992e2010, next=ffff99d695302628.\n------------[ cut here ]------------\nkernel BUG at lib/list_debug.c:37!\ninvalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 0 PID: 9 Comm: kworker/0:1 Tainted: G W O 6.6.30-02659-gc18865c4dfbd #1 770df2933251a0e3c888ba69d1053a817a6376a7\nHardware name: HP Grunt/Grunt, BIOS Google_Grunt.11031.169.0 06/24/2021\nWorkqueue: events_freezable ieee80211_restart_work [mac80211]\nRIP: 0010:__list_add_valid_or_report+0x5e/0xb0\nCode: c7 74 18 48 39 ce 74 13 b0 01 59 5a 5e 5f 41 58 41 59 41 5a 5d e9 e2 d6 03 00 cc 48 c7 c7 8d 4f 17 83 48 89 c2 e8 02 c0 00 00 \u003c0f\u003e 0b 48 c7 c7 aa 8c 1c 83 e8 f4 bf 00 00 0f 0b 48 c7 c7 c8 bc 12\nRSP: 0018:ffffa91b8007bc50 EFLAGS: 00010246\nRAX: 0000000000000058 RBX: ffff99d6992e0900 RCX: a014d76c70ef3900\nRDX: ffffa91b8007bae8 RSI: 00000000ffffdfff RDI: 0000000000000001\nRBP: ffffa91b8007bc88 R08: 0000000000000000 R09: ffffa91b8007bae0\nR10: 00000000ffffdfff R11: ffffffff83a79800 R12: ffff99d695302060\nR13: ffff99d695300900 R14: ffff99d6992e1be0 R15: ffff99d6992e2010\nFS: 0000000000000000(0000) GS:ffff99d6aac00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000078fbdba43480 CR3: 000000010e464000 CR4: 00000000001506f0\nCall Trace:\n \u003cTASK\u003e\n ? __die_body+0x1f/0x70\n ? die+0x3d/0x60\n ? do_trap+0xa4/0x110\n ? __list_add_valid_or_report+0x5e/0xb0\n ? do_error_trap+0x6d/0x90\n ? __list_add_valid_or_report+0x5e/0xb0\n ? handle_invalid_op+0x30/0x40\n ? __list_add_valid_or_report+0x5e/0xb0\n ? exc_invalid_op+0x3c/0x50\n ? asm_exc_invalid_op+0x16/0x20\n ? __list_add_valid_or_report+0x5e/0xb0\n rtw89_ops_add_interface+0x309/0x310 [rtw89_core 7c32b1ee6854761c0321027c8a58c5160e41f48f]\n drv_add_interface+0x5c/0x130 [mac80211 83e989e6e616bd5b4b8a2b0a9f9352a2c385a3bc]\n ieee80211_reconfig+0x241/0x13d0 [mac80211 83e989e6e616bd5b4b8a2b0a9f9352a2c385a3bc]\n ? finish_wait+0x3e/0x90\n ? synchronize_rcu_expedited+0x174/0x260\n ? sync_rcu_exp_done_unlocked+0x50/0x50\n ? wake_bit_function+0x40/0x40\n ieee80211_restart_work+0xf0/0x140 [mac80211 83e989e6e616bd5b4b8a2b0a9f9352a2c385a3bc]\n process_scheduled_works+0x1e5/0x480\n worker_thread+0xea/0x1e0\n kthread+0xdb/0x110\n ? move_linked_works+0x90/0x90\n ? kthread_associate_blkcg+0xa0/0xa0\n ret_from_fork+0x3b/0x50\n ? kthread_associate_blkcg+0xa0/0xa0\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e\nModules linked in: dm_integrity async_xor xor async_tx lz4 lz4_compress zstd zstd_compress zram zsmalloc rfcomm cmac uinput algif_hash algif_skcipher af_alg btusb btrtl iio_trig_hrtimer industrialio_sw_trigger btmtk industrialio_configfs btbcm btintel uvcvideo videobuf2_vmalloc iio_trig_sysfs videobuf2_memops videobuf2_v4l2 videobuf2_common uvc snd_hda_codec_hdmi veth snd_hda_intel snd_intel_dspcfg acpi_als snd_hda_codec industrialio_triggered_buffer kfifo_buf snd_hwdep industrialio i2c_piix4 snd_hda_core designware_i2s ip6table_nat snd_soc_max98357a xt_MASQUERADE xt_cgroup snd_soc_acp_rt5682_mach fuse rtw89_8922ae(O) rtw89_8922a(O) rtw89_pci(O) rtw89_core(O) 8021q mac80211(O) bluetooth ecdh_generic ecc cfg80211 r8152 mii joydev\ngsmi: Log Shutdown Reason 0x03\n---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49939",
"url": "https://www.suse.com/security/cve/CVE-2024-49939"
},
{
"category": "external",
"summary": "SUSE Bug 1232381 for CVE-2024-49939",
"url": "https://bugzilla.suse.com/1232381"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49939"
},
{
"cve": "CVE-2024-49944",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49944"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start\n\nIn sctp_listen_start() invoked by sctp_inet_listen(), it should set the\nsk_state back to CLOSED if sctp_autobind() fails due to whatever reason.\n\nOtherwise, next time when calling sctp_inet_listen(), if sctp_sk(sk)-\u003ereuse\nis already set via setsockopt(SCTP_REUSE_PORT), sctp_sk(sk)-\u003ebind_hash will\nbe dereferenced as sk_state is LISTENING, which causes a crash as bind_hash\nis NULL.\n\n KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\n RIP: 0010:sctp_inet_listen+0x7f0/0xa20 net/sctp/socket.c:8617\n Call Trace:\n \u003cTASK\u003e\n __sys_listen_socket net/socket.c:1883 [inline]\n __sys_listen+0x1b7/0x230 net/socket.c:1894\n __do_sys_listen net/socket.c:1902 [inline]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49944",
"url": "https://www.suse.com/security/cve/CVE-2024-49944"
},
{
"category": "external",
"summary": "SUSE Bug 1232166 for CVE-2024-49944",
"url": "https://bugzilla.suse.com/1232166"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49944"
},
{
"cve": "CVE-2024-49945",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49945"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/ncsi: Disable the ncsi work before freeing the associated structure\n\nThe work function can run after the ncsi device is freed, resulting\nin use-after-free bugs or kernel panic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49945",
"url": "https://www.suse.com/security/cve/CVE-2024-49945"
},
{
"category": "external",
"summary": "SUSE Bug 1232165 for CVE-2024-49945",
"url": "https://bugzilla.suse.com/1232165"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49945"
},
{
"cve": "CVE-2024-49946",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49946"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: do not assume bh is held in ppp_channel_bridge_input()\n\nNetworking receive path is usually handled from BH handler.\nHowever, some protocols need to acquire the socket lock, and\npackets might be stored in the socket backlog is the socket was\nowned by a user process.\n\nIn this case, release_sock(), __release_sock(), and sk_backlog_rcv()\nmight call the sk-\u003esk_backlog_rcv() handler in process context.\n\nsybot caught ppp was not considering this case in\nppp_channel_bridge_input() :\n\nWARNING: inconsistent lock state\n6.11.0-rc7-syzkaller-g5f5673607153 #0 Not tainted\n--------------------------------\ninconsistent {SOFTIRQ-ON-W} -\u003e {IN-SOFTIRQ-W} usage.\nksoftirqd/1/24 [HC0[0]:SC1[1]:HE1:SE0] takes:\n ffff0000db7f11e0 (\u0026pch-\u003edownl){+.?.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]\n ffff0000db7f11e0 (\u0026pch-\u003edownl){+.?.}-{2:2}, at: ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2272 [inline]\n ffff0000db7f11e0 (\u0026pch-\u003edownl){+.?.}-{2:2}, at: ppp_input+0x16c/0x854 drivers/net/ppp/ppp_generic.c:2304\n{SOFTIRQ-ON-W} state was registered at:\n lock_acquire+0x240/0x728 kernel/locking/lockdep.c:5759\n __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]\n _raw_spin_lock+0x48/0x60 kernel/locking/spinlock.c:154\n spin_lock include/linux/spinlock.h:351 [inline]\n ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2272 [inline]\n ppp_input+0x16c/0x854 drivers/net/ppp/ppp_generic.c:2304\n pppoe_rcv_core+0xfc/0x314 drivers/net/ppp/pppoe.c:379\n sk_backlog_rcv include/net/sock.h:1111 [inline]\n __release_sock+0x1a8/0x3d8 net/core/sock.c:3004\n release_sock+0x68/0x1b8 net/core/sock.c:3558\n pppoe_sendmsg+0xc8/0x5d8 drivers/net/ppp/pppoe.c:903\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n __sys_sendto+0x374/0x4f4 net/socket.c:2204\n __do_sys_sendto net/socket.c:2216 [inline]\n __se_sys_sendto net/socket.c:2212 [inline]\n __arm64_sys_sendto+0xd8/0xf8 net/socket.c:2212\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712\n el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730\n el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598\nirq event stamp: 282914\n hardirqs last enabled at (282914): [\u003cffff80008b42e30c\u003e] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]\n hardirqs last enabled at (282914): [\u003cffff80008b42e30c\u003e] _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:194\n hardirqs last disabled at (282913): [\u003cffff80008b42e13c\u003e] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline]\n hardirqs last disabled at (282913): [\u003cffff80008b42e13c\u003e] _raw_spin_lock_irqsave+0x2c/0x7c kernel/locking/spinlock.c:162\n softirqs last enabled at (282904): [\u003cffff8000801f8e88\u003e] softirq_handle_end kernel/softirq.c:400 [inline]\n softirqs last enabled at (282904): [\u003cffff8000801f8e88\u003e] handle_softirqs+0xa3c/0xbfc kernel/softirq.c:582\n softirqs last disabled at (282909): [\u003cffff8000801fbdf8\u003e] run_ksoftirqd+0x70/0x158 kernel/softirq.c:928\n\nother info that might help us debug this:\n Possible unsafe locking scenario:\n\n CPU0\n ----\n lock(\u0026pch-\u003edownl);\n \u003cInterrupt\u003e\n lock(\u0026pch-\u003edownl);\n\n *** DEADLOCK ***\n\n1 lock held by ksoftirqd/1/24:\n #0: ffff80008f74dfa0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:325\n\nstack backtrace:\nCPU: 1 UID: 0 PID: 24 Comm: ksoftirqd/1 Not tainted 6.11.0-rc7-syzkaller-g5f5673607153 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall trace:\n dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:319\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:326\n __dump_sta\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49946",
"url": "https://www.suse.com/security/cve/CVE-2024-49946"
},
{
"category": "external",
"summary": "SUSE Bug 1232164 for CVE-2024-49946",
"url": "https://bugzilla.suse.com/1232164"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49946"
},
{
"cve": "CVE-2024-49947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49947"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: test for not too small csum_start in virtio_net_hdr_to_skb()\n\nsyzbot was able to trigger this warning [1], after injecting a\nmalicious packet through af_packet, setting skb-\u003ecsum_start and thus\nthe transport header to an incorrect value.\n\nWe can at least make sure the transport header is after\nthe end of the network header (with a estimated minimal size).\n\n[1]\n[ 67.873027] skb len=4096 headroom=16 headlen=14 tailroom=0\nmac=(-1,-1) mac_len=0 net=(16,-6) trans=10\nshinfo(txflags=0 nr_frags=1 gso(size=0 type=0 segs=0))\ncsum(0xa start=10 offset=0 ip_summed=3 complete_sw=0 valid=0 level=0)\nhash(0x0 sw=0 l4=0) proto=0x0800 pkttype=0 iif=0\npriority=0x0 mark=0x0 alloc_cpu=10 vlan_all=0x0\nencapsulation=0 inner(proto=0x0000, mac=0, net=0, trans=0)\n[ 67.877172] dev name=veth0_vlan feat=0x000061164fdd09e9\n[ 67.877764] sk family=17 type=3 proto=0\n[ 67.878279] skb linear: 00000000: 00 00 10 00 00 00 00 00 0f 00 00 00 08 00\n[ 67.879128] skb frag: 00000000: 0e 00 07 00 00 00 28 00 08 80 1c 00 04 00 00 02\n[ 67.879877] skb frag: 00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.880647] skb frag: 00000020: 00 00 02 00 00 00 08 00 1b 00 00 00 00 00 00 00\n[ 67.881156] skb frag: 00000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.881753] skb frag: 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.882173] skb frag: 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.882790] skb frag: 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.883171] skb frag: 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.883733] skb frag: 00000080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.884206] skb frag: 00000090: 00 00 00 00 00 00 00 00 00 00 69 70 76 6c 61 6e\n[ 67.884704] skb frag: 000000a0: 31 00 00 00 00 00 00 00 00 00 2b 00 00 00 00 00\n[ 67.885139] skb frag: 000000b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.885677] skb frag: 000000c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.886042] skb frag: 000000d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.886408] skb frag: 000000e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.887020] skb frag: 000000f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.887384] skb frag: 00000100: 00 00\n[ 67.887878] ------------[ cut here ]------------\n[ 67.887908] offset (-6) \u003e= skb_headlen() (14)\n[ 67.888445] WARNING: CPU: 10 PID: 2088 at net/core/dev.c:3332 skb_checksum_help (net/core/dev.c:3332 (discriminator 2))\n[ 67.889353] Modules linked in: macsec macvtap macvlan hsr wireguard curve25519_x86_64 libcurve25519_generic libchacha20poly1305 chacha_x86_64 libchacha poly1305_x86_64 dummy bridge sr_mod cdrom evdev pcspkr i2c_piix4 9pnet_virtio 9p 9pnet netfs\n[ 67.890111] CPU: 10 UID: 0 PID: 2088 Comm: b363492833 Not tainted 6.11.0-virtme #1011\n[ 67.890183] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 67.890309] RIP: 0010:skb_checksum_help (net/core/dev.c:3332 (discriminator 2))\n[ 67.891043] Call Trace:\n[ 67.891173] \u003cTASK\u003e\n[ 67.891274] ? __warn (kernel/panic.c:741)\n[ 67.891320] ? skb_checksum_help (net/core/dev.c:3332 (discriminator 2))\n[ 67.891333] ? report_bug (lib/bug.c:180 lib/bug.c:219)\n[ 67.891348] ? handle_bug (arch/x86/kernel/traps.c:239)\n[ 67.891363] ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminator 1))\n[ 67.891372] ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621)\n[ 67.891388] ? skb_checksum_help (net/core/dev.c:3332 (discriminator 2))\n[ 67.891399] ? skb_checksum_help (net/core/dev.c:3332 (discriminator 2))\n[ 67.891416] ip_do_fragment (net/ipv4/ip_output.c:777 (discriminator 1))\n[ 67.891448] ? __ip_local_out (./include/linux/skbuff.h:1146 ./include/net/l3mdev.h:196 ./include/net/l3mdev.h:213 ne\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49947",
"url": "https://www.suse.com/security/cve/CVE-2024-49947"
},
{
"category": "external",
"summary": "SUSE Bug 1232162 for CVE-2024-49947",
"url": "https://bugzilla.suse.com/1232162"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49947"
},
{
"cve": "CVE-2024-49949",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49949"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: avoid potential underflow in qdisc_pkt_len_init() with UFO\n\nAfter commit 7c6d2ecbda83 (\"net: be more gentle about silly gso\nrequests coming from user\") virtio_net_hdr_to_skb() had sanity check\nto detect malicious attempts from user space to cook a bad GSO packet.\n\nThen commit cf9acc90c80ec (\"net: virtio_net_hdr_to_skb: count\ntransport header in UFO\") while fixing one issue, allowed user space\nto cook a GSO packet with the following characteristic :\n\nIPv4 SKB_GSO_UDP, gso_size=3, skb-\u003elen = 28.\n\nWhen this packet arrives in qdisc_pkt_len_init(), we end up\nwith hdr_len = 28 (IPv4 header + UDP header), matching skb-\u003elen\n\nThen the following sets gso_segs to 0 :\n\ngso_segs = DIV_ROUND_UP(skb-\u003elen - hdr_len,\n shinfo-\u003egso_size);\n\nThen later we set qdisc_skb_cb(skb)-\u003epkt_len to back to zero :/\n\nqdisc_skb_cb(skb)-\u003epkt_len += (gso_segs - 1) * hdr_len;\n\nThis leads to the following crash in fq_codel [1]\n\nqdisc_pkt_len_init() is best effort, we only want an estimation\nof the bytes sent on the wire, not crashing the kernel.\n\nThis patch is fixing this particular issue, a following one\nadds more sanity checks for another potential bug.\n\n[1]\n[ 70.724101] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 70.724561] #PF: supervisor read access in kernel mode\n[ 70.724561] #PF: error_code(0x0000) - not-present page\n[ 70.724561] PGD 10ac61067 P4D 10ac61067 PUD 107ee2067 PMD 0\n[ 70.724561] Oops: Oops: 0000 [#1] SMP NOPTI\n[ 70.724561] CPU: 11 UID: 0 PID: 2163 Comm: b358537762 Not tainted 6.11.0-virtme #991\n[ 70.724561] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 70.724561] RIP: 0010:fq_codel_enqueue (net/sched/sch_fq_codel.c:120 net/sched/sch_fq_codel.c:168 net/sched/sch_fq_codel.c:230) sch_fq_codel\n[ 70.724561] Code: 24 08 49 c1 e1 06 44 89 7c 24 18 45 31 ed 45 31 c0 31 ff 89 44 24 14 4c 03 8b 90 01 00 00 eb 04 39 ca 73 37 4d 8b 39 83 c7 01 \u003c49\u003e 8b 17 49 89 11 41 8b 57 28 45 8b 5f 34 49 c7 07 00 00 00 00 49\nAll code\n========\n 0:\t24 08 \tand $0x8,%al\n 2:\t49 c1 e1 06 \tshl $0x6,%r9\n 6:\t44 89 7c 24 18 \tmov %r15d,0x18(%rsp)\n b:\t45 31 ed \txor %r13d,%r13d\n e:\t45 31 c0 \txor %r8d,%r8d\n 11:\t31 ff \txor %edi,%edi\n 13:\t89 44 24 14 \tmov %eax,0x14(%rsp)\n 17:\t4c 03 8b 90 01 00 00 \tadd 0x190(%rbx),%r9\n 1e:\teb 04 \tjmp 0x24\n 20:\t39 ca \tcmp %ecx,%edx\n 22:\t73 37 \tjae 0x5b\n 24:\t4d 8b 39 \tmov (%r9),%r15\n 27:\t83 c7 01 \tadd $0x1,%edi\n 2a:*\t49 8b 17 \tmov (%r15),%rdx\t\t\u003c-- trapping instruction\n 2d:\t49 89 11 \tmov %rdx,(%r9)\n 30:\t41 8b 57 28 \tmov 0x28(%r15),%edx\n 34:\t45 8b 5f 34 \tmov 0x34(%r15),%r11d\n 38:\t49 c7 07 00 00 00 00 \tmovq $0x0,(%r15)\n 3f:\t49 \trex.WB\n\nCode starting with the faulting instruction\n===========================================\n 0:\t49 8b 17 \tmov (%r15),%rdx\n 3:\t49 89 11 \tmov %rdx,(%r9)\n 6:\t41 8b 57 28 \tmov 0x28(%r15),%edx\n a:\t45 8b 5f 34 \tmov 0x34(%r15),%r11d\n e:\t49 c7 07 00 00 00 00 \tmovq $0x0,(%r15)\n 15:\t49 \trex.WB\n[ 70.724561] RSP: 0018:ffff95ae85e6fb90 EFLAGS: 00000202\n[ 70.724561] RAX: 0000000002000000 RBX: ffff95ae841de000 RCX: 0000000000000000\n[ 70.724561] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001\n[ 70.724561] RBP: ffff95ae85e6fbf8 R08: 0000000000000000 R09: ffff95b710a30000\n[ 70.724561] R10: 0000000000000000 R11: bdf289445ce31881 R12: ffff95ae85e6fc58\n[ 70.724561] R13: 0000000000000000 R14: 0000000000000040 R15: 0000000000000000\n[ 70.724561] FS: 000000002c5c1380(0000) GS:ffff95bd7fcc0000(0000) knlGS:0000000000000000\n[ 70.724561] CS: 0010 DS: 0000 ES: 0000 C\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49949",
"url": "https://www.suse.com/security/cve/CVE-2024-49949"
},
{
"category": "external",
"summary": "SUSE Bug 1232160 for CVE-2024-49949",
"url": "https://bugzilla.suse.com/1232160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49949"
},
{
"cve": "CVE-2024-49950",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49950"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix uaf in l2cap_connect\n\n[Syzbot reported]\nBUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\nRead of size 8 at addr ffff8880241e9800 by task kworker/u9:0/54\n\nCPU: 0 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.11.0-rc6-syzkaller-00268-g788220eee30d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nWorkqueue: hci2 hci_rx_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\n l2cap_connect_req net/bluetooth/l2cap_core.c:4080 [inline]\n l2cap_bredr_sig_cmd net/bluetooth/l2cap_core.c:4772 [inline]\n l2cap_sig_channel net/bluetooth/l2cap_core.c:5543 [inline]\n l2cap_recv_frame+0xf0b/0x8eb0 net/bluetooth/l2cap_core.c:6825\n l2cap_recv_acldata+0x9b4/0xb70 net/bluetooth/l2cap_core.c:7514\n hci_acldata_packet net/bluetooth/hci_core.c:3791 [inline]\n hci_rx_work+0xaab/0x1610 net/bluetooth/hci_core.c:4028\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n...\n\nFreed by task 5245:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579\n poison_slab_object+0xf7/0x160 mm/kasan/common.c:240\n __kasan_slab_free+0x32/0x50 mm/kasan/common.c:256\n kasan_slab_free include/linux/kasan.h:184 [inline]\n slab_free_hook mm/slub.c:2256 [inline]\n slab_free mm/slub.c:4477 [inline]\n kfree+0x12a/0x3b0 mm/slub.c:4598\n l2cap_conn_free net/bluetooth/l2cap_core.c:1810 [inline]\n kref_put include/linux/kref.h:65 [inline]\n l2cap_conn_put net/bluetooth/l2cap_core.c:1822 [inline]\n l2cap_conn_del+0x59d/0x730 net/bluetooth/l2cap_core.c:1802\n l2cap_connect_cfm+0x9e6/0xf80 net/bluetooth/l2cap_core.c:7241\n hci_connect_cfm include/net/bluetooth/hci_core.h:1960 [inline]\n hci_conn_failed+0x1c3/0x370 net/bluetooth/hci_conn.c:1265\n hci_abort_conn_sync+0x75a/0xb50 net/bluetooth/hci_sync.c:5583\n abort_conn_sync+0x197/0x360 net/bluetooth/hci_conn.c:2917\n hci_cmd_sync_work+0x1a4/0x410 net/bluetooth/hci_sync.c:328\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49950",
"url": "https://www.suse.com/security/cve/CVE-2024-49950"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-49950",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232159 for CVE-2024-49950",
"url": "https://bugzilla.suse.com/1232159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49950"
},
{
"cve": "CVE-2024-49952",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49952"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: prevent nf_skb_duplicated corruption\n\nsyzbot found that nf_dup_ipv4() or nf_dup_ipv6() could write\nper-cpu variable nf_skb_duplicated in an unsafe way [1].\n\nDisabling preemption as hinted by the splat is not enough,\nwe have to disable soft interrupts as well.\n\n[1]\nBUG: using __this_cpu_write() in preemptible [00000000] code: syz.4.282/6316\n caller is nf_dup_ipv4+0x651/0x8f0 net/ipv4/netfilter/nf_dup_ipv4.c:87\nCPU: 0 UID: 0 PID: 6316 Comm: syz.4.282 Not tainted 6.11.0-rc7-syzkaller-00104-g7052622fccb1 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n check_preemption_disabled+0x10e/0x120 lib/smp_processor_id.c:49\n nf_dup_ipv4+0x651/0x8f0 net/ipv4/netfilter/nf_dup_ipv4.c:87\n nft_dup_ipv4_eval+0x1db/0x300 net/ipv4/netfilter/nft_dup_ipv4.c:30\n expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]\n nft_do_chain+0x4ad/0x1da0 net/netfilter/nf_tables_core.c:288\n nft_do_chain_ipv4+0x202/0x320 net/netfilter/nft_chain_filter.c:23\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626\n nf_hook+0x2c4/0x450 include/linux/netfilter.h:269\n NF_HOOK_COND include/linux/netfilter.h:302 [inline]\n ip_output+0x185/0x230 net/ipv4/ip_output.c:433\n ip_local_out net/ipv4/ip_output.c:129 [inline]\n ip_send_skb+0x74/0x100 net/ipv4/ip_output.c:1495\n udp_send_skb+0xacf/0x1650 net/ipv4/udp.c:981\n udp_sendmsg+0x1c21/0x2a60 net/ipv4/udp.c:1269\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x1a6/0x270 net/socket.c:745\n ____sys_sendmsg+0x525/0x7d0 net/socket.c:2597\n ___sys_sendmsg net/socket.c:2651 [inline]\n __sys_sendmmsg+0x3b2/0x740 net/socket.c:2737\n __do_sys_sendmmsg net/socket.c:2766 [inline]\n __se_sys_sendmmsg net/socket.c:2763 [inline]\n __x64_sys_sendmmsg+0xa0/0xb0 net/socket.c:2763\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f4ce4f7def9\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f4ce5d4a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133\nRAX: ffffffffffffffda RBX: 00007f4ce5135f80 RCX: 00007f4ce4f7def9\nRDX: 0000000000000001 RSI: 0000000020005d40 RDI: 0000000000000006\nRBP: 00007f4ce4ff0b76 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007f4ce5135f80 R15: 00007ffd4cbc6d68\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49952",
"url": "https://www.suse.com/security/cve/CVE-2024-49952"
},
{
"category": "external",
"summary": "SUSE Bug 1232157 for CVE-2024-49952",
"url": "https://bugzilla.suse.com/1232157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49952"
},
{
"cve": "CVE-2024-49953",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49953"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice\n\nThe km.state is not checked in driver\u0027s delayed work. When\nxfrm_state_check_expire() is called, the state can be reset to\nXFRM_STATE_EXPIRED, even if it is XFRM_STATE_DEAD already. This\nhappens when xfrm state is deleted, but not freed yet. As\n__xfrm_state_delete() is called again in xfrm timer, the following\ncrash occurs.\n\nTo fix this issue, skip xfrm_state_check_expire() if km.state is not\nXFRM_STATE_VALID.\n\n Oops: general protection fault, probably for non-canonical address 0xdead000000000108: 0000 [#1] SMP\n CPU: 5 UID: 0 PID: 7448 Comm: kworker/u102:2 Not tainted 6.11.0-rc2+ #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Workqueue: mlx5e_ipsec: eth%d mlx5e_ipsec_handle_sw_limits [mlx5_core]\n RIP: 0010:__xfrm_state_delete+0x3d/0x1b0\n Code: 0f 84 8b 01 00 00 48 89 fd c6 87 c8 00 00 00 05 48 8d bb 40 10 00 00 e8 11 04 1a 00 48 8b 95 b8 00 00 00 48 8b 85 c0 00 00 00 \u003c48\u003e 89 42 08 48 89 10 48 8b 55 10 48 b8 00 01 00 00 00 00 ad de 48\n RSP: 0018:ffff88885f945ec8 EFLAGS: 00010246\n RAX: dead000000000122 RBX: ffffffff82afa940 RCX: 0000000000000036\n RDX: dead000000000100 RSI: 0000000000000000 RDI: ffffffff82afb980\n RBP: ffff888109a20340 R08: ffff88885f945ea0 R09: 0000000000000000\n R10: 0000000000000000 R11: ffff88885f945ff8 R12: 0000000000000246\n R13: ffff888109a20340 R14: ffff88885f95f420 R15: ffff88885f95f400\n FS: 0000000000000000(0000) GS:ffff88885f940000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f2163102430 CR3: 00000001128d6001 CR4: 0000000000370eb0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cIRQ\u003e\n ? die_addr+0x33/0x90\n ? exc_general_protection+0x1a2/0x390\n ? asm_exc_general_protection+0x22/0x30\n ? __xfrm_state_delete+0x3d/0x1b0\n ? __xfrm_state_delete+0x2f/0x1b0\n xfrm_timer_handler+0x174/0x350\n ? __xfrm_state_delete+0x1b0/0x1b0\n __hrtimer_run_queues+0x121/0x270\n hrtimer_run_softirq+0x88/0xd0\n handle_softirqs+0xcc/0x270\n do_softirq+0x3c/0x50\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n __local_bh_enable_ip+0x47/0x50\n mlx5e_ipsec_handle_sw_limits+0x7d/0x90 [mlx5_core]\n process_one_work+0x137/0x2d0\n worker_thread+0x28d/0x3a0\n ? rescuer_thread+0x480/0x480\n kthread+0xb8/0xe0\n ? kthread_park+0x80/0x80\n ret_from_fork+0x2d/0x50\n ? kthread_park+0x80/0x80\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49953",
"url": "https://www.suse.com/security/cve/CVE-2024-49953"
},
{
"category": "external",
"summary": "SUSE Bug 1232156 for CVE-2024-49953",
"url": "https://bugzilla.suse.com/1232156"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49953"
},
{
"cve": "CVE-2024-49954",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49954"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstatic_call: Replace pointless WARN_ON() in static_call_module_notify()\n\nstatic_call_module_notify() triggers a WARN_ON(), when memory allocation\nfails in __static_call_add_module().\n\nThat\u0027s not really justified, because the failure case must be correctly\nhandled by the well known call chain and the error code is passed\nthrough to the initiating userspace application.\n\nA memory allocation fail is not a fatal problem, but the WARN_ON() takes\nthe machine out when panic_on_warn is set.\n\nReplace it with a pr_warn().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49954",
"url": "https://www.suse.com/security/cve/CVE-2024-49954"
},
{
"category": "external",
"summary": "SUSE Bug 1232155 for CVE-2024-49954",
"url": "https://bugzilla.suse.com/1232155"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49954"
},
{
"cve": "CVE-2024-49955",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49955"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: battery: Fix possible crash when unregistering a battery hook\n\nWhen a battery hook returns an error when adding a new battery, then\nthe battery hook is automatically unregistered.\nHowever the battery hook provider cannot know that, so it will later\ncall battery_hook_unregister() on the already unregistered battery\nhook, resulting in a crash.\n\nFix this by using the list head to mark already unregistered battery\nhooks as already being unregistered so that they can be ignored by\nbattery_hook_unregister().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49955",
"url": "https://www.suse.com/security/cve/CVE-2024-49955"
},
{
"category": "external",
"summary": "SUSE Bug 1232154 for CVE-2024-49955",
"url": "https://bugzilla.suse.com/1232154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49955"
},
{
"cve": "CVE-2024-49957",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49957"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix null-ptr-deref when journal load failed.\n\nDuring the mounting process, if journal_reset() fails because of too short\njournal, then lead to jbd2_journal_load() fails with NULL j_sb_buffer. \nSubsequently, ocfs2_journal_shutdown() calls\njbd2_journal_flush()-\u003ejbd2_cleanup_journal_tail()-\u003e\n__jbd2_update_log_tail()-\u003ejbd2_journal_update_sb_log_tail()\n-\u003elock_buffer(journal-\u003ej_sb_buffer), resulting in a null-pointer\ndereference error.\n\nTo resolve this issue, we should check the JBD2_LOADED flag to ensure the\njournal was properly loaded. Additionally, use journal instead of\nosb-\u003ejournal directly to simplify the code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49957",
"url": "https://www.suse.com/security/cve/CVE-2024-49957"
},
{
"category": "external",
"summary": "SUSE Bug 1232152 for CVE-2024-49957",
"url": "https://bugzilla.suse.com/1232152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49957"
},
{
"cve": "CVE-2024-49958",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49958"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: reserve space for inline xattr before attaching reflink tree\n\nOne of our customers reported a crash and a corrupted ocfs2 filesystem. \nThe crash was due to the detection of corruption. Upon troubleshooting,\nthe fsck -fn output showed the below corruption\n\n[EXTENT_LIST_FREE] Extent list in owner 33080590 claims 230 as the next free chain record,\nbut fsck believes the largest valid value is 227. Clamp the next record value? n\n\nThe stat output from the debugfs.ocfs2 showed the following corruption\nwhere the \"Next Free Rec:\" had overshot the \"Count:\" in the root metadata\nblock.\n\n Inode: 33080590 Mode: 0640 Generation: 2619713622 (0x9c25a856)\n FS Generation: 904309833 (0x35e6ac49)\n CRC32: 00000000 ECC: 0000\n Type: Regular Attr: 0x0 Flags: Valid\n Dynamic Features: (0x16) HasXattr InlineXattr Refcounted\n Extended Attributes Block: 0 Extended Attributes Inline Size: 256\n User: 0 (root) Group: 0 (root) Size: 281320357888\n Links: 1 Clusters: 141738\n ctime: 0x66911b56 0x316edcb8 -- Fri Jul 12 06:02:30.829349048 2024\n atime: 0x66911d6b 0x7f7a28d -- Fri Jul 12 06:11:23.133669517 2024\n mtime: 0x66911b56 0x12ed75d7 -- Fri Jul 12 06:02:30.317552087 2024\n dtime: 0x0 -- Wed Dec 31 17:00:00 1969\n Refcount Block: 2777346\n Last Extblk: 2886943 Orphan Slot: 0\n Sub Alloc Slot: 0 Sub Alloc Bit: 14\n Tree Depth: 1 Count: 227 Next Free Rec: 230\n ## Offset Clusters Block#\n 0 0 2310 2776351\n 1 2310 2139 2777375\n 2 4449 1221 2778399\n 3 5670 731 2779423\n 4 6401 566 2780447\n ....... .... .......\n ....... .... .......\n\nThe issue was in the reflink workfow while reserving space for inline\nxattr. The problematic function is ocfs2_reflink_xattr_inline(). By the\ntime this function is called the reflink tree is already recreated at the\ndestination inode from the source inode. At this point, this function\nreserves space for inline xattrs at the destination inode without even\nchecking if there is space at the root metadata block. It simply reduces\nthe l_count from 243 to 227 thereby making space of 256 bytes for inline\nxattr whereas the inode already has extents beyond this index (in this\ncase up to 230), thereby causing corruption.\n\nThe fix for this is to reserve space for inline metadata at the destination\ninode before the reflink tree gets recreated. The customer has verified the\nfix.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49958",
"url": "https://www.suse.com/security/cve/CVE-2024-49958"
},
{
"category": "external",
"summary": "SUSE Bug 1232151 for CVE-2024-49958",
"url": "https://bugzilla.suse.com/1232151"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49958"
},
{
"cve": "CVE-2024-49959",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49959"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error\n\nIn __jbd2_log_wait_for_space(), we might call jbd2_cleanup_journal_tail()\nto recover some journal space. But if an error occurs while executing\njbd2_cleanup_journal_tail() (e.g., an EIO), we don\u0027t stop waiting for free\nspace right away, we try other branches, and if j_committing_transaction\nis NULL (i.e., the tid is 0), we will get the following complain:\n\n============================================\nJBD2: I/O error when updating journal superblock for sdd-8.\n__jbd2_log_wait_for_space: needed 256 blocks and only had 217 space available\n__jbd2_log_wait_for_space: no way to get more journal space in sdd-8\n------------[ cut here ]------------\nWARNING: CPU: 2 PID: 139804 at fs/jbd2/checkpoint.c:109 __jbd2_log_wait_for_space+0x251/0x2e0\nModules linked in:\nCPU: 2 PID: 139804 Comm: kworker/u8:3 Not tainted 6.6.0+ #1\nRIP: 0010:__jbd2_log_wait_for_space+0x251/0x2e0\nCall Trace:\n \u003cTASK\u003e\n add_transaction_credits+0x5d1/0x5e0\n start_this_handle+0x1ef/0x6a0\n jbd2__journal_start+0x18b/0x340\n ext4_dirty_inode+0x5d/0xb0\n __mark_inode_dirty+0xe4/0x5d0\n generic_update_time+0x60/0x70\n[...]\n============================================\n\nSo only if jbd2_cleanup_journal_tail() returns 1, i.e., there is nothing to\nclean up at the moment, continue to try to reclaim free space in other ways.\n\nNote that this fix relies on commit 6f6a6fda2945 (\"jbd2: fix ocfs2 corrupt\nwhen updating journal superblock fails\") to make jbd2_cleanup_journal_tail\nreturn the correct error code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49959",
"url": "https://www.suse.com/security/cve/CVE-2024-49959"
},
{
"category": "external",
"summary": "SUSE Bug 1232149 for CVE-2024-49959",
"url": "https://bugzilla.suse.com/1232149"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49959"
},
{
"cve": "CVE-2024-49960",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49960"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix timer use-after-free on failed mount\n\nSyzbot has found an ODEBUG bug in ext4_fill_super\n\nThe del_timer_sync function cancels the s_err_report timer,\nwhich reminds about filesystem errors daily. We should\nguarantee the timer is no longer active before kfree(sbi).\n\nWhen filesystem mounting fails, the flow goes to failed_mount3,\nwhere an error occurs when ext4_stop_mmpd is called, causing\na read I/O failure. This triggers the ext4_handle_error function\nthat ultimately re-arms the timer,\nleaving the s_err_report timer active before kfree(sbi) is called.\n\nFix the issue by canceling the s_err_report timer after calling ext4_stop_mmpd.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49960",
"url": "https://www.suse.com/security/cve/CVE-2024-49960"
},
{
"category": "external",
"summary": "SUSE Bug 1232395 for CVE-2024-49960",
"url": "https://bugzilla.suse.com/1232395"
},
{
"category": "external",
"summary": "SUSE Bug 1232803 for CVE-2024-49960",
"url": "https://bugzilla.suse.com/1232803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49960"
},
{
"cve": "CVE-2024-49961",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49961"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c: ar0521: Use cansleep version of gpiod_set_value()\n\nIf we use GPIO reset from I2C port expander, we must use *_cansleep()\nvariant of GPIO functions.\nThis was not done in ar0521_power_on()/ar0521_power_off() functions.\nLet\u0027s fix that.\n\n------------[ cut here ]------------\nWARNING: CPU: 0 PID: 11 at drivers/gpio/gpiolib.c:3496 gpiod_set_value+0x74/0x7c\nModules linked in:\nCPU: 0 PID: 11 Comm: kworker/u16:0 Not tainted 6.10.0 #53\nHardware name: Diasom DS-RK3568-SOM-EVB (DT)\nWorkqueue: events_unbound deferred_probe_work_func\npstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : gpiod_set_value+0x74/0x7c\nlr : ar0521_power_on+0xcc/0x290\nsp : ffffff8001d7ab70\nx29: ffffff8001d7ab70 x28: ffffff80027dcc90 x27: ffffff8003c82000\nx26: ffffff8003ca9250 x25: ffffffc080a39c60 x24: ffffff8003ca9088\nx23: ffffff8002402720 x22: ffffff8003ca9080 x21: ffffff8003ca9088\nx20: 0000000000000000 x19: ffffff8001eb2a00 x18: ffffff80efeeac80\nx17: 756d2d6332692f30 x16: 0000000000000000 x15: 0000000000000000\nx14: ffffff8001d91d40 x13: 0000000000000016 x12: ffffffc080e98930\nx11: ffffff8001eb2880 x10: 0000000000000890 x9 : ffffff8001d7a9f0\nx8 : ffffff8001d92570 x7 : ffffff80efeeac80 x6 : 000000003fc6e780\nx5 : ffffff8001d91c80 x4 : 0000000000000002 x3 : 0000000000000000\nx2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000001\nCall trace:\n gpiod_set_value+0x74/0x7c\n ar0521_power_on+0xcc/0x290\n...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49961",
"url": "https://www.suse.com/security/cve/CVE-2024-49961"
},
{
"category": "external",
"summary": "SUSE Bug 1232148 for CVE-2024-49961",
"url": "https://bugzilla.suse.com/1232148"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49961"
},
{
"cve": "CVE-2024-49962",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49962"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package()\n\nACPICA commit 4d4547cf13cca820ff7e0f859ba83e1a610b9fd0\n\nACPI_ALLOCATE_ZEROED() may fail, elements might be NULL and will cause\nNULL pointer dereference later.\n\n[ rjw: Subject and changelog edits ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49962",
"url": "https://www.suse.com/security/cve/CVE-2024-49962"
},
{
"category": "external",
"summary": "SUSE Bug 1232314 for CVE-2024-49962",
"url": "https://bugzilla.suse.com/1232314"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49962"
},
{
"cve": "CVE-2024-49963",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49963"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmailbox: bcm2835: Fix timeout during suspend mode\n\nDuring noirq suspend phase the Raspberry Pi power driver suffer of\nfirmware property timeouts. The reason is that the IRQ of the underlying\nBCM2835 mailbox is disabled and rpi_firmware_property_list() will always\nrun into a timeout [1].\n\nSince the VideoCore side isn\u0027t consider as a wakeup source, set the\nIRQF_NO_SUSPEND flag for the mailbox IRQ in order to keep it enabled\nduring suspend-resume cycle.\n\n[1]\nPM: late suspend of devices complete after 1.754 msecs\nWARNING: CPU: 0 PID: 438 at drivers/firmware/raspberrypi.c:128\n rpi_firmware_property_list+0x204/0x22c\nFirmware transaction 0x00028001 timeout\nModules linked in:\nCPU: 0 PID: 438 Comm: bash Tainted: G C 6.9.3-dirty #17\nHardware name: BCM2835\nCall trace:\nunwind_backtrace from show_stack+0x18/0x1c\nshow_stack from dump_stack_lvl+0x34/0x44\ndump_stack_lvl from __warn+0x88/0xec\n__warn from warn_slowpath_fmt+0x7c/0xb0\nwarn_slowpath_fmt from rpi_firmware_property_list+0x204/0x22c\nrpi_firmware_property_list from rpi_firmware_property+0x68/0x8c\nrpi_firmware_property from rpi_firmware_set_power+0x54/0xc0\nrpi_firmware_set_power from _genpd_power_off+0xe4/0x148\n_genpd_power_off from genpd_sync_power_off+0x7c/0x11c\ngenpd_sync_power_off from genpd_finish_suspend+0xcc/0xe0\ngenpd_finish_suspend from dpm_run_callback+0x78/0xd0\ndpm_run_callback from device_suspend_noirq+0xc0/0x238\ndevice_suspend_noirq from dpm_suspend_noirq+0xb0/0x168\ndpm_suspend_noirq from suspend_devices_and_enter+0x1b8/0x5ac\nsuspend_devices_and_enter from pm_suspend+0x254/0x2e4\npm_suspend from state_store+0xa8/0xd4\nstate_store from kernfs_fop_write_iter+0x154/0x1a0\nkernfs_fop_write_iter from vfs_write+0x12c/0x184\nvfs_write from ksys_write+0x78/0xc0\nksys_write from ret_fast_syscall+0x0/0x54\nException stack(0xcc93dfa8 to 0xcc93dff0)\n[...]\nPM: noirq suspend of devices complete after 3095.584 msecs",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49963",
"url": "https://www.suse.com/security/cve/CVE-2024-49963"
},
{
"category": "external",
"summary": "SUSE Bug 1232147 for CVE-2024-49963",
"url": "https://bugzilla.suse.com/1232147"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49963"
},
{
"cve": "CVE-2024-49965",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49965"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: remove unreasonable unlock in ocfs2_read_blocks\n\nPatch series \"Misc fixes for ocfs2_read_blocks\", v5.\n\nThis series contains 2 fixes for ocfs2_read_blocks(). The first patch fix\nthe issue reported by syzbot, which detects bad unlock balance in\nocfs2_read_blocks(). The second patch fixes an issue reported by Heming\nZhao when reviewing above fix.\n\n\nThis patch (of 2):\n\nThere was a lock release before exiting, so remove the unreasonable unlock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49965",
"url": "https://www.suse.com/security/cve/CVE-2024-49965"
},
{
"category": "external",
"summary": "SUSE Bug 1232142 for CVE-2024-49965",
"url": "https://bugzilla.suse.com/1232142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49965"
},
{
"cve": "CVE-2024-49966",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49966"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: cancel dqi_sync_work before freeing oinfo\n\nocfs2_global_read_info() will initialize and schedule dqi_sync_work at the\nend, if error occurs after successfully reading global quota, it will\ntrigger the following warning with CONFIG_DEBUG_OBJECTS_* enabled:\n\nODEBUG: free active (active state 0) object: 00000000d8b0ce28 object type: timer_list hint: qsync_work_fn+0x0/0x16c\n\nThis reports that there is an active delayed work when freeing oinfo in\nerror handling, so cancel dqi_sync_work first. BTW, return status instead\nof -1 when .read_file_info fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49966",
"url": "https://www.suse.com/security/cve/CVE-2024-49966"
},
{
"category": "external",
"summary": "SUSE Bug 1232141 for CVE-2024-49966",
"url": "https://bugzilla.suse.com/1232141"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49966"
},
{
"cve": "CVE-2024-49967",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49967"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49967",
"url": "https://www.suse.com/security/cve/CVE-2024-49967"
},
{
"category": "external",
"summary": "SUSE Bug 1232140 for CVE-2024-49967",
"url": "https://bugzilla.suse.com/1232140"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49967"
},
{
"cve": "CVE-2024-49968",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49968"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: filesystems without casefold feature cannot be mounted with siphash\n\nWhen mounting the ext4 filesystem, if the default hash version is set to\nDX_HASH_SIPHASH but the casefold feature is not set, exit the mounting.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49968",
"url": "https://www.suse.com/security/cve/CVE-2024-49968"
},
{
"category": "external",
"summary": "SUSE Bug 1232264 for CVE-2024-49968",
"url": "https://bugzilla.suse.com/1232264"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49968"
},
{
"cve": "CVE-2024-49969",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49969"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix index out of bounds in DCN30 color transformation\n\nThis commit addresses a potential index out of bounds issue in the\n`cm3_helper_translate_curve_to_hw_format` function in the DCN30 color\nmanagement module. The issue could occur when the index \u0027i\u0027 exceeds the\nnumber of transfer function points (TRANSFER_FUNC_POINTS).\n\nThe fix adds a check to ensure \u0027i\u0027 is within bounds before accessing the\ntransfer function points. If \u0027i\u0027 is out of bounds, the function returns\nfalse to indicate an error.\n\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:180 cm3_helper_translate_curve_to_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.red\u0027 1025 \u003c= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:181 cm3_helper_translate_curve_to_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.green\u0027 1025 \u003c= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:182 cm3_helper_translate_curve_to_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.blue\u0027 1025 \u003c= s32max",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49969",
"url": "https://www.suse.com/security/cve/CVE-2024-49969"
},
{
"category": "external",
"summary": "SUSE Bug 1232519 for CVE-2024-49969",
"url": "https://bugzilla.suse.com/1232519"
},
{
"category": "external",
"summary": "SUSE Bug 1232524 for CVE-2024-49969",
"url": "https://bugzilla.suse.com/1232524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-49969"
},
{
"cve": "CVE-2024-49972",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49972"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Deallocate DML memory if allocation fails\n\n[Why]\nWhen DC state create DML memory allocation fails, memory is not\ndeallocated subsequently, resulting in uninitialized structure\nthat is not NULL.\n\n[How]\nDeallocate memory if DML memory allocation fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49972",
"url": "https://www.suse.com/security/cve/CVE-2024-49972"
},
{
"category": "external",
"summary": "SUSE Bug 1232315 for CVE-2024-49972",
"url": "https://bugzilla.suse.com/1232315"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49972"
},
{
"cve": "CVE-2024-49973",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49973"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nr8169: add tally counter fields added with RTL8125\n\nRTL8125 added fields to the tally counter, what may result in the chip\ndma\u0027ing these new fields to unallocated memory. Therefore make sure\nthat the allocated memory area is big enough to hold all of the\ntally counter values, even if we use only parts of it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49973",
"url": "https://www.suse.com/security/cve/CVE-2024-49973"
},
{
"category": "external",
"summary": "SUSE Bug 1232105 for CVE-2024-49973",
"url": "https://bugzilla.suse.com/1232105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49973"
},
{
"cve": "CVE-2024-49974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49974"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Limit the number of concurrent async COPY operations\n\nNothing appears to limit the number of concurrent async COPY\noperations that clients can start. In addition, AFAICT each async\nCOPY can copy an unlimited number of 4MB chunks, so can run for a\nlong time. Thus IMO async COPY can become a DoS vector.\n\nAdd a restriction mechanism that bounds the number of concurrent\nbackground COPY operations. Start simple and try to be fair -- this\npatch implements a per-namespace limit.\n\nAn async COPY request that occurs while this limit is exceeded gets\nNFS4ERR_DELAY. The requesting client can choose to send the request\nagain after a delay or fall back to a traditional read/write style\ncopy.\n\nIf there is need to make the mechanism more sophisticated, we can\nvisit that in future patches.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49974",
"url": "https://www.suse.com/security/cve/CVE-2024-49974"
},
{
"category": "external",
"summary": "SUSE Bug 1232383 for CVE-2024-49974",
"url": "https://bugzilla.suse.com/1232383"
},
{
"category": "external",
"summary": "SUSE Bug 1232384 for CVE-2024-49974",
"url": "https://bugzilla.suse.com/1232384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-49974"
},
{
"cve": "CVE-2024-49975",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49975"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nuprobes: fix kernel info leak via \"[uprobes]\" vma\n\nxol_add_vma() maps the uninitialized page allocated by __create_xol_area()\ninto userspace. On some architectures (x86) this memory is readable even\nwithout VM_READ, VM_EXEC results in the same pgprot_t as VM_EXEC|VM_READ,\nalthough this doesn\u0027t really matter, debugger can read this memory anyway.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49975",
"url": "https://www.suse.com/security/cve/CVE-2024-49975"
},
{
"category": "external",
"summary": "SUSE Bug 1232104 for CVE-2024-49975",
"url": "https://bugzilla.suse.com/1232104"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49975"
},
{
"cve": "CVE-2024-49976",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49976"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/timerlat: Drop interface_lock in stop_kthread()\n\nstop_kthread() is the offline callback for \"trace/osnoise:online\", since\ncommit 5bfbcd1ee57b (\"tracing/timerlat: Add interface_lock around clearing\nof kthread in stop_kthread()\"), the following ABBA deadlock scenario is\nintroduced:\n\nT1 | T2 [BP] | T3 [AP]\nosnoise_hotplug_workfn() | work_for_cpu_fn() | cpuhp_thread_fun()\n | _cpu_down() | osnoise_cpu_die()\n mutex_lock(\u0026interface_lock) | | stop_kthread()\n | cpus_write_lock() | mutex_lock(\u0026interface_lock)\n cpus_read_lock() | cpuhp_kick_ap() |\n\nAs the interface_lock here in just for protecting the \"kthread\" field of\nthe osn_var, use xchg() instead to fix this issue. Also use\nfor_each_online_cpu() back in stop_per_cpu_kthreads() as it can take\ncpu_read_lock() again.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49976",
"url": "https://www.suse.com/security/cve/CVE-2024-49976"
},
{
"category": "external",
"summary": "SUSE Bug 1232103 for CVE-2024-49976",
"url": "https://bugzilla.suse.com/1232103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49976"
},
{
"cve": "CVE-2024-49981",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49981"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: fix use after free bug in venus_remove due to race condition\n\nin venus_probe, core-\u003ework is bound with venus_sys_error_handler, which is\nused to handle error. The code use core-\u003esys_err_done to make sync work.\nThe core-\u003ework is started in venus_event_notify.\n\nIf we call venus_remove, there might be an unfished work. The possible\nsequence is as follows:\n\nCPU0 CPU1\n\n |venus_sys_error_handler\nvenus_remove |\nhfi_destroy\t \t\t |\nvenus_hfi_destroy\t |\nkfree(hdev);\t |\n |hfi_reinit\n\t\t\t\t\t |venus_hfi_queues_reinit\n |//use hdev\n\nFix it by canceling the work in venus_remove.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49981",
"url": "https://www.suse.com/security/cve/CVE-2024-49981"
},
{
"category": "external",
"summary": "SUSE Bug 1232098 for CVE-2024-49981",
"url": "https://bugzilla.suse.com/1232098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49981"
},
{
"cve": "CVE-2024-49982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49982"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naoe: fix the potential use-after-free problem in more places\n\nFor fixing CVE-2023-6270, f98364e92662 (\"aoe: fix the potential\nuse-after-free problem in aoecmd_cfg_pkts\") makes tx() calling dev_put()\ninstead of doing in aoecmd_cfg_pkts(). It avoids that the tx() runs\ninto use-after-free.\n\nThen Nicolai Stange found more places in aoe have potential use-after-free\nproblem with tx(). e.g. revalidate(), aoecmd_ata_rw(), resend(), probe()\nand aoecmd_cfg_rsp(). Those functions also use aoenet_xmit() to push\npacket to tx queue. So they should also use dev_hold() to increase the\nrefcnt of skb-\u003edev.\n\nOn the other hand, moving dev_put() to tx() causes that the refcnt of\nskb-\u003edev be reduced to a negative value, because corresponding\ndev_hold() are not called in revalidate(), aoecmd_ata_rw(), resend(),\nprobe(), and aoecmd_cfg_rsp(). This patch fixed this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49982",
"url": "https://www.suse.com/security/cve/CVE-2024-49982"
},
{
"category": "external",
"summary": "SUSE Bug 1232097 for CVE-2024-49982",
"url": "https://bugzilla.suse.com/1232097"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49982"
},
{
"cve": "CVE-2024-49983",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49983"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free\n\nWhen calling ext4_force_split_extent_at() in ext4_ext_replay_update_ex(),\nthe \u0027ppath\u0027 is updated but it is the \u0027path\u0027 that is freed, thus potentially\ntriggering a double-free in the following process:\n\next4_ext_replay_update_ex\n ppath = path\n ext4_force_split_extent_at(\u0026ppath)\n ext4_split_extent_at\n ext4_ext_insert_extent\n ext4_ext_create_new_leaf\n ext4_ext_grow_indepth\n ext4_find_extent\n if (depth \u003e path[0].p_maxdepth)\n kfree(path) ---\u003e path First freed\n *orig_path = path = NULL ---\u003e null ppath\n kfree(path) ---\u003e path double-free !!!\n\nSo drop the unnecessary ppath and use path directly to avoid this problem.\nAnd use ext4_find_extent() directly to update path, avoiding unnecessary\nmemory allocation and freeing. Also, propagate the error returned by\next4_find_extent() instead of using strange error codes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49983",
"url": "https://www.suse.com/security/cve/CVE-2024-49983"
},
{
"category": "external",
"summary": "SUSE Bug 1232096 for CVE-2024-49983",
"url": "https://bugzilla.suse.com/1232096"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49983"
},
{
"cve": "CVE-2024-49985",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49985"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume\n\nIn case there is any sort of clock controller attached to this I2C bus\ncontroller, for example Versaclock or even an AIC32x4 I2C codec, then\nan I2C transfer triggered from the clock controller clk_ops .prepare\ncallback may trigger a deadlock on drivers/clk/clk.c prepare_lock mutex.\n\nThis is because the clock controller first grabs the prepare_lock mutex\nand then performs the prepare operation, including its I2C access. The\nI2C access resumes this I2C bus controller via .runtime_resume callback,\nwhich calls clk_prepare_enable(), which attempts to grab the prepare_lock\nmutex again and deadlocks.\n\nSince the clock are already prepared since probe() and unprepared in\nremove(), use simple clk_enable()/clk_disable() calls to enable and\ndisable the clock on runtime suspend and resume, to avoid hitting the\nprepare_lock mutex.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49985",
"url": "https://www.suse.com/security/cve/CVE-2024-49985"
},
{
"category": "external",
"summary": "SUSE Bug 1232094 for CVE-2024-49985",
"url": "https://bugzilla.suse.com/1232094"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49985"
},
{
"cve": "CVE-2024-49986",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49986"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors\n\nx86_android_tablet_remove() frees the pdevs[] array, so it should not\nbe used after calling x86_android_tablet_remove().\n\nWhen platform_device_register() fails, store the pdevs[x] PTR_ERR() value\ninto the local ret variable before calling x86_android_tablet_remove()\nto avoid using pdevs[] after it has been freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49986",
"url": "https://www.suse.com/security/cve/CVE-2024-49986"
},
{
"category": "external",
"summary": "SUSE Bug 1232093 for CVE-2024-49986",
"url": "https://bugzilla.suse.com/1232093"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49986"
},
{
"cve": "CVE-2024-49987",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49987"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpftool: Fix undefined behavior in qsort(NULL, 0, ...)\n\nWhen netfilter has no entry to display, qsort is called with\nqsort(NULL, 0, ...). This results in undefined behavior, as UBSan\nreports:\n\nnet.c:827:2: runtime error: null pointer passed as argument 1, which is declared to never be null\n\nAlthough the C standard does not explicitly state whether calling qsort\nwith a NULL pointer when the size is 0 constitutes undefined behavior,\nSection 7.1.4 of the C standard (Use of library functions) mentions:\n\n\"Each of the following statements applies unless explicitly stated\notherwise in the detailed descriptions that follow: If an argument to a\nfunction has an invalid value (such as a value outside the domain of\nthe function, or a pointer outside the address space of the program, or\na null pointer, or a pointer to non-modifiable storage when the\ncorresponding parameter is not const-qualified) or a type (after\npromotion) not expected by a function with variable number of\narguments, the behavior is undefined.\"\n\nTo avoid this, add an early return when nf_link_info is NULL to prevent\ncalling qsort with a NULL pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49987",
"url": "https://www.suse.com/security/cve/CVE-2024-49987"
},
{
"category": "external",
"summary": "SUSE Bug 1232258 for CVE-2024-49987",
"url": "https://bugzilla.suse.com/1232258"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49987"
},
{
"cve": "CVE-2024-49989",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49989"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix double free issue during amdgpu module unload\n\nFlexible endpoints use DIGs from available inflexible endpoints,\nso only the encoders of inflexible links need to be freed.\nOtherwise, a double free issue may occur when unloading the\namdgpu module.\n\n[ 279.190523] RIP: 0010:__slab_free+0x152/0x2f0\n[ 279.190577] Call Trace:\n[ 279.190580] \u003cTASK\u003e\n[ 279.190582] ? show_regs+0x69/0x80\n[ 279.190590] ? die+0x3b/0x90\n[ 279.190595] ? do_trap+0xc8/0xe0\n[ 279.190601] ? do_error_trap+0x73/0xa0\n[ 279.190605] ? __slab_free+0x152/0x2f0\n[ 279.190609] ? exc_invalid_op+0x56/0x70\n[ 279.190616] ? __slab_free+0x152/0x2f0\n[ 279.190642] ? asm_exc_invalid_op+0x1f/0x30\n[ 279.190648] ? dcn10_link_encoder_destroy+0x19/0x30 [amdgpu]\n[ 279.191096] ? __slab_free+0x152/0x2f0\n[ 279.191102] ? dcn10_link_encoder_destroy+0x19/0x30 [amdgpu]\n[ 279.191469] kfree+0x260/0x2b0\n[ 279.191474] dcn10_link_encoder_destroy+0x19/0x30 [amdgpu]\n[ 279.191821] link_destroy+0xd7/0x130 [amdgpu]\n[ 279.192248] dc_destruct+0x90/0x270 [amdgpu]\n[ 279.192666] dc_destroy+0x19/0x40 [amdgpu]\n[ 279.193020] amdgpu_dm_fini+0x16e/0x200 [amdgpu]\n[ 279.193432] dm_hw_fini+0x26/0x40 [amdgpu]\n[ 279.193795] amdgpu_device_fini_hw+0x24c/0x400 [amdgpu]\n[ 279.194108] amdgpu_driver_unload_kms+0x4f/0x70 [amdgpu]\n[ 279.194436] amdgpu_pci_remove+0x40/0x80 [amdgpu]\n[ 279.194632] pci_device_remove+0x3a/0xa0\n[ 279.194638] device_remove+0x40/0x70\n[ 279.194642] device_release_driver_internal+0x1ad/0x210\n[ 279.194647] driver_detach+0x4e/0xa0\n[ 279.194650] bus_remove_driver+0x6f/0xf0\n[ 279.194653] driver_unregister+0x33/0x60\n[ 279.194657] pci_unregister_driver+0x44/0x90\n[ 279.194662] amdgpu_exit+0x19/0x1f0 [amdgpu]\n[ 279.194939] __do_sys_delete_module.isra.0+0x198/0x2f0\n[ 279.194946] __x64_sys_delete_module+0x16/0x20\n[ 279.194950] do_syscall_64+0x58/0x120\n[ 279.194954] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n[ 279.194980] \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49989",
"url": "https://www.suse.com/security/cve/CVE-2024-49989"
},
{
"category": "external",
"summary": "SUSE Bug 1232483 for CVE-2024-49989",
"url": "https://bugzilla.suse.com/1232483"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49989"
},
{
"cve": "CVE-2024-49991",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49991"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer\n\nPass pointer reference to amdgpu_bo_unref to clear the correct pointer,\notherwise amdgpu_bo_unref clear the local variable, the original pointer\nnot set to NULL, this could cause use-after-free bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49991",
"url": "https://www.suse.com/security/cve/CVE-2024-49991"
},
{
"category": "external",
"summary": "SUSE Bug 1232282 for CVE-2024-49991",
"url": "https://bugzilla.suse.com/1232282"
},
{
"category": "external",
"summary": "SUSE Bug 1232284 for CVE-2024-49991",
"url": "https://bugzilla.suse.com/1232284"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-49991"
},
{
"cve": "CVE-2024-49993",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49993"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49993",
"url": "https://www.suse.com/security/cve/CVE-2024-49993"
},
{
"category": "external",
"summary": "SUSE Bug 1232316 for CVE-2024-49993",
"url": "https://bugzilla.suse.com/1232316"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49993"
},
{
"cve": "CVE-2024-49995",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49995"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49995",
"url": "https://www.suse.com/security/cve/CVE-2024-49995"
},
{
"category": "external",
"summary": "SUSE Bug 1232432 for CVE-2024-49995",
"url": "https://bugzilla.suse.com/1232432"
},
{
"category": "external",
"summary": "SUSE Bug 1232433 for CVE-2024-49995",
"url": "https://bugzilla.suse.com/1232433"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49995"
},
{
"cve": "CVE-2024-49996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49996"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix buffer overflow when parsing NFS reparse points\n\nReparseDataLength is sum of the InodeType size and DataBuffer size.\nSo to get DataBuffer size it is needed to subtract InodeType\u0027s size from\nReparseDataLength.\n\nFunction cifs_strndup_from_utf16() is currentlly accessing buf-\u003eDataBuffer\nat position after the end of the buffer because it does not subtract\nInodeType size from the length. Fix this problem and correctly subtract\nvariable len.\n\nMember InodeType is present only when reparse buffer is large enough. Check\nfor ReparseDataLength before accessing InodeType to prevent another invalid\nmemory access.\n\nMajor and minor rdev values are present also only when reparse buffer is\nlarge enough. Check for reparse buffer size before calling reparse_mkdev().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49996",
"url": "https://www.suse.com/security/cve/CVE-2024-49996"
},
{
"category": "external",
"summary": "SUSE Bug 1232089 for CVE-2024-49996",
"url": "https://bugzilla.suse.com/1232089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-49996"
},
{
"cve": "CVE-2024-50000",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50000"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()\n\nIn mlx5e_tir_builder_alloc() kvzalloc() may return NULL\nwhich is dereferenced on the next line in a reference\nto the modify field.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50000",
"url": "https://www.suse.com/security/cve/CVE-2024-50000"
},
{
"category": "external",
"summary": "SUSE Bug 1232085 for CVE-2024-50000",
"url": "https://bugzilla.suse.com/1232085"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50000"
},
{
"cve": "CVE-2024-50001",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50001"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix error path in multi-packet WQE transmit\n\nRemove the erroneous unmap in case no DMA mapping was established\n\nThe multi-packet WQE transmit code attempts to obtain a DMA mapping for\nthe skb. This could fail, e.g. under memory pressure, when the IOMMU\ndriver just can\u0027t allocate more memory for page tables. While the code\ntries to handle this in the path below the err_unmap label it erroneously\nunmaps one entry from the sq\u0027s FIFO list of active mappings. Since the\ncurrent map attempt failed this unmap is removing some random DMA mapping\nthat might still be required. If the PCI function now presents that IOVA,\nthe IOMMU may assumes a rogue DMA access and e.g. on s390 puts the PCI\nfunction in error state.\n\nThe erroneous behavior was seen in a stress-test environment that created\nmemory pressure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50001",
"url": "https://www.suse.com/security/cve/CVE-2024-50001"
},
{
"category": "external",
"summary": "SUSE Bug 1232084 for CVE-2024-50001",
"url": "https://bugzilla.suse.com/1232084"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50001"
},
{
"cve": "CVE-2024-50002",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50002"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstatic_call: Handle module init failure correctly in static_call_del_module()\n\nModule insertion invokes static_call_add_module() to initialize the static\ncalls in a module. static_call_add_module() invokes __static_call_init(),\nwhich allocates a struct static_call_mod to either encapsulate the built-in\nstatic call sites of the associated key into it so further modules can be\nadded or to append the module to the module chain.\n\nIf that allocation fails the function returns with an error code and the\nmodule core invokes static_call_del_module() to clean up eventually added\nstatic_call_mod entries.\n\nThis works correctly, when all keys used by the module were converted over\nto a module chain before the failure. If not then static_call_del_module()\ncauses a #GP as it blindly assumes that key::mods points to a valid struct\nstatic_call_mod.\n\nThe problem is that key::mods is not a individual struct member of struct\nstatic_call_key, it\u0027s part of a union to save space:\n\n union {\n /* bit 0: 0 = mods, 1 = sites */\n unsigned long type;\n struct static_call_mod *mods;\n struct static_call_site *sites;\n\t};\n\nkey::sites is a pointer to the list of built-in usage sites of the static\ncall. The type of the pointer is differentiated by bit 0. A mods pointer\nhas the bit clear, the sites pointer has the bit set.\n\nAs static_call_del_module() blidly assumes that the pointer is a valid\nstatic_call_mod type, it fails to check for this failure case and\ndereferences the pointer to the list of built-in call sites, which is\nobviously bogus.\n\nCure it by checking whether the key has a sites or a mods pointer.\n\nIf it\u0027s a sites pointer then the key is not to be touched. As the sites are\nwalked in the same order as in __static_call_init() the site walk can be\nterminated because all subsequent sites have not been touched by the init\ncode due to the error exit.\n\nIf it was converted before the allocation fail, then the inner loop which\nsearches for a module match will find nothing.\n\nA fail in the second allocation in __static_call_init() is harmless and\ndoes not require special treatment. The first allocation succeeded and\nconverted the key to a module chain. That first entry has mod::mod == NULL\nand mod::next == NULL, so the inner loop of static_call_del_module() will\nneither find a module match nor a module chain. The next site in the walk\nwas either already converted, but can\u0027t match the module, or it will exit\nthe outer loop because it has a static_call_site pointer and not a\nstatic_call_mod pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50002",
"url": "https://www.suse.com/security/cve/CVE-2024-50002"
},
{
"category": "external",
"summary": "SUSE Bug 1232083 for CVE-2024-50002",
"url": "https://bugzilla.suse.com/1232083"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50002"
},
{
"cve": "CVE-2024-50003",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50003"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix system hang while resume with TBT monitor\n\n[Why]\nConnected with a Thunderbolt monitor and do the suspend and the system\nmay hang while resume.\n\nThe TBT monitor HPD will be triggered during the resume procedure\nand call the drm_client_modeset_probe() while\nstruct drm_connector connector-\u003edev-\u003emaster is NULL.\n\nIt will mess up the pipe topology after resume.\n\n[How]\nSkip the TBT monitor HPD during the resume procedure because we\ncurrently will probe the connectors after resume by default.\n\n(cherry picked from commit 453f86a26945207a16b8f66aaed5962dc2b95b85)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50003",
"url": "https://www.suse.com/security/cve/CVE-2024-50003"
},
{
"category": "external",
"summary": "SUSE Bug 1232385 for CVE-2024-50003",
"url": "https://bugzilla.suse.com/1232385"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50003"
},
{
"cve": "CVE-2024-50004",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50004"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35\n\n[WHY \u0026 HOW]\nMismatch in DCN35 DML2 cause bw validation failed to acquire unexpected DPP pipe to cause\ngrey screen and system hang. Remove EnhancedPrefetchScheduleAccelerationFinal value override\nto match HW spec.\n\n(cherry picked from commit 9dad21f910fcea2bdcff4af46159101d7f9cd8ba)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50004",
"url": "https://www.suse.com/security/cve/CVE-2024-50004"
},
{
"category": "external",
"summary": "SUSE Bug 1232396 for CVE-2024-50004",
"url": "https://bugzilla.suse.com/1232396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50004"
},
{
"cve": "CVE-2024-50006",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50006"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix i_data_sem unlock order in ext4_ind_migrate()\n\nFuzzing reports a possible deadlock in jbd2_log_wait_commit.\n\nThis issue is triggered when an EXT4_IOC_MIGRATE ioctl is set to require\nsynchronous updates because the file descriptor is opened with O_SYNC.\nThis can lead to the jbd2_journal_stop() function calling\njbd2_might_wait_for_commit(), potentially causing a deadlock if the\nEXT4_IOC_MIGRATE call races with a write(2) system call.\n\nThis problem only arises when CONFIG_PROVE_LOCKING is enabled. In this\ncase, the jbd2_might_wait_for_commit macro locks jbd2_handle in the\njbd2_journal_stop function while i_data_sem is locked. This triggers\nlockdep because the jbd2_journal_start function might also lock the same\njbd2_handle simultaneously.\n\nFound by Linux Verification Center (linuxtesting.org) with syzkaller.\n\nRule: add",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50006",
"url": "https://www.suse.com/security/cve/CVE-2024-50006"
},
{
"category": "external",
"summary": "SUSE Bug 1232442 for CVE-2024-50006",
"url": "https://bugzilla.suse.com/1232442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50006"
},
{
"cve": "CVE-2024-50007",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50007"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: asihpi: Fix potential OOB array access\n\nASIHPI driver stores some values in the static array upon a response\nfrom the driver, and its index depends on the firmware. We shouldn\u0027t\ntrust it blindly.\n\nThis patch adds a sanity check of the array index to fit in the array\nsize.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50007",
"url": "https://www.suse.com/security/cve/CVE-2024-50007"
},
{
"category": "external",
"summary": "SUSE Bug 1232394 for CVE-2024-50007",
"url": "https://bugzilla.suse.com/1232394"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50007"
},
{
"cve": "CVE-2024-50008",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50008"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext()\n\nReplace one-element array with a flexible-array member in\n`struct host_cmd_ds_802_11_scan_ext`.\n\nWith this, fix the following warning:\n\nelo 16 17:51:58 surfacebook kernel: ------------[ cut here ]------------\nelo 16 17:51:58 surfacebook kernel: memcpy: detected field-spanning write (size 243) of single field \"ext_scan-\u003etlv_buffer\" at drivers/net/wireless/marvell/mwifiex/scan.c:2239 (size 1)\nelo 16 17:51:58 surfacebook kernel: WARNING: CPU: 0 PID: 498 at drivers/net/wireless/marvell/mwifiex/scan.c:2239 mwifiex_cmd_802_11_scan_ext+0x83/0x90 [mwifiex]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50008",
"url": "https://www.suse.com/security/cve/CVE-2024-50008"
},
{
"category": "external",
"summary": "SUSE Bug 1232317 for CVE-2024-50008",
"url": "https://bugzilla.suse.com/1232317"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50008"
},
{
"cve": "CVE-2024-50009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: amd-pstate: add check for cpufreq_cpu_get\u0027s return value\n\ncpufreq_cpu_get may return NULL. To avoid NULL-dereference check it\nand return in case of error.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50009",
"url": "https://www.suse.com/security/cve/CVE-2024-50009"
},
{
"category": "external",
"summary": "SUSE Bug 1232318 for CVE-2024-50009",
"url": "https://bugzilla.suse.com/1232318"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50009"
},
{
"cve": "CVE-2024-50012",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50012"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: Avoid a bad reference count on CPU node\n\nIn the parse_perf_domain function, if the call to\nof_parse_phandle_with_args returns an error, then the reference to the\nCPU device node that was acquired at the start of the function would not\nbe properly decremented.\n\nAddress this by declaring the variable with the __free(device_node)\ncleanup attribute.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50012",
"url": "https://www.suse.com/security/cve/CVE-2024-50012"
},
{
"category": "external",
"summary": "SUSE Bug 1232386 for CVE-2024-50012",
"url": "https://bugzilla.suse.com/1232386"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50012"
},
{
"cve": "CVE-2024-50013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50013"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix memory leak in exfat_load_bitmap()\n\nIf the first directory entry in the root directory is not a bitmap\ndirectory entry, \u0027bh\u0027 will not be released and reassigned, which\nwill cause a memory leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50013",
"url": "https://www.suse.com/security/cve/CVE-2024-50013"
},
{
"category": "external",
"summary": "SUSE Bug 1232080 for CVE-2024-50013",
"url": "https://bugzilla.suse.com/1232080"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50013"
},
{
"cve": "CVE-2024-50014",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50014"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix access to uninitialised lock in fc replay path\n\nThe following kernel trace can be triggered with fstest generic/629 when\nexecuted against a filesystem with fast-commit feature enabled:\n\nINFO: trying to register non-static key.\nThe code is fine but needs lockdep annotation, or maybe\nyou didn\u0027t initialize this object before use?\nturning off the locking correctness validator.\nCPU: 0 PID: 866 Comm: mount Not tainted 6.10.0+ #11\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-prebuilt.qemu.org 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x66/0x90\n register_lock_class+0x759/0x7d0\n __lock_acquire+0x85/0x2630\n ? __find_get_block+0xb4/0x380\n lock_acquire+0xd1/0x2d0\n ? __ext4_journal_get_write_access+0xd5/0x160\n _raw_spin_lock+0x33/0x40\n ? __ext4_journal_get_write_access+0xd5/0x160\n __ext4_journal_get_write_access+0xd5/0x160\n ext4_reserve_inode_write+0x61/0xb0\n __ext4_mark_inode_dirty+0x79/0x270\n ? ext4_ext_replay_set_iblocks+0x2f8/0x450\n ext4_ext_replay_set_iblocks+0x330/0x450\n ext4_fc_replay+0x14c8/0x1540\n ? jread+0x88/0x2e0\n ? rcu_is_watching+0x11/0x40\n do_one_pass+0x447/0xd00\n jbd2_journal_recover+0x139/0x1b0\n jbd2_journal_load+0x96/0x390\n ext4_load_and_init_journal+0x253/0xd40\n ext4_fill_super+0x2cc6/0x3180\n...\n\nIn the replay path there\u0027s an attempt to lock sbi-\u003es_bdev_wb_lock in\nfunction ext4_check_bdev_write_error(). Unfortunately, at this point this\nspinlock has not been initialized yet. Moving it\u0027s initialization to an\nearlier point in __ext4_fill_super() fixes this splat.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50014",
"url": "https://www.suse.com/security/cve/CVE-2024-50014"
},
{
"category": "external",
"summary": "SUSE Bug 1232446 for CVE-2024-50014",
"url": "https://bugzilla.suse.com/1232446"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50014"
},
{
"cve": "CVE-2024-50015",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50015"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: dax: fix overflowing extents beyond inode size when partially writing\n\nThe dax_iomap_rw() does two things in each iteration: map written blocks\nand copy user data to blocks. If the process is killed by user(See signal\nhandling in dax_iomap_iter()), the copied data will be returned and added\non inode size, which means that the length of written extents may exceed\nthe inode size, then fsck will fail. An example is given as:\n\ndd if=/dev/urandom of=file bs=4M count=1\n dax_iomap_rw\n iomap_iter // round 1\n ext4_iomap_begin\n ext4_iomap_alloc // allocate 0~2M extents(written flag)\n dax_iomap_iter // copy 2M data\n iomap_iter // round 2\n iomap_iter_advance\n iter-\u003epos += iter-\u003eprocessed // iter-\u003epos = 2M\n ext4_iomap_begin\n ext4_iomap_alloc // allocate 2~4M extents(written flag)\n dax_iomap_iter\n fatal_signal_pending\n done = iter-\u003epos - iocb-\u003eki_pos // done = 2M\n ext4_handle_inode_extension\n ext4_update_inode_size // inode size = 2M\n\nfsck reports: Inode 13, i_size is 2097152, should be 4194304. Fix?\n\nFix the problem by truncating extents if the written length is smaller\nthan expected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50015",
"url": "https://www.suse.com/security/cve/CVE-2024-50015"
},
{
"category": "external",
"summary": "SUSE Bug 1232079 for CVE-2024-50015",
"url": "https://bugzilla.suse.com/1232079"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50015"
},
{
"cve": "CVE-2024-50017",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50017"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm/ident_map: Use gbpages only where full GB page should be mapped.\n\nWhen ident_pud_init() uses only GB pages to create identity maps, large\nranges of addresses not actually requested can be included in the resulting\ntable; a 4K request will map a full GB. This can include a lot of extra\naddress space past that requested, including areas marked reserved by the\nBIOS. That allows processor speculation into reserved regions, that on UV\nsystems can cause system halts.\n\nOnly use GB pages when map creation requests include the full GB page of\nspace. Fall back to using smaller 2M pages when only portions of a GB page\nare included in the request.\n\nNo attempt is made to coalesce mapping requests. If a request requires a\nmap entry at the 2M (pmd) level, subsequent mapping requests within the\nsame 1G region will also be at the pmd level, even if adjacent or\noverlapping such requests could have been combined to map a full GB page.\nExisting usage starts with larger regions and then adds smaller regions, so\nthis should not have any great consequence.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50017",
"url": "https://www.suse.com/security/cve/CVE-2024-50017"
},
{
"category": "external",
"summary": "SUSE Bug 1232312 for CVE-2024-50017",
"url": "https://bugzilla.suse.com/1232312"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50017"
},
{
"cve": "CVE-2024-50019",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50019"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nkthread: unpark only parked kthread\n\nCalling into kthread unparking unconditionally is mostly harmless when\nthe kthread is already unparked. The wake up is then simply ignored\nbecause the target is not in TASK_PARKED state.\n\nHowever if the kthread is per CPU, the wake up is preceded by a call\nto kthread_bind() which expects the task to be inactive and in\nTASK_PARKED state, which obviously isn\u0027t the case if it is unparked.\n\nAs a result, calling kthread_stop() on an unparked per-cpu kthread\ntriggers such a warning:\n\n\tWARNING: CPU: 0 PID: 11 at kernel/kthread.c:525 __kthread_bind_mask kernel/kthread.c:525\n\t \u003cTASK\u003e\n\t kthread_stop+0x17a/0x630 kernel/kthread.c:707\n\t destroy_workqueue+0x136/0xc40 kernel/workqueue.c:5810\n\t wg_destruct+0x1e2/0x2e0 drivers/net/wireguard/device.c:257\n\t netdev_run_todo+0xe1a/0x1000 net/core/dev.c:10693\n\t default_device_exit_batch+0xa14/0xa90 net/core/dev.c:11769\n\t ops_exit_list net/core/net_namespace.c:178 [inline]\n\t cleanup_net+0x89d/0xcc0 net/core/net_namespace.c:640\n\t process_one_work kernel/workqueue.c:3231 [inline]\n\t process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312\n\t worker_thread+0x86d/0xd70 kernel/workqueue.c:3393\n\t kthread+0x2f0/0x390 kernel/kthread.c:389\n\t ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n\t ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\t \u003c/TASK\u003e\n\nFix this with skipping unecessary unparking while stopping a kthread.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50019",
"url": "https://www.suse.com/security/cve/CVE-2024-50019"
},
{
"category": "external",
"summary": "SUSE Bug 1231990 for CVE-2024-50019",
"url": "https://bugzilla.suse.com/1231990"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50019"
},
{
"cve": "CVE-2024-50020",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50020"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix improper handling of refcount in ice_sriov_set_msix_vec_count()\n\nThis patch addresses an issue with improper reference count handling in the\nice_sriov_set_msix_vec_count() function.\n\nFirst, the function calls ice_get_vf_by_id(), which increments the\nreference count of the vf pointer. If the subsequent call to\nice_get_vf_vsi() fails, the function currently returns an error without\ndecrementing the reference count of the vf pointer, leading to a reference\ncount leak. The correct behavior, as implemented in this patch, is to\ndecrement the reference count using ice_put_vf(vf) before returning an\nerror when vsi is NULL.\n\nSecond, the function calls ice_sriov_get_irqs(), which sets\nvf-\u003efirst_vector_idx. If this call returns a negative value, indicating an\nerror, the function returns an error without decrementing the reference\ncount of the vf pointer, resulting in another reference count leak. The\npatch addresses this by adding a call to ice_put_vf(vf) before returning\nan error when vf-\u003efirst_vector_idx \u003c 0.\n\nThis bug was identified by an experimental static analysis tool developed\nby our team. The tool specializes in analyzing reference count operations\nand identifying potential mismanagement of reference counts. In this case,\nthe tool flagged the missing decrement operation as a potential issue,\nleading to this patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50020",
"url": "https://www.suse.com/security/cve/CVE-2024-50020"
},
{
"category": "external",
"summary": "SUSE Bug 1231989 for CVE-2024-50020",
"url": "https://bugzilla.suse.com/1231989"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50020"
},
{
"cve": "CVE-2024-50021",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50021"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix improper handling of refcount in ice_dpll_init_rclk_pins()\n\nThis patch addresses a reference count handling issue in the\nice_dpll_init_rclk_pins() function. The function calls ice_dpll_get_pins(),\nwhich increments the reference count of the relevant resources. However,\nif the condition WARN_ON((!vsi || !vsi-\u003enetdev)) is met, the function\ncurrently returns an error without properly releasing the resources\nacquired by ice_dpll_get_pins(), leading to a reference count leak.\n\nTo resolve this, the check has been moved to the top of the function. This\nensures that the function verifies the state before any resources are\nacquired, avoiding the need for additional resource management in the\nerror path.\n\nThis bug was identified by an experimental static analysis tool developed\nby our team. The tool specializes in analyzing reference count operations\nand detecting potential issues where resources are not properly managed.\nIn this case, the tool flagged the missing release operation as a\npotential problem, which led to the development of this patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50021",
"url": "https://www.suse.com/security/cve/CVE-2024-50021"
},
{
"category": "external",
"summary": "SUSE Bug 1231957 for CVE-2024-50021",
"url": "https://bugzilla.suse.com/1231957"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50021"
},
{
"cve": "CVE-2024-50022",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50022"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndevice-dax: correct pgoff align in dax_set_mapping()\n\npgoff should be aligned using ALIGN_DOWN() instead of ALIGN(). Otherwise,\nvmf-\u003eaddress not aligned to fault_size will be aligned to the next\nalignment, that can result in memory failure getting the wrong address.\n\nIt\u0027s a subtle situation that only can be observed in\npage_mapped_in_vma() after the page is page fault handled by\ndev_dax_huge_fault. Generally, there is little chance to perform\npage_mapped_in_vma in dev-dax\u0027s page unless in specific error injection\nto the dax device to trigger an MCE - memory-failure. In that case,\npage_mapped_in_vma() will be triggered to determine which task is\naccessing the failure address and kill that task in the end.\n\n\nWe used self-developed dax device (which is 2M aligned mapping) , to\nperform error injection to random address. It turned out that error\ninjected to non-2M-aligned address was causing endless MCE until panic.\nBecause page_mapped_in_vma() kept resulting wrong address and the task\naccessing the failure address was never killed properly:\n\n\n[ 3783.719419] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3784.049006] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3784.049190] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3784.448042] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3784.448186] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3784.792026] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3784.792179] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3785.162502] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3785.162633] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3785.461116] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3785.461247] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3785.764730] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3785.764859] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3786.042128] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3786.042259] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3786.464293] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3786.464423] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3786.818090] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3786.818217] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3787.085297] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3787.085424] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n\nIt took us several weeks to pinpoint this problem, but we eventually\nused bpftrace to trace the page fault and mce address and successfully\nidentified the issue.\n\n\nJoao added:\n\n; Likely we never reproduce in production because we always pin\n: device-dax regions in the region align they provide (Qemu does\n: similarly with prealloc in hugetlb/file backed memory). I think this\n: bug requires that we touch *unpinned* device-dax regions unaligned to\n: the device-dax selected alignment (page size i.e. 4K/2M/1G)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50022",
"url": "https://www.suse.com/security/cve/CVE-2024-50022"
},
{
"category": "external",
"summary": "SUSE Bug 1231956 for CVE-2024-50022",
"url": "https://bugzilla.suse.com/1231956"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50022"
},
{
"cve": "CVE-2024-50023",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50023"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: Remove LED entry from LEDs list on unregister\n\nCommit c938ab4da0eb (\"net: phy: Manual remove LEDs to ensure correct\nordering\") correctly fixed a problem with using devm_ but missed\nremoving the LED entry from the LEDs list.\n\nThis cause kernel panic on specific scenario where the port for the PHY\nis torn down and up and the kmod for the PHY is removed.\n\nOn setting the port down the first time, the assosiacted LEDs are\ncorrectly unregistered. The associated kmod for the PHY is now removed.\nThe kmod is now added again and the port is now put up, the associated LED\nare registered again.\nOn putting the port down again for the second time after these step, the\nLED list now have 4 elements. With the first 2 already unregistered\npreviously and the 2 new one registered again.\n\nThis cause a kernel panic as the first 2 element should have been\nremoved.\n\nFix this by correctly removing the element when LED is unregistered.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50023",
"url": "https://www.suse.com/security/cve/CVE-2024-50023"
},
{
"category": "external",
"summary": "SUSE Bug 1231955 for CVE-2024-50023",
"url": "https://bugzilla.suse.com/1231955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50023"
},
{
"cve": "CVE-2024-50024",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50024"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix an unsafe loop on the list\n\nThe kernel may crash when deleting a genetlink family if there are still\nlisteners for that family:\n\nOops: Kernel access of bad area, sig: 11 [#1]\n ...\n NIP [c000000000c080bc] netlink_update_socket_mc+0x3c/0xc0\n LR [c000000000c0f764] __netlink_clear_multicast_users+0x74/0xc0\n Call Trace:\n__netlink_clear_multicast_users+0x74/0xc0\ngenl_unregister_family+0xd4/0x2d0\n\nChange the unsafe loop on the list to a safe one, because inside the\nloop there is an element removal from this list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50024",
"url": "https://www.suse.com/security/cve/CVE-2024-50024"
},
{
"category": "external",
"summary": "SUSE Bug 1231954 for CVE-2024-50024",
"url": "https://bugzilla.suse.com/1231954"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50024"
},
{
"cve": "CVE-2024-50025",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50025"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: fnic: Move flush_work initialization out of if block\n\nAfter commit 379a58caa199 (\"scsi: fnic: Move fnic_fnic_flush_tx() to a\nwork queue\"), it can happen that a work item is sent to an uninitialized\nwork queue. This may has the effect that the item being queued is never\nactually queued, and any further actions depending on it will not\nproceed.\n\nThe following warning is observed while the fnic driver is loaded:\n\nkernel: WARNING: CPU: 11 PID: 0 at ../kernel/workqueue.c:1524 __queue_work+0x373/0x410\nkernel: \u003cIRQ\u003e\nkernel: queue_work_on+0x3a/0x50\nkernel: fnic_wq_copy_cmpl_handler+0x54a/0x730 [fnic 62fbff0c42e7fb825c60a55cde2fb91facb2ed24]\nkernel: fnic_isr_msix_wq_copy+0x2d/0x60 [fnic 62fbff0c42e7fb825c60a55cde2fb91facb2ed24]\nkernel: __handle_irq_event_percpu+0x36/0x1a0\nkernel: handle_irq_event_percpu+0x30/0x70\nkernel: handle_irq_event+0x34/0x60\nkernel: handle_edge_irq+0x7e/0x1a0\nkernel: __common_interrupt+0x3b/0xb0\nkernel: common_interrupt+0x58/0xa0\nkernel: \u003c/IRQ\u003e\n\nIt has been observed that this may break the rediscovery of Fibre\nChannel devices after a temporary fabric failure.\n\nThis patch fixes it by moving the work queue initialization out of\nan if block in fnic_probe().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50025",
"url": "https://www.suse.com/security/cve/CVE-2024-50025"
},
{
"category": "external",
"summary": "SUSE Bug 1231953 for CVE-2024-50025",
"url": "https://bugzilla.suse.com/1231953"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50025"
},
{
"cve": "CVE-2024-50026",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50026"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: wd33c93: Don\u0027t use stale scsi_pointer value\n\nA regression was introduced with commit dbb2da557a6a (\"scsi: wd33c93:\nMove the SCSI pointer to private command data\") which results in an oops\nin wd33c93_intr(). That commit added the scsi_pointer variable and\ninitialized it from hostdata-\u003econnected. However, during selection,\nhostdata-\u003econnected is not yet valid. Fix this by getting the current\nscsi_pointer from hostdata-\u003eselecting.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50026",
"url": "https://www.suse.com/security/cve/CVE-2024-50026"
},
{
"category": "external",
"summary": "SUSE Bug 1231952 for CVE-2024-50026",
"url": "https://bugzilla.suse.com/1231952"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50026"
},
{
"cve": "CVE-2024-50027",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50027"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: core: Free tzp copy along with the thermal zone\n\nThe object pointed to by tz-\u003etzp may still be accessed after being\nfreed in thermal_zone_device_unregister(), so move the freeing of it\nto the point after the removal completion has been completed at which\nit cannot be accessed any more.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50027",
"url": "https://www.suse.com/security/cve/CVE-2024-50027"
},
{
"category": "external",
"summary": "SUSE Bug 1231951 for CVE-2024-50027",
"url": "https://bugzilla.suse.com/1231951"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50027"
},
{
"cve": "CVE-2024-50028",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50028"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: core: Reference count the zone in thermal_zone_get_by_id()\n\nThere are places in the thermal netlink code where nothing prevents\nthe thermal zone object from going away while being accessed after it\nhas been returned by thermal_zone_get_by_id().\n\nTo address this, make thermal_zone_get_by_id() get a reference on the\nthermal zone device object to be returned with the help of get_device(),\nunder thermal_list_lock, and adjust all of its callers to this change\nwith the help of the cleanup.h infrastructure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50028",
"url": "https://www.suse.com/security/cve/CVE-2024-50028"
},
{
"category": "external",
"summary": "SUSE Bug 1231950 for CVE-2024-50028",
"url": "https://bugzilla.suse.com/1231950"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50028"
},
{
"cve": "CVE-2024-50031",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50031"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Stop the active perfmon before being destroyed\n\nWhen running `kmscube` with one or more performance monitors enabled\nvia `GALLIUM_HUD`, the following kernel panic can occur:\n\n[ 55.008324] Unable to handle kernel paging request at virtual address 00000000052004a4\n[ 55.008368] Mem abort info:\n[ 55.008377] ESR = 0x0000000096000005\n[ 55.008387] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 55.008402] SET = 0, FnV = 0\n[ 55.008412] EA = 0, S1PTW = 0\n[ 55.008421] FSC = 0x05: level 1 translation fault\n[ 55.008434] Data abort info:\n[ 55.008442] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n[ 55.008455] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 55.008467] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 55.008481] user pgtable: 4k pages, 39-bit VAs, pgdp=00000001046c6000\n[ 55.008497] [00000000052004a4] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n[ 55.008525] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n[ 55.008542] Modules linked in: rfcomm [...] vc4 v3d snd_soc_hdmi_codec drm_display_helper\ngpu_sched drm_shmem_helper cec drm_dma_helper drm_kms_helper i2c_brcmstb\ndrm drm_panel_orientation_quirks snd_soc_core snd_compress snd_pcm_dmaengine snd_pcm snd_timer snd backlight\n[ 55.008799] CPU: 2 PID: 166 Comm: v3d_bin Tainted: G C 6.6.47+rpt-rpi-v8 #1 Debian 1:6.6.47-1+rpt1\n[ 55.008824] Hardware name: Raspberry Pi 4 Model B Rev 1.5 (DT)\n[ 55.008838] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 55.008855] pc : __mutex_lock.constprop.0+0x90/0x608\n[ 55.008879] lr : __mutex_lock.constprop.0+0x58/0x608\n[ 55.008895] sp : ffffffc080673cf0\n[ 55.008904] x29: ffffffc080673cf0 x28: 0000000000000000 x27: ffffff8106188a28\n[ 55.008926] x26: ffffff8101e78040 x25: ffffff8101baa6c0 x24: ffffffd9d989f148\n[ 55.008947] x23: ffffffda1c2a4008 x22: 0000000000000002 x21: ffffffc080673d38\n[ 55.008968] x20: ffffff8101238000 x19: ffffff8104f83188 x18: 0000000000000000\n[ 55.008988] x17: 0000000000000000 x16: ffffffda1bd04d18 x15: 00000055bb08bc90\n[ 55.009715] x14: 0000000000000000 x13: 0000000000000000 x12: ffffffda1bd4cbb0\n[ 55.010433] x11: 00000000fa83b2da x10: 0000000000001a40 x9 : ffffffda1bd04d04\n[ 55.011162] x8 : ffffff8102097b80 x7 : 0000000000000000 x6 : 00000000030a5857\n[ 55.011880] x5 : 00ffffffffffffff x4 : 0300000005200470 x3 : 0300000005200470\n[ 55.012598] x2 : ffffff8101238000 x1 : 0000000000000021 x0 : 0300000005200470\n[ 55.013292] Call trace:\n[ 55.013959] __mutex_lock.constprop.0+0x90/0x608\n[ 55.014646] __mutex_lock_slowpath+0x1c/0x30\n[ 55.015317] mutex_lock+0x50/0x68\n[ 55.015961] v3d_perfmon_stop+0x40/0xe0 [v3d]\n[ 55.016627] v3d_bin_job_run+0x10c/0x2d8 [v3d]\n[ 55.017282] drm_sched_main+0x178/0x3f8 [gpu_sched]\n[ 55.017921] kthread+0x11c/0x128\n[ 55.018554] ret_from_fork+0x10/0x20\n[ 55.019168] Code: f9400260 f1001c1f 54001ea9 927df000 (b9403401)\n[ 55.019776] ---[ end trace 0000000000000000 ]---\n[ 55.020411] note: v3d_bin[166] exited with preempt_count 1\n\nThis issue arises because, upon closing the file descriptor (which happens\nwhen we interrupt `kmscube`), the active performance monitor is not\nstopped. Although all perfmons are destroyed in `v3d_perfmon_close_file()`,\nthe active performance monitor\u0027s pointer (`v3d-\u003eactive_perfmon`) is still\nretained.\n\nIf `kmscube` is run again, the driver will attempt to stop the active\nperformance monitor using the stale pointer in `v3d-\u003eactive_perfmon`.\nHowever, this pointer is no longer valid because the previous process has\nalready terminated, and all performance monitors associated with it have\nbeen destroyed and freed.\n\nTo fix this, when the active performance monitor belongs to a given\nprocess, explicitly stop it before destroying and freeing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50031",
"url": "https://www.suse.com/security/cve/CVE-2024-50031"
},
{
"category": "external",
"summary": "SUSE Bug 1231947 for CVE-2024-50031",
"url": "https://bugzilla.suse.com/1231947"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50031"
},
{
"cve": "CVE-2024-50033",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50033"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nslip: make slhc_remember() more robust against malicious packets\n\nsyzbot found that slhc_remember() was missing checks against\nmalicious packets [1].\n\nslhc_remember() only checked the size of the packet was at least 20,\nwhich is not good enough.\n\nWe need to make sure the packet includes the IPv4 and TCP header\nthat are supposed to be carried.\n\nAdd iph and th pointers to make the code more readable.\n\n[1]\n\nBUG: KMSAN: uninit-value in slhc_remember+0x2e8/0x7b0 drivers/net/slip/slhc.c:666\n slhc_remember+0x2e8/0x7b0 drivers/net/slip/slhc.c:666\n ppp_receive_nonmp_frame+0xe45/0x35e0 drivers/net/ppp/ppp_generic.c:2455\n ppp_receive_frame drivers/net/ppp/ppp_generic.c:2372 [inline]\n ppp_do_recv+0x65f/0x40d0 drivers/net/ppp/ppp_generic.c:2212\n ppp_input+0x7dc/0xe60 drivers/net/ppp/ppp_generic.c:2327\n pppoe_rcv_core+0x1d3/0x720 drivers/net/ppp/pppoe.c:379\n sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1113\n __release_sock+0x1da/0x330 net/core/sock.c:3072\n release_sock+0x6b/0x250 net/core/sock.c:3626\n pppoe_sendmsg+0x2b8/0xb90 drivers/net/ppp/pppoe.c:903\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:744\n ____sys_sendmsg+0x903/0xb60 net/socket.c:2602\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656\n __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742\n __do_sys_sendmmsg net/socket.c:2771 [inline]\n __se_sys_sendmmsg net/socket.c:2768 [inline]\n __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768\n x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4091 [inline]\n slab_alloc_node mm/slub.c:4134 [inline]\n kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4186\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587\n __alloc_skb+0x363/0x7b0 net/core/skbuff.c:678\n alloc_skb include/linux/skbuff.h:1322 [inline]\n sock_wmalloc+0xfe/0x1a0 net/core/sock.c:2732\n pppoe_sendmsg+0x3a7/0xb90 drivers/net/ppp/pppoe.c:867\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:744\n ____sys_sendmsg+0x903/0xb60 net/socket.c:2602\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656\n __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742\n __do_sys_sendmmsg net/socket.c:2771 [inline]\n __se_sys_sendmmsg net/socket.c:2768 [inline]\n __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768\n x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 0 UID: 0 PID: 5460 Comm: syz.2.33 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50033",
"url": "https://www.suse.com/security/cve/CVE-2024-50033"
},
{
"category": "external",
"summary": "SUSE Bug 1231914 for CVE-2024-50033",
"url": "https://bugzilla.suse.com/1231914"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50033"
},
{
"cve": "CVE-2024-50035",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50035"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: fix ppp_async_encode() illegal access\n\nsyzbot reported an issue in ppp_async_encode() [1]\n\nIn this case, pppoe_sendmsg() is called with a zero size.\nThen ppp_async_encode() is called with an empty skb.\n\nBUG: KMSAN: uninit-value in ppp_async_encode drivers/net/ppp/ppp_async.c:545 [inline]\n BUG: KMSAN: uninit-value in ppp_async_push+0xb4f/0x2660 drivers/net/ppp/ppp_async.c:675\n ppp_async_encode drivers/net/ppp/ppp_async.c:545 [inline]\n ppp_async_push+0xb4f/0x2660 drivers/net/ppp/ppp_async.c:675\n ppp_async_send+0x130/0x1b0 drivers/net/ppp/ppp_async.c:634\n ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2280 [inline]\n ppp_input+0x1f1/0xe60 drivers/net/ppp/ppp_generic.c:2304\n pppoe_rcv_core+0x1d3/0x720 drivers/net/ppp/pppoe.c:379\n sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1113\n __release_sock+0x1da/0x330 net/core/sock.c:3072\n release_sock+0x6b/0x250 net/core/sock.c:3626\n pppoe_sendmsg+0x2b8/0xb90 drivers/net/ppp/pppoe.c:903\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:744\n ____sys_sendmsg+0x903/0xb60 net/socket.c:2602\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656\n __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742\n __do_sys_sendmmsg net/socket.c:2771 [inline]\n __se_sys_sendmmsg net/socket.c:2768 [inline]\n __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768\n x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4092 [inline]\n slab_alloc_node mm/slub.c:4135 [inline]\n kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4187\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587\n __alloc_skb+0x363/0x7b0 net/core/skbuff.c:678\n alloc_skb include/linux/skbuff.h:1322 [inline]\n sock_wmalloc+0xfe/0x1a0 net/core/sock.c:2732\n pppoe_sendmsg+0x3a7/0xb90 drivers/net/ppp/pppoe.c:867\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:744\n ____sys_sendmsg+0x903/0xb60 net/socket.c:2602\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656\n __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742\n __do_sys_sendmmsg net/socket.c:2771 [inline]\n __se_sys_sendmmsg net/socket.c:2768 [inline]\n __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768\n x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 1 UID: 0 PID: 5411 Comm: syz.1.14 Not tainted 6.12.0-rc1-syzkaller-00165-g360c1f1f24c6 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50035",
"url": "https://www.suse.com/security/cve/CVE-2024-50035"
},
{
"category": "external",
"summary": "SUSE Bug 1232392 for CVE-2024-50035",
"url": "https://bugzilla.suse.com/1232392"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50035"
},
{
"cve": "CVE-2024-50040",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50040"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nigb: Do not bring the device up after non-fatal error\n\nCommit 004d25060c78 (\"igb: Fix igb_down hung on surprise removal\")\nchanged igb_io_error_detected() to ignore non-fatal pcie errors in order\nto avoid hung task that can happen when igb_down() is called multiple\ntimes. This caused an issue when processing transient non-fatal errors.\nigb_io_resume(), which is called after igb_io_error_detected(), assumes\nthat device is brought down by igb_io_error_detected() if the interface\nis up. This resulted in panic with stacktrace below.\n\n[ T3256] igb 0000:09:00.0 haeth0: igb: haeth0 NIC Link is Down\n[ T292] pcieport 0000:00:1c.5: AER: Uncorrected (Non-Fatal) error received: 0000:09:00.0\n[ T292] igb 0000:09:00.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)\n[ T292] igb 0000:09:00.0: device [8086:1537] error status/mask=00004000/00000000\n[ T292] igb 0000:09:00.0: [14] CmpltTO [ 200.105524,009][ T292] igb 0000:09:00.0: AER: TLP Header: 00000000 00000000 00000000 00000000\n[ T292] pcieport 0000:00:1c.5: AER: broadcast error_detected message\n[ T292] igb 0000:09:00.0: Non-correctable non-fatal error reported.\n[ T292] pcieport 0000:00:1c.5: AER: broadcast mmio_enabled message\n[ T292] pcieport 0000:00:1c.5: AER: broadcast resume message\n[ T292] ------------[ cut here ]------------\n[ T292] kernel BUG at net/core/dev.c:6539!\n[ T292] invalid opcode: 0000 [#1] PREEMPT SMP\n[ T292] RIP: 0010:napi_enable+0x37/0x40\n[ T292] Call Trace:\n[ T292] \u003cTASK\u003e\n[ T292] ? die+0x33/0x90\n[ T292] ? do_trap+0xdc/0x110\n[ T292] ? napi_enable+0x37/0x40\n[ T292] ? do_error_trap+0x70/0xb0\n[ T292] ? napi_enable+0x37/0x40\n[ T292] ? napi_enable+0x37/0x40\n[ T292] ? exc_invalid_op+0x4e/0x70\n[ T292] ? napi_enable+0x37/0x40\n[ T292] ? asm_exc_invalid_op+0x16/0x20\n[ T292] ? napi_enable+0x37/0x40\n[ T292] igb_up+0x41/0x150\n[ T292] igb_io_resume+0x25/0x70\n[ T292] report_resume+0x54/0x70\n[ T292] ? report_frozen_detected+0x20/0x20\n[ T292] pci_walk_bus+0x6c/0x90\n[ T292] ? aer_print_port_info+0xa0/0xa0\n[ T292] pcie_do_recovery+0x22f/0x380\n[ T292] aer_process_err_devices+0x110/0x160\n[ T292] aer_isr+0x1c1/0x1e0\n[ T292] ? disable_irq_nosync+0x10/0x10\n[ T292] irq_thread_fn+0x1a/0x60\n[ T292] irq_thread+0xe3/0x1a0\n[ T292] ? irq_set_affinity_notifier+0x120/0x120\n[ T292] ? irq_affinity_notify+0x100/0x100\n[ T292] kthread+0xe2/0x110\n[ T292] ? kthread_complete_and_exit+0x20/0x20\n[ T292] ret_from_fork+0x2d/0x50\n[ T292] ? kthread_complete_and_exit+0x20/0x20\n[ T292] ret_from_fork_asm+0x11/0x20\n[ T292] \u003c/TASK\u003e\n\nTo fix this issue igb_io_resume() checks if the interface is running and\nthe device is not down this means igb_io_error_detected() did not bring\nthe device down and there is no need to bring it up.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50040",
"url": "https://www.suse.com/security/cve/CVE-2024-50040"
},
{
"category": "external",
"summary": "SUSE Bug 1231908 for CVE-2024-50040",
"url": "https://bugzilla.suse.com/1231908"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50040"
},
{
"cve": "CVE-2024-50041",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50041"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Fix macvlan leak by synchronizing access to mac_filter_hash\n\nThis patch addresses a macvlan leak issue in the i40e driver caused by\nconcurrent access to vsi-\u003emac_filter_hash. The leak occurs when multiple\nthreads attempt to modify the mac_filter_hash simultaneously, leading to\ninconsistent state and potential memory leaks.\n\nTo fix this, we now wrap the calls to i40e_del_mac_filter() and zeroing\nvf-\u003edefault_lan_addr.addr with spin_lock/unlock_bh(\u0026vsi-\u003emac_filter_hash_lock),\nensuring atomic operations and preventing concurrent access.\n\nAdditionally, we add lockdep_assert_held(\u0026vsi-\u003emac_filter_hash_lock) in\ni40e_add_mac_filter() to help catch similar issues in the future.\n\nReproduction steps:\n1. Spawn VFs and configure port vlan on them.\n2. Trigger concurrent macvlan operations (e.g., adding and deleting\n\tportvlan and/or mac filters).\n3. Observe the potential memory leak and inconsistent state in the\n\tmac_filter_hash.\n\nThis synchronization ensures the integrity of the mac_filter_hash and prevents\nthe described leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50041",
"url": "https://www.suse.com/security/cve/CVE-2024-50041"
},
{
"category": "external",
"summary": "SUSE Bug 1231907 for CVE-2024-50041",
"url": "https://bugzilla.suse.com/1231907"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50041"
},
{
"cve": "CVE-2024-50042",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50042"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix increasing MSI-X on VF\n\nIncreasing MSI-X value on a VF leads to invalid memory operations. This\nis caused by not reallocating some arrays.\n\nReproducer:\n modprobe ice\n echo 0 \u003e /sys/bus/pci/devices/$PF_PCI/sriov_drivers_autoprobe\n echo 1 \u003e /sys/bus/pci/devices/$PF_PCI/sriov_numvfs\n echo 17 \u003e /sys/bus/pci/devices/$VF0_PCI/sriov_vf_msix_count\n\nDefault MSI-X is 16, so 17 and above triggers this issue.\n\nKASAN reports:\n\n BUG: KASAN: slab-out-of-bounds in ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice]\n Read of size 8 at addr ffff8888b937d180 by task bash/28433\n (...)\n\n Call Trace:\n (...)\n ? ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice]\n kasan_report+0xed/0x120\n ? ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice]\n ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice]\n ice_vsi_cfg_def+0x3360/0x4770 [ice]\n ? mutex_unlock+0x83/0xd0\n ? __pfx_ice_vsi_cfg_def+0x10/0x10 [ice]\n ? __pfx_ice_remove_vsi_lkup_fltr+0x10/0x10 [ice]\n ice_vsi_cfg+0x7f/0x3b0 [ice]\n ice_vf_reconfig_vsi+0x114/0x210 [ice]\n ice_sriov_set_msix_vec_count+0x3d0/0x960 [ice]\n sriov_vf_msix_count_store+0x21c/0x300\n (...)\n\n Allocated by task 28201:\n (...)\n ice_vsi_cfg_def+0x1c8e/0x4770 [ice]\n ice_vsi_cfg+0x7f/0x3b0 [ice]\n ice_vsi_setup+0x179/0xa30 [ice]\n ice_sriov_configure+0xcaa/0x1520 [ice]\n sriov_numvfs_store+0x212/0x390\n (...)\n\nTo fix it, use ice_vsi_rebuild() instead of ice_vf_reconfig_vsi(). This\ncauses the required arrays to be reallocated taking the new queue count\ninto account (ice_vsi_realloc_stat_arrays()). Set req_txq and req_rxq\nbefore ice_vsi_rebuild(), so that realloc uses the newly set queue\ncount.\n\nAdditionally, ice_vsi_rebuild() does not remove VSI filters\n(ice_fltr_remove_all()), so ice_vf_init_host_cfg() is no longer\nnecessary.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50042",
"url": "https://www.suse.com/security/cve/CVE-2024-50042"
},
{
"category": "external",
"summary": "SUSE Bug 1231906 for CVE-2024-50042",
"url": "https://bugzilla.suse.com/1231906"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50042"
},
{
"cve": "CVE-2024-50044",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50044"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change\n\nrfcomm_sk_state_change attempts to use sock_lock so it must never be\ncalled with it locked but rfcomm_sock_ioctl always attempt to lock it\ncausing the following trace:\n\n======================================================\nWARNING: possible circular locking dependency detected\n6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted\n------------------------------------------------------\nsyz-executor386/5093 is trying to acquire lock:\nffff88807c396258 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1671 [inline]\nffff88807c396258 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sk_state_change+0x5b/0x310 net/bluetooth/rfcomm/sock.c:73\n\nbut task is already holding lock:\nffff88807badfd28 (\u0026d-\u003elock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x226/0x6a0 net/bluetooth/rfcomm/core.c:491",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50044",
"url": "https://www.suse.com/security/cve/CVE-2024-50044"
},
{
"category": "external",
"summary": "SUSE Bug 1231904 for CVE-2024-50044",
"url": "https://bugzilla.suse.com/1231904"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50044"
},
{
"cve": "CVE-2024-50045",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50045"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: br_netfilter: fix panic with metadata_dst skb\n\nFix a kernel panic in the br_netfilter module when sending untagged\ntraffic via a VxLAN device.\nThis happens during the check for fragmentation in br_nf_dev_queue_xmit.\n\nIt is dependent on:\n1) the br_netfilter module being loaded;\n2) net.bridge.bridge-nf-call-iptables set to 1;\n3) a bridge with a VxLAN (single-vxlan-device) netdevice as a bridge port;\n4) untagged frames with size higher than the VxLAN MTU forwarded/flooded\n\nWhen forwarding the untagged packet to the VxLAN bridge port, before\nthe netfilter hooks are called, br_handle_egress_vlan_tunnel is called and\nchanges the skb_dst to the tunnel dst. The tunnel_dst is a metadata type\nof dst, i.e., skb_valid_dst(skb) is false, and metadata-\u003edst.dev is NULL.\n\nThen in the br_netfilter hooks, in br_nf_dev_queue_xmit, there\u0027s a check\nfor frames that needs to be fragmented: frames with higher MTU than the\nVxLAN device end up calling br_nf_ip_fragment, which in turns call\nip_skb_dst_mtu.\n\nThe ip_dst_mtu tries to use the skb_dst(skb) as if it was a valid dst\nwith valid dst-\u003edev, thus the crash.\n\nThis case was never supported in the first place, so drop the packet\ninstead.\n\nPING 10.0.0.2 (10.0.0.2) from 0.0.0.0 h1-eth0: 2000(2028) bytes of data.\n[ 176.291791] Unable to handle kernel NULL pointer dereference at\nvirtual address 0000000000000110\n[ 176.292101] Mem abort info:\n[ 176.292184] ESR = 0x0000000096000004\n[ 176.292322] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 176.292530] SET = 0, FnV = 0\n[ 176.292709] EA = 0, S1PTW = 0\n[ 176.292862] FSC = 0x04: level 0 translation fault\n[ 176.293013] Data abort info:\n[ 176.293104] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[ 176.293488] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 176.293787] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 176.293995] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000043ef5000\n[ 176.294166] [0000000000000110] pgd=0000000000000000,\np4d=0000000000000000\n[ 176.294827] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 176.295252] Modules linked in: vxlan ip6_udp_tunnel udp_tunnel veth\nbr_netfilter bridge stp llc ipv6 crct10dif_ce\n[ 176.295923] CPU: 0 PID: 188 Comm: ping Not tainted\n6.8.0-rc3-g5b3fbd61b9d1 #2\n[ 176.296314] Hardware name: linux,dummy-virt (DT)\n[ 176.296535] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS\nBTYPE=--)\n[ 176.296808] pc : br_nf_dev_queue_xmit+0x390/0x4ec [br_netfilter]\n[ 176.297382] lr : br_nf_dev_queue_xmit+0x2ac/0x4ec [br_netfilter]\n[ 176.297636] sp : ffff800080003630\n[ 176.297743] x29: ffff800080003630 x28: 0000000000000008 x27:\nffff6828c49ad9f8\n[ 176.298093] x26: ffff6828c49ad000 x25: 0000000000000000 x24:\n00000000000003e8\n[ 176.298430] x23: 0000000000000000 x22: ffff6828c4960b40 x21:\nffff6828c3b16d28\n[ 176.298652] x20: ffff6828c3167048 x19: ffff6828c3b16d00 x18:\n0000000000000014\n[ 176.298926] x17: ffffb0476322f000 x16: ffffb7e164023730 x15:\n0000000095744632\n[ 176.299296] x14: ffff6828c3f1c880 x13: 0000000000000002 x12:\nffffb7e137926a70\n[ 176.299574] x11: 0000000000000001 x10: ffff6828c3f1c898 x9 :\n0000000000000000\n[ 176.300049] x8 : ffff6828c49bf070 x7 : 0008460f18d5f20e x6 :\nf20e0100bebafeca\n[ 176.300302] x5 : ffff6828c7f918fe x4 : ffff6828c49bf070 x3 :\n0000000000000000\n[ 176.300586] x2 : 0000000000000000 x1 : ffff6828c3c7ad00 x0 :\nffff6828c7f918f0\n[ 176.300889] Call trace:\n[ 176.301123] br_nf_dev_queue_xmit+0x390/0x4ec [br_netfilter]\n[ 176.301411] br_nf_post_routing+0x2a8/0x3e4 [br_netfilter]\n[ 176.301703] nf_hook_slow+0x48/0x124\n[ 176.302060] br_forward_finish+0xc8/0xe8 [bridge]\n[ 176.302371] br_nf_hook_thresh+0x124/0x134 [br_netfilter]\n[ 176.302605] br_nf_forward_finish+0x118/0x22c [br_netfilter]\n[ 176.302824] br_nf_forward_ip.part.0+0x264/0x290 [br_netfilter]\n[ 176.303136] br_nf_forward+0x2b8/0x4e0 [br_netfilter]\n[ 176.303359] nf_hook_slow+0x48/0x124\n[ 176.303\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50045",
"url": "https://www.suse.com/security/cve/CVE-2024-50045"
},
{
"category": "external",
"summary": "SUSE Bug 1231903 for CVE-2024-50045",
"url": "https://bugzilla.suse.com/1231903"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50045"
},
{
"cve": "CVE-2024-50046",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50046"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies()\n\nOn the node of an NFS client, some files saved in the mountpoint of the\nNFS server were copied to another location of the same NFS server.\nAccidentally, the nfs42_complete_copies() got a NULL-pointer dereference\ncrash with the following syslog:\n\n[232064.838881] NFSv4: state recovery failed for open file nfs/pvc-12b5200d-cd0f-46a3-b9f0-af8f4fe0ef64.qcow2, error = -116\n[232064.839360] NFSv4: state recovery failed for open file nfs/pvc-12b5200d-cd0f-46a3-b9f0-af8f4fe0ef64.qcow2, error = -116\n[232066.588183] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000058\n[232066.588586] Mem abort info:\n[232066.588701] ESR = 0x0000000096000007\n[232066.588862] EC = 0x25: DABT (current EL), IL = 32 bits\n[232066.589084] SET = 0, FnV = 0\n[232066.589216] EA = 0, S1PTW = 0\n[232066.589340] FSC = 0x07: level 3 translation fault\n[232066.589559] Data abort info:\n[232066.589683] ISV = 0, ISS = 0x00000007\n[232066.589842] CM = 0, WnR = 0\n[232066.589967] user pgtable: 64k pages, 48-bit VAs, pgdp=00002000956ff400\n[232066.590231] [0000000000000058] pgd=08001100ae100003, p4d=08001100ae100003, pud=08001100ae100003, pmd=08001100b3c00003, pte=0000000000000000\n[232066.590757] Internal error: Oops: 96000007 [#1] SMP\n[232066.590958] Modules linked in: rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs ocfs2_dlmfs ocfs2_stack_o2cb ocfs2_dlm vhost_net vhost vhost_iotlb tap tun ipt_rpfilter xt_multiport ip_set_hash_ip ip_set_hash_net xfrm_interface xfrm6_tunnel tunnel4 tunnel6 esp4 ah4 wireguard libcurve25519_generic veth xt_addrtype xt_set nf_conntrack_netlink ip_set_hash_ipportnet ip_set_hash_ipportip ip_set_bitmap_port ip_set_hash_ipport dummy ip_set ip_vs_sh ip_vs_wrr ip_vs_rr ip_vs iptable_filter sch_ingress nfnetlink_cttimeout vport_gre ip_gre ip_tunnel gre vport_geneve geneve vport_vxlan vxlan ip6_udp_tunnel udp_tunnel openvswitch nf_conncount dm_round_robin dm_service_time dm_multipath xt_nat xt_MASQUERADE nft_chain_nat nf_nat xt_mark xt_conntrack xt_comment nft_compat nft_counter nf_tables nfnetlink ocfs2 ocfs2_nodemanager ocfs2_stackglue iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ipmi_ssif nbd overlay 8021q garp mrp bonding tls rfkill sunrpc ext4 mbcache jbd2\n[232066.591052] vfat fat cas_cache cas_disk ses enclosure scsi_transport_sas sg acpi_ipmi ipmi_si ipmi_devintf ipmi_msghandler ip_tables vfio_pci vfio_pci_core vfio_virqfd vfio_iommu_type1 vfio dm_mirror dm_region_hash dm_log dm_mod nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 br_netfilter bridge stp llc fuse xfs libcrc32c ast drm_vram_helper qla2xxx drm_kms_helper syscopyarea crct10dif_ce sysfillrect ghash_ce sysimgblt sha2_ce fb_sys_fops cec sha256_arm64 sha1_ce drm_ttm_helper ttm nvme_fc igb sbsa_gwdt nvme_fabrics drm nvme_core i2c_algo_bit i40e scsi_transport_fc megaraid_sas aes_neon_bs\n[232066.596953] CPU: 6 PID: 4124696 Comm: 10.253.166.125- Kdump: loaded Not tainted 5.15.131-9.cl9_ocfs2.aarch64 #1\n[232066.597356] Hardware name: Great Wall .\\x93\\x8e...RF6260 V5/GWMSSE2GL1T, BIOS T656FBE_V3.0.18 2024-01-06\n[232066.597721] pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[232066.598034] pc : nfs4_reclaim_open_state+0x220/0x800 [nfsv4]\n[232066.598327] lr : nfs4_reclaim_open_state+0x12c/0x800 [nfsv4]\n[232066.598595] sp : ffff8000f568fc70\n[232066.598731] x29: ffff8000f568fc70 x28: 0000000000001000 x27: ffff21003db33000\n[232066.599030] x26: ffff800005521ae0 x25: ffff0100f98fa3f0 x24: 0000000000000001\n[232066.599319] x23: ffff800009920008 x22: ffff21003db33040 x21: ffff21003db33050\n[232066.599628] x20: ffff410172fe9e40 x19: ffff410172fe9e00 x18: 0000000000000000\n[232066.599914] x17: 0000000000000000 x16: 0000000000000004 x15: 0000000000000000\n[232066.600195] x14: 0000000000000000 x13: ffff800008e685a8 x12: 00000000eac0c6e6\n[232066.600498] x11: 00000000000000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50046",
"url": "https://www.suse.com/security/cve/CVE-2024-50046"
},
{
"category": "external",
"summary": "SUSE Bug 1231902 for CVE-2024-50046",
"url": "https://bugzilla.suse.com/1231902"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50046"
},
{
"cve": "CVE-2024-50047",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50047"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix UAF in async decryption\n\nDoing an async decryption (large read) crashes with a\nslab-use-after-free way down in the crypto API.\n\nReproducer:\n # mount.cifs -o ...,seal,esize=1 //srv/share /mnt\n # dd if=/mnt/largefile of=/dev/null\n ...\n [ 194.196391] ==================================================================\n [ 194.196844] BUG: KASAN: slab-use-after-free in gf128mul_4k_lle+0xc1/0x110\n [ 194.197269] Read of size 8 at addr ffff888112bd0448 by task kworker/u77:2/899\n [ 194.197707]\n [ 194.197818] CPU: 12 UID: 0 PID: 899 Comm: kworker/u77:2 Not tainted 6.11.0-lku-00028-gfca3ca14a17a-dirty #43\n [ 194.198400] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.2-3-gd478f380-prebuilt.qemu.org 04/01/2014\n [ 194.199046] Workqueue: smb3decryptd smb2_decrypt_offload [cifs]\n [ 194.200032] Call Trace:\n [ 194.200191] \u003cTASK\u003e\n [ 194.200327] dump_stack_lvl+0x4e/0x70\n [ 194.200558] ? gf128mul_4k_lle+0xc1/0x110\n [ 194.200809] print_report+0x174/0x505\n [ 194.201040] ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n [ 194.201352] ? srso_return_thunk+0x5/0x5f\n [ 194.201604] ? __virt_addr_valid+0xdf/0x1c0\n [ 194.201868] ? gf128mul_4k_lle+0xc1/0x110\n [ 194.202128] kasan_report+0xc8/0x150\n [ 194.202361] ? gf128mul_4k_lle+0xc1/0x110\n [ 194.202616] gf128mul_4k_lle+0xc1/0x110\n [ 194.202863] ghash_update+0x184/0x210\n [ 194.203103] shash_ahash_update+0x184/0x2a0\n [ 194.203377] ? __pfx_shash_ahash_update+0x10/0x10\n [ 194.203651] ? srso_return_thunk+0x5/0x5f\n [ 194.203877] ? crypto_gcm_init_common+0x1ba/0x340\n [ 194.204142] gcm_hash_assoc_remain_continue+0x10a/0x140\n [ 194.204434] crypt_message+0xec1/0x10a0 [cifs]\n [ 194.206489] ? __pfx_crypt_message+0x10/0x10 [cifs]\n [ 194.208507] ? srso_return_thunk+0x5/0x5f\n [ 194.209205] ? srso_return_thunk+0x5/0x5f\n [ 194.209925] ? srso_return_thunk+0x5/0x5f\n [ 194.210443] ? srso_return_thunk+0x5/0x5f\n [ 194.211037] decrypt_raw_data+0x15f/0x250 [cifs]\n [ 194.212906] ? __pfx_decrypt_raw_data+0x10/0x10 [cifs]\n [ 194.214670] ? srso_return_thunk+0x5/0x5f\n [ 194.215193] smb2_decrypt_offload+0x12a/0x6c0 [cifs]\n\nThis is because TFM is being used in parallel.\n\nFix this by allocating a new AEAD TFM for async decryption, but keep\nthe existing one for synchronous READ cases (similar to what is done\nin smb3_calc_signature()).\n\nAlso remove the calls to aead_request_set_callback() and\ncrypto_wait_req() since it\u0027s always going to be a synchronous operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50047",
"url": "https://www.suse.com/security/cve/CVE-2024-50047"
},
{
"category": "external",
"summary": "SUSE Bug 1232418 for CVE-2024-50047",
"url": "https://bugzilla.suse.com/1232418"
},
{
"category": "external",
"summary": "SUSE Bug 1232576 for CVE-2024-50047",
"url": "https://bugzilla.suse.com/1232576"
},
{
"category": "external",
"summary": "SUSE Bug 1232638 for CVE-2024-50047",
"url": "https://bugzilla.suse.com/1232638"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-50047"
},
{
"cve": "CVE-2024-50048",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50048"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbcon: Fix a NULL pointer dereference issue in fbcon_putcs\n\nsyzbot has found a NULL pointer dereference bug in fbcon.\nHere is the simplified C reproducer:\n\nstruct param {\n\tuint8_t type;\n\tstruct tiocl_selection ts;\n};\n\nint main()\n{\n\tstruct fb_con2fbmap con2fb;\n\tstruct param param;\n\n\tint fd = open(\"/dev/fb1\", 0, 0);\n\n\tcon2fb.console = 0x19;\n\tcon2fb.framebuffer = 0;\n\tioctl(fd, FBIOPUT_CON2FBMAP, \u0026con2fb);\n\n\tparam.type = 2;\n\tparam.ts.xs = 0; param.ts.ys = 0;\n\tparam.ts.xe = 0; param.ts.ye = 0;\n\tparam.ts.sel_mode = 0;\n\n\tint fd1 = open(\"/dev/tty1\", O_RDWR, 0);\n\tioctl(fd1, TIOCLINUX, \u0026param);\n\n\tcon2fb.console = 1;\n\tcon2fb.framebuffer = 0;\n\tioctl(fd, FBIOPUT_CON2FBMAP, \u0026con2fb);\n\n\treturn 0;\n}\n\nAfter calling ioctl(fd1, TIOCLINUX, \u0026param), the subsequent ioctl(fd, FBIOPUT_CON2FBMAP, \u0026con2fb)\ncauses the kernel to follow a different execution path:\n\n set_con2fb_map\n -\u003e con2fb_init_display\n -\u003e fbcon_set_disp\n -\u003e redraw_screen\n -\u003e hide_cursor\n -\u003e clear_selection\n -\u003e highlight\n -\u003e invert_screen\n -\u003e do_update_region\n -\u003e fbcon_putcs\n -\u003e ops-\u003eputcs\n\nSince ops-\u003eputcs is a NULL pointer, this leads to a kernel panic.\nTo prevent this, we need to call set_blitting_type() within set_con2fb_map()\nto properly initialize ops-\u003eputcs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50048",
"url": "https://www.suse.com/security/cve/CVE-2024-50048"
},
{
"category": "external",
"summary": "SUSE Bug 1232310 for CVE-2024-50048",
"url": "https://bugzilla.suse.com/1232310"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50048"
},
{
"cve": "CVE-2024-50049",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50049"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check null pointer before dereferencing se\n\n[WHAT \u0026 HOW]\nse is null checked previously in the same function, indicating\nit might be null; therefore, it must be checked when used again.\n\nThis fixes 1 FORWARD_NULL issue reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50049",
"url": "https://www.suse.com/security/cve/CVE-2024-50049"
},
{
"category": "external",
"summary": "SUSE Bug 1232309 for CVE-2024-50049",
"url": "https://bugzilla.suse.com/1232309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50049"
},
{
"cve": "CVE-2024-50055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50055"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: bus: Fix double free in driver API bus_register()\n\nFor bus_register(), any error which happens after kset_register() will\ncause that @priv are freed twice, fixed by setting @priv with NULL after\nthe first free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50055",
"url": "https://www.suse.com/security/cve/CVE-2024-50055"
},
{
"category": "external",
"summary": "SUSE Bug 1232329 for CVE-2024-50055",
"url": "https://bugzilla.suse.com/1232329"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50055"
},
{
"cve": "CVE-2024-50058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: protect uart_port_dtr_rts() in uart_shutdown() too\n\nCommit af224ca2df29 (serial: core: Prevent unsafe uart port access, part\n3) added few uport == NULL checks. It added one to uart_shutdown(), so\nthe commit assumes, uport can be NULL in there. But right after that\nprotection, there is an unprotected \"uart_port_dtr_rts(uport, false);\"\ncall. That is invoked only if HUPCL is set, so I assume that is the\nreason why we do not see lots of these reports.\n\nOr it cannot be NULL at this point at all for some reason :P.\n\nUntil the above is investigated, stay on the safe side and move this\ndereference to the if too.\n\nI got this inconsistency from Coverity under CID 1585130. Thanks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50058",
"url": "https://www.suse.com/security/cve/CVE-2024-50058"
},
{
"category": "external",
"summary": "SUSE Bug 1232285 for CVE-2024-50058",
"url": "https://bugzilla.suse.com/1232285"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50058"
},
{
"cve": "CVE-2024-50059",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50059"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition\n\nIn the switchtec_ntb_add function, it can call switchtec_ntb_init_sndev\nfunction, then \u0026sndev-\u003echeck_link_status_work is bound with\ncheck_link_status_work. switchtec_ntb_link_notification may be called\nto start the work.\n\nIf we remove the module which will call switchtec_ntb_remove to make\ncleanup, it will free sndev through kfree(sndev), while the work\nmentioned above will be used. The sequence of operations that may lead\nto a UAF bug is as follows:\n\nCPU0 CPU1\n\n | check_link_status_work\nswitchtec_ntb_remove |\nkfree(sndev); |\n | if (sndev-\u003elink_force_down)\n | // use sndev\n\nFix it by ensuring that the work is canceled before proceeding with\nthe cleanup in switchtec_ntb_remove.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50059",
"url": "https://www.suse.com/security/cve/CVE-2024-50059"
},
{
"category": "external",
"summary": "SUSE Bug 1232345 for CVE-2024-50059",
"url": "https://bugzilla.suse.com/1232345"
},
{
"category": "external",
"summary": "SUSE Bug 1232348 for CVE-2024-50059",
"url": "https://bugzilla.suse.com/1232348"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-50059"
},
{
"cve": "CVE-2024-50060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50060"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: check if we need to reschedule during overflow flush\n\nIn terms of normal application usage, this list will always be empty.\nAnd if an application does overflow a bit, it\u0027ll have a few entries.\nHowever, nothing obviously prevents syzbot from running a test case\nthat generates a ton of overflow entries, and then flushing them can\ntake quite a while.\n\nCheck for needing to reschedule while flushing, and drop our locks and\ndo so if necessary. There\u0027s no state to maintain here as overflows\nalways prune from head-of-list, hence it\u0027s fine to drop and reacquire\nthe locks at the end of the loop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50060",
"url": "https://www.suse.com/security/cve/CVE-2024-50060"
},
{
"category": "external",
"summary": "SUSE Bug 1232417 for CVE-2024-50060",
"url": "https://bugzilla.suse.com/1232417"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50060"
},
{
"cve": "CVE-2024-50061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50061"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition\n\nIn the cdns_i3c_master_probe function, \u0026master-\u003ehj_work is bound with\ncdns_i3c_master_hj. And cdns_i3c_master_interrupt can call\ncnds_i3c_master_demux_ibis function to start the work.\n\nIf we remove the module which will call cdns_i3c_master_remove to\nmake cleanup, it will free master-\u003ebase through i3c_master_unregister\nwhile the work mentioned above will be used. The sequence of operations\nthat may lead to a UAF bug is as follows:\n\nCPU0 CPU1\n\n | cdns_i3c_master_hj\ncdns_i3c_master_remove |\ni3c_master_unregister(\u0026master-\u003ebase) |\ndevice_unregister(\u0026master-\u003edev) |\ndevice_release |\n//free master-\u003ebase |\n | i3c_master_do_daa(\u0026master-\u003ebase)\n | //use master-\u003ebase\n\nFix it by ensuring that the work is canceled before proceeding with\nthe cleanup in cdns_i3c_master_remove.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50061",
"url": "https://www.suse.com/security/cve/CVE-2024-50061"
},
{
"category": "external",
"summary": "SUSE Bug 1232263 for CVE-2024-50061",
"url": "https://bugzilla.suse.com/1232263"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50061"
},
{
"cve": "CVE-2024-50062",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50062"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rtrs-srv: Avoid null pointer deref during path establishment\n\nFor RTRS path establishment, RTRS client initiates and completes con_num\nof connections. After establishing all its connections, the information\nis exchanged between the client and server through the info_req message.\nDuring this exchange, it is essential that all connections have been\nestablished, and the state of the RTRS srv path is CONNECTED.\n\nSo add these sanity checks, to make sure we detect and abort process in\nerror scenarios to avoid null pointer deref.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50062",
"url": "https://www.suse.com/security/cve/CVE-2024-50062"
},
{
"category": "external",
"summary": "SUSE Bug 1232232 for CVE-2024-50062",
"url": "https://bugzilla.suse.com/1232232"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50062"
},
{
"cve": "CVE-2024-50063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50063"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Prevent tail call between progs attached to different hooks\n\nbpf progs can be attached to kernel functions, and the attached functions\ncan take different parameters or return different return values. If\nprog attached to one kernel function tail calls prog attached to another\nkernel function, the ctx access or return value verification could be\nbypassed.\n\nFor example, if prog1 is attached to func1 which takes only 1 parameter\nand prog2 is attached to func2 which takes two parameters. Since verifier\nassumes the bpf ctx passed to prog2 is constructed based on func2\u0027s\nprototype, verifier allows prog2 to access the second parameter from\nthe bpf ctx passed to it. The problem is that verifier does not prevent\nprog1 from passing its bpf ctx to prog2 via tail call. In this case,\nthe bpf ctx passed to prog2 is constructed from func1 instead of func2,\nthat is, the assumption for ctx access verification is bypassed.\n\nAnother example, if BPF LSM prog1 is attached to hook file_alloc_security,\nand BPF LSM prog2 is attached to hook bpf_lsm_audit_rule_known. Verifier\nknows the return value rules for these two hooks, e.g. it is legal for\nbpf_lsm_audit_rule_known to return positive number 1, and it is illegal\nfor file_alloc_security to return positive number. So verifier allows\nprog2 to return positive number 1, but does not allow prog1 to return\npositive number. The problem is that verifier does not prevent prog1\nfrom calling prog2 via tail call. In this case, prog2\u0027s return value 1\nwill be used as the return value for prog1\u0027s hook file_alloc_security.\nThat is, the return value rule is bypassed.\n\nThis patch adds restriction for tail call to prevent such bypasses.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50063",
"url": "https://www.suse.com/security/cve/CVE-2024-50063"
},
{
"category": "external",
"summary": "SUSE Bug 1232435 for CVE-2024-50063",
"url": "https://bugzilla.suse.com/1232435"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50063"
},
{
"cve": "CVE-2024-50064",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50064"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nzram: free secondary algorithms names\n\nWe need to kfree() secondary algorithms names when reset zram device that\nhad multi-streams, otherwise we leak memory.\n\n[senozhatsky@chromium.org: kfree(NULL) is legal]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50064",
"url": "https://www.suse.com/security/cve/CVE-2024-50064"
},
{
"category": "external",
"summary": "SUSE Bug 1231901 for CVE-2024-50064",
"url": "https://bugzilla.suse.com/1231901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50064"
},
{
"cve": "CVE-2024-50067",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50067"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nuprobe: avoid out-of-bounds memory access of fetching args\n\nUprobe needs to fetch args into a percpu buffer, and then copy to ring\nbuffer to avoid non-atomic context problem.\n\nSometimes user-space strings, arrays can be very large, but the size of\npercpu buffer is only page size. And store_trace_args() won\u0027t check\nwhether these data exceeds a single page or not, caused out-of-bounds\nmemory access.\n\nIt could be reproduced by following steps:\n1. build kernel with CONFIG_KASAN enabled\n2. save follow program as test.c\n\n```\n\\#include \u003cstdio.h\u003e\n\\#include \u003cstdlib.h\u003e\n\\#include \u003cstring.h\u003e\n\n// If string length large than MAX_STRING_SIZE, the fetch_store_strlen()\n// will return 0, cause __get_data_size() return shorter size, and\n// store_trace_args() will not trigger out-of-bounds access.\n// So make string length less than 4096.\n\\#define STRLEN 4093\n\nvoid generate_string(char *str, int n)\n{\n int i;\n for (i = 0; i \u003c n; ++i)\n {\n char c = i % 26 + \u0027a\u0027;\n str[i] = c;\n }\n str[n-1] = \u0027\\0\u0027;\n}\n\nvoid print_string(char *str)\n{\n printf(\"%s\\n\", str);\n}\n\nint main()\n{\n char tmp[STRLEN];\n\n generate_string(tmp, STRLEN);\n print_string(tmp);\n\n return 0;\n}\n```\n3. compile program\n`gcc -o test test.c`\n\n4. get the offset of `print_string()`\n```\nobjdump -t test | grep -w print_string\n0000000000401199 g F .text 000000000000001b print_string\n```\n\n5. configure uprobe with offset 0x1199\n```\noff=0x1199\n\ncd /sys/kernel/debug/tracing/\necho \"p /root/test:${off} arg1=+0(%di):ustring arg2=\\$comm arg3=+0(%di):ustring\"\n \u003e uprobe_events\necho 1 \u003e events/uprobes/enable\necho 1 \u003e tracing_on\n```\n\n6. run `test`, and kasan will report error.\n==================================================================\nBUG: KASAN: use-after-free in strncpy_from_user+0x1d6/0x1f0\nWrite of size 8 at addr ffff88812311c004 by task test/499CPU: 0 UID: 0 PID: 499 Comm: test Not tainted 6.12.0-rc3+ #18\nHardware name: Red Hat KVM, BIOS 1.16.0-4.al8 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x55/0x70\n print_address_description.constprop.0+0x27/0x310\n kasan_report+0x10f/0x120\n ? strncpy_from_user+0x1d6/0x1f0\n strncpy_from_user+0x1d6/0x1f0\n ? rmqueue.constprop.0+0x70d/0x2ad0\n process_fetch_insn+0xb26/0x1470\n ? __pfx_process_fetch_insn+0x10/0x10\n ? _raw_spin_lock+0x85/0xe0\n ? __pfx__raw_spin_lock+0x10/0x10\n ? __pte_offset_map+0x1f/0x2d0\n ? unwind_next_frame+0xc5f/0x1f80\n ? arch_stack_walk+0x68/0xf0\n ? is_bpf_text_address+0x23/0x30\n ? kernel_text_address.part.0+0xbb/0xd0\n ? __kernel_text_address+0x66/0xb0\n ? unwind_get_return_address+0x5e/0xa0\n ? __pfx_stack_trace_consume_entry+0x10/0x10\n ? arch_stack_walk+0xa2/0xf0\n ? _raw_spin_lock_irqsave+0x8b/0xf0\n ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n ? depot_alloc_stack+0x4c/0x1f0\n ? _raw_spin_unlock_irqrestore+0xe/0x30\n ? stack_depot_save_flags+0x35d/0x4f0\n ? kasan_save_stack+0x34/0x50\n ? kasan_save_stack+0x24/0x50\n ? mutex_lock+0x91/0xe0\n ? __pfx_mutex_lock+0x10/0x10\n prepare_uprobe_buffer.part.0+0x2cd/0x500\n uprobe_dispatcher+0x2c3/0x6a0\n ? __pfx_uprobe_dispatcher+0x10/0x10\n ? __kasan_slab_alloc+0x4d/0x90\n handler_chain+0xdd/0x3e0\n handle_swbp+0x26e/0x3d0\n ? __pfx_handle_swbp+0x10/0x10\n ? uprobe_pre_sstep_notifier+0x151/0x1b0\n irqentry_exit_to_user_mode+0xe2/0x1b0\n asm_exc_int3+0x39/0x40\nRIP: 0033:0x401199\nCode: 01 c2 0f b6 45 fb 88 02 83 45 fc 01 8b 45 fc 3b 45 e4 7c b7 8b 45 e4 48 98 48 8d 50 ff 48 8b 45 e8 48 01 d0 ce\nRSP: 002b:00007ffdf00576a8 EFLAGS: 00000206\nRAX: 00007ffdf00576b0 RBX: 0000000000000000 RCX: 0000000000000ff2\nRDX: 0000000000000ffc RSI: 0000000000000ffd RDI: 00007ffdf00576b0\nRBP: 00007ffdf00586b0 R08: 00007feb2f9c0d20 R09: 00007feb2f9c0d20\nR10: 0000000000000001 R11: 0000000000000202 R12: 0000000000401040\nR13: 00007ffdf0058780 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\nThis commit enforces the buffer\u0027s maxlen less than a page-size to avoid\nstore_trace_args() out-of-memory access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50067",
"url": "https://www.suse.com/security/cve/CVE-2024-50067"
},
{
"category": "external",
"summary": "SUSE Bug 1232416 for CVE-2024-50067",
"url": "https://bugzilla.suse.com/1232416"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50067"
},
{
"cve": "CVE-2024-50069",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50069"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: apple: check devm_kasprintf() returned value\n\ndevm_kasprintf() can return a NULL pointer on failure but this returned\nvalue is not checked. Fix this lack and check the returned value.\n\nFound by code review.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50069",
"url": "https://www.suse.com/security/cve/CVE-2024-50069"
},
{
"category": "external",
"summary": "SUSE Bug 1232511 for CVE-2024-50069",
"url": "https://bugzilla.suse.com/1232511"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50069"
},
{
"cve": "CVE-2024-50073",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50073"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: Fix use-after-free in gsm_cleanup_mux\n\nBUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0\ndrivers/tty/n_gsm.c:3160 [n_gsm]\nRead of size 8 at addr ffff88815fe99c00 by task poc/3379\nCPU: 0 UID: 0 PID: 3379 Comm: poc Not tainted 6.11.0+ #56\nHardware name: VMware, Inc. VMware Virtual Platform/440BX\nDesktop Reference Platform, BIOS 6.00 11/12/2020\nCall Trace:\n \u003cTASK\u003e\n gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n __pfx_gsm_cleanup_mux+0x10/0x10 drivers/tty/n_gsm.c:3124 [n_gsm]\n __pfx_sched_clock_cpu+0x10/0x10 kernel/sched/clock.c:389\n update_load_avg+0x1c1/0x27b0 kernel/sched/fair.c:4500\n __pfx_min_vruntime_cb_rotate+0x10/0x10 kernel/sched/fair.c:846\n __rb_insert_augmented+0x492/0xbf0 lib/rbtree.c:161\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n _raw_spin_lock_irqsave+0x92/0xf0 arch/x86/include/asm/atomic.h:107\n __pfx_gsmld_ioctl+0x10/0x10 drivers/tty/n_gsm.c:3822 [n_gsm]\n ktime_get+0x5e/0x140 kernel/time/timekeeping.c:195\n ldsem_down_read+0x94/0x4e0 arch/x86/include/asm/atomic64_64.h:79\n __pfx_ldsem_down_read+0x10/0x10 drivers/tty/tty_ldsem.c:338\n __pfx_do_vfs_ioctl+0x10/0x10 fs/ioctl.c:805\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\nAllocated by task 65:\n gsm_data_alloc.constprop.0+0x27/0x190 drivers/tty/n_gsm.c:926 [n_gsm]\n gsm_send+0x2c/0x580 drivers/tty/n_gsm.c:819 [n_gsm]\n gsm1_receive+0x547/0xad0 drivers/tty/n_gsm.c:3038 [n_gsm]\n gsmld_receive_buf+0x176/0x280 drivers/tty/n_gsm.c:3609 [n_gsm]\n tty_ldisc_receive_buf+0x101/0x1e0 drivers/tty/tty_buffer.c:391\n tty_port_default_receive_buf+0x61/0xa0 drivers/tty/tty_port.c:39\n flush_to_ldisc+0x1b0/0x750 drivers/tty/tty_buffer.c:445\n process_scheduled_works+0x2b0/0x10d0 kernel/workqueue.c:3229\n worker_thread+0x3dc/0x950 kernel/workqueue.c:3391\n kthread+0x2a3/0x370 kernel/kthread.c:389\n ret_from_fork+0x2d/0x70 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:257\n\nFreed by task 3367:\n kfree+0x126/0x420 mm/slub.c:4580\n gsm_cleanup_mux+0x36c/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\n[Analysis]\ngsm_msg on the tx_ctrl_list or tx_data_list of gsm_mux\ncan be freed by multi threads through ioctl,which leads\nto the occurrence of uaf. Protect it by gsm tx lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50073",
"url": "https://www.suse.com/security/cve/CVE-2024-50073"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50073",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232520 for CVE-2024-50073",
"url": "https://bugzilla.suse.com/1232520"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-50073"
},
{
"cve": "CVE-2024-50074",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50074"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nparport: Proper fix for array out-of-bounds access\n\nThe recent fix for array out-of-bounds accesses replaced sprintf()\ncalls blindly with snprintf(). However, since snprintf() returns the\nwould-be-printed size, not the actually output size, the length\ncalculation can still go over the given limit.\n\nUse scnprintf() instead of snprintf(), which returns the actually\noutput letters, for addressing the potential out-of-bounds access\nproperly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50074",
"url": "https://www.suse.com/security/cve/CVE-2024-50074"
},
{
"category": "external",
"summary": "SUSE Bug 1232507 for CVE-2024-50074",
"url": "https://bugzilla.suse.com/1232507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50074"
},
{
"cve": "CVE-2024-50075",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50075"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: tegra: fix checked USB2 port number\n\nIf USB virtualizatoin is enabled, USB2 ports are shared between all\nVirtual Functions. The USB2 port number owned by an USB2 root hub in\na Virtual Function may be less than total USB2 phy number supported\nby the Tegra XUSB controller.\n\nUsing total USB2 phy number as port number to check all PORTSC values\nwould cause invalid memory access.\n\n[ 116.923438] Unable to handle kernel paging request at virtual address 006c622f7665642f\n...\n[ 117.213640] Call trace:\n[ 117.216783] tegra_xusb_enter_elpg+0x23c/0x658\n[ 117.222021] tegra_xusb_runtime_suspend+0x40/0x68\n[ 117.227260] pm_generic_runtime_suspend+0x30/0x50\n[ 117.232847] __rpm_callback+0x84/0x3c0\n[ 117.237038] rpm_suspend+0x2dc/0x740\n[ 117.241229] pm_runtime_work+0xa0/0xb8\n[ 117.245769] process_scheduled_works+0x24c/0x478\n[ 117.251007] worker_thread+0x23c/0x328\n[ 117.255547] kthread+0x104/0x1b0\n[ 117.259389] ret_from_fork+0x10/0x20\n[ 117.263582] Code: 54000222 f9461ae8 f8747908 b4ffff48 (f9400100)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50075",
"url": "https://www.suse.com/security/cve/CVE-2024-50075"
},
{
"category": "external",
"summary": "SUSE Bug 1232506 for CVE-2024-50075",
"url": "https://bugzilla.suse.com/1232506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50075"
},
{
"cve": "CVE-2024-50076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50076"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvt: prevent kernel-infoleak in con_font_get()\n\nfont.data may not initialize all memory spaces depending on the implementation\nof vc-\u003evc_sw-\u003econ_font_get. This may cause info-leak, so to prevent this, it\nis safest to modify it to initialize the allocated memory space to 0, and it\ngenerally does not affect the overall performance of the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50076",
"url": "https://www.suse.com/security/cve/CVE-2024-50076"
},
{
"category": "external",
"summary": "SUSE Bug 1232505 for CVE-2024-50076",
"url": "https://bugzilla.suse.com/1232505"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50076"
},
{
"cve": "CVE-2024-50077",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50077"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: ISO: Fix multiple init when debugfs is disabled\n\nIf bt_debugfs is not created successfully, which happens if either\nCONFIG_DEBUG_FS or CONFIG_DEBUG_FS_ALLOW_ALL is unset, then iso_init()\nreturns early and does not set iso_inited to true. This means that a\nsubsequent call to iso_init() will result in duplicate calls to\nproto_register(), bt_sock_register(), etc.\n\nWith CONFIG_LIST_HARDENED and CONFIG_BUG_ON_DATA_CORRUPTION enabled, the\nduplicate call to proto_register() triggers this BUG():\n\n list_add double add: new=ffffffffc0b280d0, prev=ffffffffbab56250,\n next=ffffffffc0b280d0.\n ------------[ cut here ]------------\n kernel BUG at lib/list_debug.c:35!\n Oops: invalid opcode: 0000 [#1] PREEMPT SMP PTI\n CPU: 2 PID: 887 Comm: bluetoothd Not tainted 6.10.11-1-ao-desktop #1\n RIP: 0010:__list_add_valid_or_report+0x9a/0xa0\n ...\n __list_add_valid_or_report+0x9a/0xa0\n proto_register+0x2b5/0x340\n iso_init+0x23/0x150 [bluetooth]\n set_iso_socket_func+0x68/0x1b0 [bluetooth]\n kmem_cache_free+0x308/0x330\n hci_sock_sendmsg+0x990/0x9e0 [bluetooth]\n __sock_sendmsg+0x7b/0x80\n sock_write_iter+0x9a/0x110\n do_iter_readv_writev+0x11d/0x220\n vfs_writev+0x180/0x3e0\n do_writev+0xca/0x100\n ...\n\nThis change removes the early return. The check for iso_debugfs being\nNULL was unnecessary, it is always NULL when iso_inited is false.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50077",
"url": "https://www.suse.com/security/cve/CVE-2024-50077"
},
{
"category": "external",
"summary": "SUSE Bug 1232504 for CVE-2024-50077",
"url": "https://bugzilla.suse.com/1232504"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50077"
},
{
"cve": "CVE-2024-50078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50078"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Call iso_exit() on module unload\n\nIf iso_init() has been called, iso_exit() must be called on module\nunload. Without that, the struct proto that iso_init() registered with\nproto_register() becomes invalid, which could cause unpredictable\nproblems later. In my case, with CONFIG_LIST_HARDENED and\nCONFIG_BUG_ON_DATA_CORRUPTION enabled, loading the module again usually\ntriggers this BUG():\n\n list_add corruption. next-\u003eprev should be prev (ffffffffb5355fd0),\n but was 0000000000000068. (next=ffffffffc0a010d0).\n ------------[ cut here ]------------\n kernel BUG at lib/list_debug.c:29!\n Oops: invalid opcode: 0000 [#1] PREEMPT SMP PTI\n CPU: 1 PID: 4159 Comm: modprobe Not tainted 6.10.11-4+bt2-ao-desktop #1\n RIP: 0010:__list_add_valid_or_report+0x61/0xa0\n ...\n __list_add_valid_or_report+0x61/0xa0\n proto_register+0x299/0x320\n hci_sock_init+0x16/0xc0 [bluetooth]\n bt_init+0x68/0xd0 [bluetooth]\n __pfx_bt_init+0x10/0x10 [bluetooth]\n do_one_initcall+0x80/0x2f0\n do_init_module+0x8b/0x230\n __do_sys_init_module+0x15f/0x190\n do_syscall_64+0x68/0x110\n ...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50078",
"url": "https://www.suse.com/security/cve/CVE-2024-50078"
},
{
"category": "external",
"summary": "SUSE Bug 1232503 for CVE-2024-50078",
"url": "https://bugzilla.suse.com/1232503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50078"
},
{
"cve": "CVE-2024-50080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50080"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nublk: don\u0027t allow user copy for unprivileged device\n\nUBLK_F_USER_COPY requires userspace to call write() on ublk char\ndevice for filling request buffer, and unprivileged device can\u0027t\nbe trusted.\n\nSo don\u0027t allow user copy for unprivileged device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50080",
"url": "https://www.suse.com/security/cve/CVE-2024-50080"
},
{
"category": "external",
"summary": "SUSE Bug 1232502 for CVE-2024-50080",
"url": "https://bugzilla.suse.com/1232502"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50080"
},
{
"cve": "CVE-2024-50081",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50081"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-mq: setup queue -\u003etag_set before initializing hctx\n\nCommit 7b815817aa58 (\"blk-mq: add helper for checking if one CPU is mapped to specified hctx\")\nneeds to check queue mapping via tag set in hctx\u0027s cpuhp handler.\n\nHowever, q-\u003etag_set may not be setup yet when the cpuhp handler is\nenabled, then kernel oops is triggered.\n\nFix the issue by setup queue tag_set before initializing hctx.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50081",
"url": "https://www.suse.com/security/cve/CVE-2024-50081"
},
{
"category": "external",
"summary": "SUSE Bug 1232501 for CVE-2024-50081",
"url": "https://bugzilla.suse.com/1232501"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50081"
},
{
"cve": "CVE-2024-50082",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50082"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race\n\nWe\u0027re seeing crashes from rq_qos_wake_function that look like this:\n\n BUG: unable to handle page fault for address: ffffafe180a40084\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 100000067 P4D 100000067 PUD 10027c067 PMD 10115d067 PTE 0\n Oops: Oops: 0002 [#1] PREEMPT SMP PTI\n CPU: 17 UID: 0 PID: 0 Comm: swapper/17 Not tainted 6.12.0-rc3-00013-geca631b8fe80 #11\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\n RIP: 0010:_raw_spin_lock_irqsave+0x1d/0x40\n Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 9c 41 5c fa 65 ff 05 62 97 30 4c 31 c0 ba 01 00 00 00 \u003cf0\u003e 0f b1 17 75 0a 4c 89 e0 41 5c c3 cc cc cc cc 89 c6 e8 2c 0b 00\n RSP: 0018:ffffafe180580ca0 EFLAGS: 00010046\n RAX: 0000000000000000 RBX: ffffafe180a3f7a8 RCX: 0000000000000011\n RDX: 0000000000000001 RSI: 0000000000000003 RDI: ffffafe180a40084\n RBP: 0000000000000000 R08: 00000000001e7240 R09: 0000000000000011\n R10: 0000000000000028 R11: 0000000000000888 R12: 0000000000000002\n R13: ffffafe180a40084 R14: 0000000000000000 R15: 0000000000000003\n FS: 0000000000000000(0000) GS:ffff9aaf1f280000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: ffffafe180a40084 CR3: 000000010e428002 CR4: 0000000000770ef0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cIRQ\u003e\n try_to_wake_up+0x5a/0x6a0\n rq_qos_wake_function+0x71/0x80\n __wake_up_common+0x75/0xa0\n __wake_up+0x36/0x60\n scale_up.part.0+0x50/0x110\n wb_timer_fn+0x227/0x450\n ...\n\nSo rq_qos_wake_function() calls wake_up_process(data-\u003etask), which calls\ntry_to_wake_up(), which faults in raw_spin_lock_irqsave(\u0026p-\u003epi_lock).\n\np comes from data-\u003etask, and data comes from the waitqueue entry, which\nis stored on the waiter\u0027s stack in rq_qos_wait(). Analyzing the core\ndump with drgn, I found that the waiter had already woken up and moved\non to a completely unrelated code path, clobbering what was previously\ndata-\u003etask. Meanwhile, the waker was passing the clobbered garbage in\ndata-\u003etask to wake_up_process(), leading to the crash.\n\nWhat\u0027s happening is that in between rq_qos_wake_function() deleting the\nwaitqueue entry and calling wake_up_process(), rq_qos_wait() is finding\nthat it already got a token and returning. The race looks like this:\n\nrq_qos_wait() rq_qos_wake_function()\n==============================================================\nprepare_to_wait_exclusive()\n data-\u003egot_token = true;\n list_del_init(\u0026curr-\u003eentry);\nif (data.got_token)\n break;\nfinish_wait(\u0026rqw-\u003ewait, \u0026data.wq);\n ^- returns immediately because\n list_empty_careful(\u0026wq_entry-\u003eentry)\n is true\n... return, go do something else ...\n wake_up_process(data-\u003etask)\n (NO LONGER VALID!)-^\n\nNormally, finish_wait() is supposed to synchronize against the waker.\nBut, as noted above, it is returning immediately because the waitqueue\nentry has already been removed from the waitqueue.\n\nThe bug is that rq_qos_wake_function() is accessing the waitqueue entry\nAFTER deleting it. Note that autoremove_wake_function() wakes the waiter\nand THEN deletes the waitqueue entry, which is the proper order.\n\nFix it by swapping the order. We also need to use\nlist_del_init_careful() to match the list_empty_careful() in\nfinish_wait().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50082",
"url": "https://www.suse.com/security/cve/CVE-2024-50082"
},
{
"category": "external",
"summary": "SUSE Bug 1232500 for CVE-2024-50082",
"url": "https://bugzilla.suse.com/1232500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50082"
},
{
"cve": "CVE-2024-50084",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50084"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test()\n\nCommit a3c1e45156ad (\"net: microchip: vcap: Fix use-after-free error in\nkunit test\") fixed the use-after-free error, but introduced below\nmemory leaks by removing necessary vcap_free_rule(), add it to fix it.\n\n\tunreferenced object 0xffffff80ca58b700 (size 192):\n\t comm \"kunit_try_catch\", pid 1215, jiffies 4294898264\n\t hex dump (first 32 bytes):\n\t 00 12 7a 00 05 00 00 00 0a 00 00 00 64 00 00 00 ..z.........d...\n\t 00 00 00 00 00 00 00 00 00 04 0b cc 80 ff ff ff ................\n\t backtrace (crc 9c09c3fe):\n\t [\u003c0000000052a0be73\u003e] kmemleak_alloc+0x34/0x40\n\t [\u003c0000000043605459\u003e] __kmalloc_cache_noprof+0x26c/0x2f4\n\t [\u003c0000000040a01b8d\u003e] vcap_alloc_rule+0x3cc/0x9c4\n\t [\u003c000000003fe86110\u003e] vcap_api_encode_rule_test+0x1ac/0x16b0\n\t [\u003c00000000b3595fc4\u003e] kunit_try_run_case+0x13c/0x3ac\n\t [\u003c0000000010f5d2bf\u003e] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t [\u003c00000000c5d82c9a\u003e] kthread+0x2e8/0x374\n\t [\u003c00000000f4287308\u003e] ret_from_fork+0x10/0x20\n\tunreferenced object 0xffffff80cc0b0400 (size 64):\n\t comm \"kunit_try_catch\", pid 1215, jiffies 4294898265\n\t hex dump (first 32 bytes):\n\t 80 04 0b cc 80 ff ff ff 18 b7 58 ca 80 ff ff ff ..........X.....\n\t 39 00 00 00 02 00 00 00 06 05 04 03 02 01 ff ff 9...............\n\t backtrace (crc daf014e9):\n\t [\u003c0000000052a0be73\u003e] kmemleak_alloc+0x34/0x40\n\t [\u003c0000000043605459\u003e] __kmalloc_cache_noprof+0x26c/0x2f4\n\t [\u003c000000000ff63fd4\u003e] vcap_rule_add_key+0x2cc/0x528\n\t [\u003c00000000dfdb1e81\u003e] vcap_api_encode_rule_test+0x224/0x16b0\n\t [\u003c00000000b3595fc4\u003e] kunit_try_run_case+0x13c/0x3ac\n\t [\u003c0000000010f5d2bf\u003e] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t [\u003c00000000c5d82c9a\u003e] kthread+0x2e8/0x374\n\t [\u003c00000000f4287308\u003e] ret_from_fork+0x10/0x20\n\tunreferenced object 0xffffff80cc0b0700 (size 64):\n\t comm \"kunit_try_catch\", pid 1215, jiffies 4294898265\n\t hex dump (first 32 bytes):\n\t 80 07 0b cc 80 ff ff ff 28 b7 58 ca 80 ff ff ff ........(.X.....\n\t 3c 00 00 00 00 00 00 00 01 2f 03 b3 ec ff ff ff \u003c......../......\n\t backtrace (crc 8d877792):\n\t [\u003c0000000052a0be73\u003e] kmemleak_alloc+0x34/0x40\n\t [\u003c0000000043605459\u003e] __kmalloc_cache_noprof+0x26c/0x2f4\n\t [\u003c000000006eadfab7\u003e] vcap_rule_add_action+0x2d0/0x52c\n\t [\u003c00000000323475d1\u003e] vcap_api_encode_rule_test+0x4d4/0x16b0\n\t [\u003c00000000b3595fc4\u003e] kunit_try_run_case+0x13c/0x3ac\n\t [\u003c0000000010f5d2bf\u003e] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t [\u003c00000000c5d82c9a\u003e] kthread+0x2e8/0x374\n\t [\u003c00000000f4287308\u003e] ret_from_fork+0x10/0x20\n\tunreferenced object 0xffffff80cc0b0900 (size 64):\n\t comm \"kunit_try_catch\", pid 1215, jiffies 4294898266\n\t hex dump (first 32 bytes):\n\t 80 09 0b cc 80 ff ff ff 80 06 0b cc 80 ff ff ff ................\n\t 7d 00 00 00 01 00 00 00 00 00 00 00 ff 00 00 00 }...............\n\t backtrace (crc 34181e56):\n\t [\u003c0000000052a0be73\u003e] kmemleak_alloc+0x34/0x40\n\t [\u003c0000000043605459\u003e] __kmalloc_cache_noprof+0x26c/0x2f4\n\t [\u003c000000000ff63fd4\u003e] vcap_rule_add_key+0x2cc/0x528\n\t [\u003c00000000991e3564\u003e] vcap_val_rule+0xcf0/0x13e8\n\t [\u003c00000000fc9868e5\u003e] vcap_api_encode_rule_test+0x678/0x16b0\n\t [\u003c00000000b3595fc4\u003e] kunit_try_run_case+0x13c/0x3ac\n\t [\u003c0000000010f5d2bf\u003e] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t [\u003c00000000c5d82c9a\u003e] kthread+0x2e8/0x374\n\t [\u003c00000000f4287308\u003e] ret_from_fork+0x10/0x20\n\tunreferenced object 0xffffff80cc0b0980 (size 64):\n\t comm \"kunit_try_catch\", pid 1215, jiffies 4294898266\n\t hex dump (first 32 bytes):\n\t 18 b7 58 ca 80 ff ff ff 00 09 0b cc 80 ff ff ff ..X.............\n\t 67 00 00 00 00 00 00 00 01 01 74 88 c0 ff ff ff g.........t.....\n\t backtrace (crc 275fd9be):\n\t [\u003c0000000052a0be73\u003e] kmemleak_alloc+0x34/0x40\n\t [\u003c0000000043605459\u003e] __kmalloc_cache_noprof+0x26c/0x2f4\n\t [\u003c000000000ff63fd4\u003e] vcap_rule_add_key+0x2cc/0x528\n\t [\u003c000000001396a1a2\u003e] test_add_de\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50084",
"url": "https://www.suse.com/security/cve/CVE-2024-50084"
},
{
"category": "external",
"summary": "SUSE Bug 1232494 for CVE-2024-50084",
"url": "https://bugzilla.suse.com/1232494"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50084"
},
{
"cve": "CVE-2024-50087",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50087"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix uninitialized pointer free on read_alloc_one_name() error\n\nThe function read_alloc_one_name() does not initialize the name field of\nthe passed fscrypt_str struct if kmalloc fails to allocate the\ncorresponding buffer. Thus, it is not guaranteed that\nfscrypt_str.name is initialized when freeing it.\n\nThis is a follow-up to the linked patch that fixes the remaining\ninstances of the bug introduced by commit e43eec81c516 (\"btrfs: use\nstruct qstr instead of name and namelen pairs\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50087",
"url": "https://www.suse.com/security/cve/CVE-2024-50087"
},
{
"category": "external",
"summary": "SUSE Bug 1232499 for CVE-2024-50087",
"url": "https://bugzilla.suse.com/1232499"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50087"
},
{
"cve": "CVE-2024-50088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50088"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix uninitialized pointer free in add_inode_ref()\n\nThe add_inode_ref() function does not initialize the \"name\" struct when\nit is declared. If any of the following calls to \"read_one_inode()\nreturns NULL,\n\n\tdir = read_one_inode(root, parent_objectid);\n\tif (!dir) {\n\t\tret = -ENOENT;\n\t\tgoto out;\n\t}\n\n\tinode = read_one_inode(root, inode_objectid);\n\tif (!inode) {\n\t\tret = -EIO;\n\t\tgoto out;\n\t}\n\nthen \"name.name\" would be freed on \"out\" before being initialized.\n\nout:\n\t...\n\tkfree(name.name);\n\nThis issue was reported by Coverity with CID 1526744.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50088",
"url": "https://www.suse.com/security/cve/CVE-2024-50088"
},
{
"category": "external",
"summary": "SUSE Bug 1232498 for CVE-2024-50088",
"url": "https://bugzilla.suse.com/1232498"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50088"
},
{
"cve": "CVE-2024-50089",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50089"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50089",
"url": "https://www.suse.com/security/cve/CVE-2024-50089"
},
{
"category": "external",
"summary": "SUSE Bug 1232860 for CVE-2024-50089",
"url": "https://bugzilla.suse.com/1232860"
},
{
"category": "external",
"summary": "SUSE Bug 1233250 for CVE-2024-50089",
"url": "https://bugzilla.suse.com/1233250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-50089"
},
{
"cve": "CVE-2024-50093",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50093"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: intel: int340x: processor: Fix warning during module unload\n\nThe processor_thermal driver uses pcim_device_enable() to enable a PCI\ndevice, which means the device will be automatically disabled on driver\ndetach. Thus there is no need to call pci_disable_device() again on it.\n\nWith recent PCI device resource management improvements, e.g. commit\nf748a07a0b64 (\"PCI: Remove legacy pcim_release()\"), this problem is\nexposed and triggers the warining below.\n\n [ 224.010735] proc_thermal_pci 0000:00:04.0: disabling already-disabled device\n [ 224.010747] WARNING: CPU: 8 PID: 4442 at drivers/pci/pci.c:2250 pci_disable_device+0xe5/0x100\n ...\n [ 224.010844] Call Trace:\n [ 224.010845] \u003cTASK\u003e\n [ 224.010847] ? show_regs+0x6d/0x80\n [ 224.010851] ? __warn+0x8c/0x140\n [ 224.010854] ? pci_disable_device+0xe5/0x100\n [ 224.010856] ? report_bug+0x1c9/0x1e0\n [ 224.010859] ? handle_bug+0x46/0x80\n [ 224.010862] ? exc_invalid_op+0x1d/0x80\n [ 224.010863] ? asm_exc_invalid_op+0x1f/0x30\n [ 224.010867] ? pci_disable_device+0xe5/0x100\n [ 224.010869] ? pci_disable_device+0xe5/0x100\n [ 224.010871] ? kfree+0x21a/0x2b0\n [ 224.010873] pcim_disable_device+0x20/0x30\n [ 224.010875] devm_action_release+0x16/0x20\n [ 224.010878] release_nodes+0x47/0xc0\n [ 224.010880] devres_release_all+0x9f/0xe0\n [ 224.010883] device_unbind_cleanup+0x12/0x80\n [ 224.010885] device_release_driver_internal+0x1ca/0x210\n [ 224.010887] driver_detach+0x4e/0xa0\n [ 224.010889] bus_remove_driver+0x6f/0xf0\n [ 224.010890] driver_unregister+0x35/0x60\n [ 224.010892] pci_unregister_driver+0x44/0x90\n [ 224.010894] proc_thermal_pci_driver_exit+0x14/0x5f0 [processor_thermal_device_pci]\n ...\n [ 224.010921] ---[ end trace 0000000000000000 ]---\n\nRemove the excess pci_disable_device() calls.\n\n[ rjw: Subject and changelog edits ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50093",
"url": "https://www.suse.com/security/cve/CVE-2024-50093"
},
{
"category": "external",
"summary": "SUSE Bug 1232877 for CVE-2024-50093",
"url": "https://bugzilla.suse.com/1232877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50093"
},
{
"cve": "CVE-2024-50095",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50095"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mad: Improve handling of timed out WRs of mad agent\n\nCurrent timeout handler of mad agent acquires/releases mad_agent_priv\nlock for every timed out WRs. This causes heavy locking contention\nwhen higher no. of WRs are to be handled inside timeout handler.\n\nThis leads to softlockup with below trace in some use cases where\nrdma-cm path is used to establish connection between peer nodes\n\nTrace:\n-----\n BUG: soft lockup - CPU#4 stuck for 26s! [kworker/u128:3:19767]\n CPU: 4 PID: 19767 Comm: kworker/u128:3 Kdump: loaded Tainted: G OE\n ------- --- 5.14.0-427.13.1.el9_4.x86_64 #1\n Hardware name: Dell Inc. PowerEdge R740/01YM03, BIOS 2.4.8 11/26/2019\n Workqueue: ib_mad1 timeout_sends [ib_core]\n RIP: 0010:__do_softirq+0x78/0x2ac\n RSP: 0018:ffffb253449e4f98 EFLAGS: 00000246\n RAX: 00000000ffffffff RBX: 0000000000000000 RCX: 000000000000001f\n RDX: 000000000000001d RSI: 000000003d1879ab RDI: fff363b66fd3a86b\n RBP: ffffb253604cbcd8 R08: 0000009065635f3b R09: 0000000000000000\n R10: 0000000000000040 R11: ffffb253449e4ff8 R12: 0000000000000000\n R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000040\n FS: 0000000000000000(0000) GS:ffff8caa1fc80000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fd9ec9db900 CR3: 0000000891934006 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cIRQ\u003e\n ? show_trace_log_lvl+0x1c4/0x2df\n ? show_trace_log_lvl+0x1c4/0x2df\n ? __irq_exit_rcu+0xa1/0xc0\n ? watchdog_timer_fn+0x1b2/0x210\n ? __pfx_watchdog_timer_fn+0x10/0x10\n ? __hrtimer_run_queues+0x127/0x2c0\n ? hrtimer_interrupt+0xfc/0x210\n ? __sysvec_apic_timer_interrupt+0x5c/0x110\n ? sysvec_apic_timer_interrupt+0x37/0x90\n ? asm_sysvec_apic_timer_interrupt+0x16/0x20\n ? __do_softirq+0x78/0x2ac\n ? __do_softirq+0x60/0x2ac\n __irq_exit_rcu+0xa1/0xc0\n sysvec_call_function_single+0x72/0x90\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_sysvec_call_function_single+0x16/0x20\n RIP: 0010:_raw_spin_unlock_irq+0x14/0x30\n RSP: 0018:ffffb253604cbd88 EFLAGS: 00000247\n RAX: 000000000001960d RBX: 0000000000000002 RCX: ffff8cad2a064800\n RDX: 000000008020001b RSI: 0000000000000001 RDI: ffff8cad5d39f66c\n RBP: ffff8cad5d39f600 R08: 0000000000000001 R09: 0000000000000000\n R10: ffff8caa443e0c00 R11: ffffb253604cbcd8 R12: ffff8cacb8682538\n R13: 0000000000000005 R14: ffffb253604cbd90 R15: ffff8cad5d39f66c\n cm_process_send_error+0x122/0x1d0 [ib_cm]\n timeout_sends+0x1dd/0x270 [ib_core]\n process_one_work+0x1e2/0x3b0\n ? __pfx_worker_thread+0x10/0x10\n worker_thread+0x50/0x3a0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xdd/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x29/0x50\n \u003c/TASK\u003e\n\nSimplified timeout handler by creating local list of timed out WRs\nand invoke send handler post creating the list. The new method acquires/\nreleases lock once to fetch the list and hence helps to reduce locking\ncontetiong when processing higher no. of WRs",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50095",
"url": "https://www.suse.com/security/cve/CVE-2024-50095"
},
{
"category": "external",
"summary": "SUSE Bug 1232873 for CVE-2024-50095",
"url": "https://bugzilla.suse.com/1232873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50095"
},
{
"cve": "CVE-2024-50096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50096"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error\n\nThe `nouveau_dmem_copy_one` function ensures that the copy push command is\nsent to the device firmware but does not track whether it was executed\nsuccessfully.\n\nIn the case of a copy error (e.g., firmware or hardware failure), the\ncopy push command will be sent via the firmware channel, and\n`nouveau_dmem_copy_one` will likely report success, leading to the\n`migrate_to_ram` function returning a dirty HIGH_USER page to the user.\n\nThis can result in a security vulnerability, as a HIGH_USER page that may\ncontain sensitive or corrupted data could be returned to the user.\n\nTo prevent this vulnerability, we allocate a zero page. Thus, in case of\nan error, a non-dirty (zero) page will be returned to the user.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50096",
"url": "https://www.suse.com/security/cve/CVE-2024-50096"
},
{
"category": "external",
"summary": "SUSE Bug 1232870 for CVE-2024-50096",
"url": "https://bugzilla.suse.com/1232870"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50096"
},
{
"cve": "CVE-2024-50098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50098"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down\n\nThere is a history of deadlock if reboot is performed at the beginning\nof booting. SDEV_QUIESCE was set for all LU\u0027s scsi_devices by UFS\nshutdown, and at that time the audio driver was waiting on\nblk_mq_submit_bio() holding a mutex_lock while reading the fw binary.\nAfter that, a deadlock issue occurred while audio driver shutdown was\nwaiting for mutex_unlock of blk_mq_submit_bio(). To solve this, set\nSDEV_OFFLINE for all LUs except WLUN, so that any I/O that comes down\nafter a UFS shutdown will return an error.\n\n[ 31.907781]I[0: swapper/0: 0] 1 130705007 1651079834 11289729804 0 D( 2) 3 ffffff882e208000 * init [device_shutdown]\n[ 31.907793]I[0: swapper/0: 0] Mutex: 0xffffff8849a2b8b0: owner[0xffffff882e28cb00 kworker/6:0 :49]\n[ 31.907806]I[0: swapper/0: 0] Call trace:\n[ 31.907810]I[0: swapper/0: 0] __switch_to+0x174/0x338\n[ 31.907819]I[0: swapper/0: 0] __schedule+0x5ec/0x9cc\n[ 31.907826]I[0: swapper/0: 0] schedule+0x7c/0xe8\n[ 31.907834]I[0: swapper/0: 0] schedule_preempt_disabled+0x24/0x40\n[ 31.907842]I[0: swapper/0: 0] __mutex_lock+0x408/0xdac\n[ 31.907849]I[0: swapper/0: 0] __mutex_lock_slowpath+0x14/0x24\n[ 31.907858]I[0: swapper/0: 0] mutex_lock+0x40/0xec\n[ 31.907866]I[0: swapper/0: 0] device_shutdown+0x108/0x280\n[ 31.907875]I[0: swapper/0: 0] kernel_restart+0x4c/0x11c\n[ 31.907883]I[0: swapper/0: 0] __arm64_sys_reboot+0x15c/0x280\n[ 31.907890]I[0: swapper/0: 0] invoke_syscall+0x70/0x158\n[ 31.907899]I[0: swapper/0: 0] el0_svc_common+0xb4/0xf4\n[ 31.907909]I[0: swapper/0: 0] do_el0_svc+0x2c/0xb0\n[ 31.907918]I[0: swapper/0: 0] el0_svc+0x34/0xe0\n[ 31.907928]I[0: swapper/0: 0] el0t_64_sync_handler+0x68/0xb4\n[ 31.907937]I[0: swapper/0: 0] el0t_64_sync+0x1a0/0x1a4\n\n[ 31.908774]I[0: swapper/0: 0] 49 0 11960702 11236868007 0 D( 2) 6 ffffff882e28cb00 * kworker/6:0 [__bio_queue_enter]\n[ 31.908783]I[0: swapper/0: 0] Call trace:\n[ 31.908788]I[0: swapper/0: 0] __switch_to+0x174/0x338\n[ 31.908796]I[0: swapper/0: 0] __schedule+0x5ec/0x9cc\n[ 31.908803]I[0: swapper/0: 0] schedule+0x7c/0xe8\n[ 31.908811]I[0: swapper/0: 0] __bio_queue_enter+0xb8/0x178\n[ 31.908818]I[0: swapper/0: 0] blk_mq_submit_bio+0x194/0x67c\n[ 31.908827]I[0: swapper/0: 0] __submit_bio+0xb8/0x19c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50098",
"url": "https://www.suse.com/security/cve/CVE-2024-50098"
},
{
"category": "external",
"summary": "SUSE Bug 1232881 for CVE-2024-50098",
"url": "https://bugzilla.suse.com/1232881"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50098"
},
{
"cve": "CVE-2024-50099",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50099"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: probes: Remove broken LDR (literal) uprobe support\n\nThe simulate_ldr_literal() and simulate_ldrsw_literal() functions are\nunsafe to use for uprobes. Both functions were originally written for\nuse with kprobes, and access memory with plain C accesses. When uprobes\nwas added, these were reused unmodified even though they cannot safely\naccess user memory.\n\nThere are three key problems:\n\n1) The plain C accesses do not have corresponding extable entries, and\n thus if they encounter a fault the kernel will treat these as\n unintentional accesses to user memory, resulting in a BUG() which\n will kill the kernel thread, and likely lead to further issues (e.g.\n lockup or panic()).\n\n2) The plain C accesses are subject to HW PAN and SW PAN, and so when\n either is in use, any attempt to simulate an access to user memory\n will fault. Thus neither simulate_ldr_literal() nor\n simulate_ldrsw_literal() can do anything useful when simulating a\n user instruction on any system with HW PAN or SW PAN.\n\n3) The plain C accesses are privileged, as they run in kernel context,\n and in practice can access a small range of kernel virtual addresses.\n The instructions they simulate have a range of +/-1MiB, and since the\n simulated instructions must itself be a user instructions in the\n TTBR0 address range, these can address the final 1MiB of the TTBR1\n acddress range by wrapping downwards from an address in the first\n 1MiB of the TTBR0 address range.\n\n In contemporary kernels the last 8MiB of TTBR1 address range is\n reserved, and accesses to this will always fault, meaning this is no\n worse than (1).\n\n Historically, it was theoretically possible for the linear map or\n vmemmap to spill into the final 8MiB of the TTBR1 address range, but\n in practice this is extremely unlikely to occur as this would\n require either:\n\n * Having enough physical memory to fill the entire linear map all the\n way to the final 1MiB of the TTBR1 address range.\n\n * Getting unlucky with KASLR randomization of the linear map such\n that the populated region happens to overlap with the last 1MiB of\n the TTBR address range.\n\n ... and in either case if we were to spill into the final page there\n would be larger problems as the final page would alias with error\n pointers.\n\nPractically speaking, (1) and (2) are the big issues. Given there have\nbeen no reports of problems since the broken code was introduced, it\nappears that no-one is relying on probing these instructions with\nuprobes.\n\nAvoid these issues by not allowing uprobes on LDR (literal) and LDRSW\n(literal), limiting the use of simulate_ldr_literal() and\nsimulate_ldrsw_literal() to kprobes. Attempts to place uprobes on LDR\n(literal) and LDRSW (literal) will be rejected as\narm_probe_decode_insn() will return INSN_REJECTED. In future we can\nconsider introducing working uprobes support for these instructions, but\nthis will require more significant work.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50099",
"url": "https://www.suse.com/security/cve/CVE-2024-50099"
},
{
"category": "external",
"summary": "SUSE Bug 1232887 for CVE-2024-50099",
"url": "https://bugzilla.suse.com/1232887"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50099"
},
{
"cve": "CVE-2024-50100",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50100"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: dummy-hcd: Fix \"task hung\" problem\n\nThe syzbot fuzzer has been encountering \"task hung\" problems ever\nsince the dummy-hcd driver was changed to use hrtimers instead of\nregular timers. It turns out that the problems are caused by a subtle\ndifference between the timer_pending() and hrtimer_active() APIs.\n\nThe changeover blindly replaced the first by the second. However,\ntimer_pending() returns True when the timer is queued but not when its\ncallback is running, whereas hrtimer_active() returns True when the\nhrtimer is queued _or_ its callback is running. This difference\noccasionally caused dummy_urb_enqueue() to think that the callback\nroutine had not yet started when in fact it was almost finished. As a\nresult the hrtimer was not restarted, which made it impossible for the\ndriver to dequeue later the URB that was just enqueued. This caused\nusb_kill_urb() to hang, and things got worse from there.\n\nSince hrtimers have no API for telling when they are queued and the\ncallback isn\u0027t running, the driver must keep track of this for itself.\nThat\u0027s what this patch does, adding a new \"timer_pending\" flag and\nsetting or clearing it at the appropriate times.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50100",
"url": "https://www.suse.com/security/cve/CVE-2024-50100"
},
{
"category": "external",
"summary": "SUSE Bug 1232876 for CVE-2024-50100",
"url": "https://bugzilla.suse.com/1232876"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50100"
},
{
"cve": "CVE-2024-50101",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50101"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices\n\nPreviously, the domain_context_clear() function incorrectly called\npci_for_each_dma_alias() to set up context entries for non-PCI devices.\nThis could lead to kernel hangs or other unexpected behavior.\n\nAdd a check to only call pci_for_each_dma_alias() for PCI devices. For\nnon-PCI devices, domain_context_clear_one() is called directly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50101",
"url": "https://www.suse.com/security/cve/CVE-2024-50101"
},
{
"category": "external",
"summary": "SUSE Bug 1232869 for CVE-2024-50101",
"url": "https://bugzilla.suse.com/1232869"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50101"
},
{
"cve": "CVE-2024-50102",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50102"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86: fix user address masking non-canonical speculation issue\n\nIt turns out that AMD has a \"Meltdown Lite(tm)\" issue with non-canonical\naccesses in kernel space. And so using just the high bit to decide\nwhether an access is in user space or kernel space ends up with the good\nold \"leak speculative data\" if you have the right gadget using the\nresult:\n\n CVE-2020-12965 \"Transient Execution of Non-Canonical Accesses\"\n\nNow, the kernel surrounds the access with a STAC/CLAC pair, and those\ninstructions end up serializing execution on older Zen architectures,\nwhich closes the speculation window.\n\nBut that was true only up until Zen 5, which renames the AC bit [1].\nThat improves performance of STAC/CLAC a lot, but also means that the\nspeculation window is now open.\n\nNote that this affects not just the new address masking, but also the\nregular valid_user_address() check used by access_ok(), and the asm\nversion of the sign bit check in the get_user() helpers.\n\nIt does not affect put_user() or clear_user() variants, since there\u0027s no\nspeculative result to be used in a gadget for those operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50102",
"url": "https://www.suse.com/security/cve/CVE-2024-50102"
},
{
"category": "external",
"summary": "SUSE Bug 1232880 for CVE-2024-50102",
"url": "https://bugzilla.suse.com/1232880"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50102"
},
{
"cve": "CVE-2024-50103",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50103"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe()\n\nA devm_kzalloc() in asoc_qcom_lpass_cpu_platform_probe() could\npossibly return NULL pointer. NULL Pointer Dereference may be\ntriggerred without addtional check.\nAdd a NULL check for the returned pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50103",
"url": "https://www.suse.com/security/cve/CVE-2024-50103"
},
{
"category": "external",
"summary": "SUSE Bug 1232878 for CVE-2024-50103",
"url": "https://bugzilla.suse.com/1232878"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50103"
},
{
"cve": "CVE-2024-50108",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50108"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Disable PSR-SU on Parade 08-01 TCON too\n\nStuart Hayhurst has found that both at bootup and fullscreen VA-API video\nis leading to black screens for around 1 second and kernel WARNING [1] traces\nwhen calling dmub_psr_enable() with Parade 08-01 TCON.\n\nThese symptoms all go away with PSR-SU disabled for this TCON, so disable\nit for now while DMUB traces [2] from the failure can be analyzed and the failure\nstate properly root caused.\n\n(cherry picked from commit afb634a6823d8d9db23c5fb04f79c5549349628b)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50108",
"url": "https://www.suse.com/security/cve/CVE-2024-50108"
},
{
"category": "external",
"summary": "SUSE Bug 1232884 for CVE-2024-50108",
"url": "https://bugzilla.suse.com/1232884"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50108"
},
{
"cve": "CVE-2024-50110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50110"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: fix one more kernel-infoleak in algo dumping\n\nDuring fuzz testing, the following issue was discovered:\n\nBUG: KMSAN: kernel-infoleak in _copy_to_iter+0x598/0x2a30\n _copy_to_iter+0x598/0x2a30\n __skb_datagram_iter+0x168/0x1060\n skb_copy_datagram_iter+0x5b/0x220\n netlink_recvmsg+0x362/0x1700\n sock_recvmsg+0x2dc/0x390\n __sys_recvfrom+0x381/0x6d0\n __x64_sys_recvfrom+0x130/0x200\n x64_sys_call+0x32c8/0x3cc0\n do_syscall_64+0xd8/0x1c0\n entry_SYSCALL_64_after_hwframe+0x79/0x81\n\nUninit was stored to memory at:\n copy_to_user_state_extra+0xcc1/0x1e00\n dump_one_state+0x28c/0x5f0\n xfrm_state_walk+0x548/0x11e0\n xfrm_dump_sa+0x1e0/0x840\n netlink_dump+0x943/0x1c40\n __netlink_dump_start+0x746/0xdb0\n xfrm_user_rcv_msg+0x429/0xc00\n netlink_rcv_skb+0x613/0x780\n xfrm_netlink_rcv+0x77/0xc0\n netlink_unicast+0xe90/0x1280\n netlink_sendmsg+0x126d/0x1490\n __sock_sendmsg+0x332/0x3d0\n ____sys_sendmsg+0x863/0xc30\n ___sys_sendmsg+0x285/0x3e0\n __x64_sys_sendmsg+0x2d6/0x560\n x64_sys_call+0x1316/0x3cc0\n do_syscall_64+0xd8/0x1c0\n entry_SYSCALL_64_after_hwframe+0x79/0x81\n\nUninit was created at:\n __kmalloc+0x571/0xd30\n attach_auth+0x106/0x3e0\n xfrm_add_sa+0x2aa0/0x4230\n xfrm_user_rcv_msg+0x832/0xc00\n netlink_rcv_skb+0x613/0x780\n xfrm_netlink_rcv+0x77/0xc0\n netlink_unicast+0xe90/0x1280\n netlink_sendmsg+0x126d/0x1490\n __sock_sendmsg+0x332/0x3d0\n ____sys_sendmsg+0x863/0xc30\n ___sys_sendmsg+0x285/0x3e0\n __x64_sys_sendmsg+0x2d6/0x560\n x64_sys_call+0x1316/0x3cc0\n do_syscall_64+0xd8/0x1c0\n entry_SYSCALL_64_after_hwframe+0x79/0x81\n\nBytes 328-379 of 732 are uninitialized\nMemory access of size 732 starts at ffff88800e18e000\nData copied to user address 00007ff30f48aff0\n\nCPU: 2 PID: 18167 Comm: syz-executor.0 Not tainted 6.8.11 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n\nFixes copying of xfrm algorithms where some random\ndata of the structure fields can end up in userspace.\nPadding in structures may be filled with random (possibly sensitve)\ndata and should never be given directly to user-space.\n\nA similar issue was resolved in the commit\n8222d5910dae (\"xfrm: Zero padding when dumping algos and encap\")\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50110",
"url": "https://www.suse.com/security/cve/CVE-2024-50110"
},
{
"category": "external",
"summary": "SUSE Bug 1232885 for CVE-2024-50110",
"url": "https://bugzilla.suse.com/1232885"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50110"
},
{
"cve": "CVE-2024-50115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50115"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory\n\nIgnore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits\n4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn\u0027t\nenforce 32-byte alignment of nCR3.\n\nIn the absolute worst case scenario, failure to ignore bits 4:0 can result\nin an out-of-bounds read, e.g. if the target page is at the end of a\nmemslot, and the VMM isn\u0027t using guard pages.\n\nPer the APM:\n\n The CR3 register points to the base address of the page-directory-pointer\n table. The page-directory-pointer table is aligned on a 32-byte boundary,\n with the low 5 address bits 4:0 assumed to be 0.\n\nAnd the SDM\u0027s much more explicit:\n\n 4:0 Ignored\n\nNote, KVM gets this right when loading PDPTRs, it\u0027s only the nSVM flow\nthat is broken.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50115",
"url": "https://www.suse.com/security/cve/CVE-2024-50115"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232919 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "external",
"summary": "SUSE Bug 1233019 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1233019"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-50115"
},
{
"cve": "CVE-2024-50116",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50116"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix kernel bug due to missing clearing of buffer delay flag\n\nSyzbot reported that after nilfs2 reads a corrupted file system image\nand degrades to read-only, the BUG_ON check for the buffer delay flag\nin submit_bh_wbc() may fail, causing a kernel bug.\n\nThis is because the buffer delay flag is not cleared when clearing the\nbuffer state flags to discard a page/folio or a buffer head. So, fix\nthis.\n\nThis became necessary when the use of nilfs2\u0027s own page clear routine\nwas expanded. This state inconsistency does not occur if the buffer\nis written normally by log writing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50116",
"url": "https://www.suse.com/security/cve/CVE-2024-50116"
},
{
"category": "external",
"summary": "SUSE Bug 1232892 for CVE-2024-50116",
"url": "https://bugzilla.suse.com/1232892"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50116"
},
{
"cve": "CVE-2024-50117",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50117"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd: Guard against bad data for ATIF ACPI method\n\nIf a BIOS provides bad data in response to an ATIF method call\nthis causes a NULL pointer dereference in the caller.\n\n```\n? show_regs (arch/x86/kernel/dumpstack.c:478 (discriminator 1))\n? __die (arch/x86/kernel/dumpstack.c:423 arch/x86/kernel/dumpstack.c:434)\n? page_fault_oops (arch/x86/mm/fault.c:544 (discriminator 2) arch/x86/mm/fault.c:705 (discriminator 2))\n? do_user_addr_fault (arch/x86/mm/fault.c:440 (discriminator 1) arch/x86/mm/fault.c:1232 (discriminator 1))\n? acpi_ut_update_object_reference (drivers/acpi/acpica/utdelete.c:642)\n? exc_page_fault (arch/x86/mm/fault.c:1542)\n? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:623)\n? amdgpu_atif_query_backlight_caps.constprop.0 (drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c:387 (discriminator 2)) amdgpu\n? amdgpu_atif_query_backlight_caps.constprop.0 (drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c:386 (discriminator 1)) amdgpu\n```\n\nIt has been encountered on at least one system, so guard for it.\n\n(cherry picked from commit c9b7c809b89f24e9372a4e7f02d64c950b07fdee)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50117",
"url": "https://www.suse.com/security/cve/CVE-2024-50117"
},
{
"category": "external",
"summary": "SUSE Bug 1232897 for CVE-2024-50117",
"url": "https://bugzilla.suse.com/1232897"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50117"
},
{
"cve": "CVE-2024-50121",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50121"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net\n\nIn the normal case, when we excute `echo 0 \u003e /proc/fs/nfsd/threads`, the\nfunction `nfs4_state_destroy_net` in `nfs4_state_shutdown_net` will\nrelease all resources related to the hashed `nfs4_client`. If the\n`nfsd_client_shrinker` is running concurrently, the `expire_client`\nfunction will first unhash this client and then destroy it. This can\nlead to the following warning. Additionally, numerous use-after-free\nerrors may occur as well.\n\nnfsd_client_shrinker echo 0 \u003e /proc/fs/nfsd/threads\n\nexpire_client nfsd_shutdown_net\n unhash_client ...\n nfs4_state_shutdown_net\n /* won\u0027t wait shrinker exit */\n /* cancel_work(\u0026nn-\u003enfsd_shrinker_work)\n * nfsd_file for this /* won\u0027t destroy unhashed client1 */\n * client1 still alive nfs4_state_destroy_net\n */\n\n nfsd_file_cache_shutdown\n /* trigger warning */\n kmem_cache_destroy(nfsd_file_slab)\n kmem_cache_destroy(nfsd_file_mark_slab)\n /* release nfsd_file and mark */\n __destroy_client\n\n====================================================================\nBUG nfsd_file (Not tainted): Objects remaining in nfsd_file on\n__kmem_cache_shutdown()\n--------------------------------------------------------------------\nCPU: 4 UID: 0 PID: 764 Comm: sh Not tainted 6.12.0-rc3+ #1\n\n dump_stack_lvl+0x53/0x70\n slab_err+0xb0/0xf0\n __kmem_cache_shutdown+0x15c/0x310\n kmem_cache_destroy+0x66/0x160\n nfsd_file_cache_shutdown+0xac/0x210 [nfsd]\n nfsd_destroy_serv+0x251/0x2a0 [nfsd]\n nfsd_svc+0x125/0x1e0 [nfsd]\n write_threads+0x16a/0x2a0 [nfsd]\n nfsctl_transaction_write+0x74/0xa0 [nfsd]\n vfs_write+0x1a5/0x6d0\n ksys_write+0xc1/0x160\n do_syscall_64+0x5f/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n====================================================================\nBUG nfsd_file_mark (Tainted: G B W ): Objects remaining\nnfsd_file_mark on __kmem_cache_shutdown()\n--------------------------------------------------------------------\n\n dump_stack_lvl+0x53/0x70\n slab_err+0xb0/0xf0\n __kmem_cache_shutdown+0x15c/0x310\n kmem_cache_destroy+0x66/0x160\n nfsd_file_cache_shutdown+0xc8/0x210 [nfsd]\n nfsd_destroy_serv+0x251/0x2a0 [nfsd]\n nfsd_svc+0x125/0x1e0 [nfsd]\n write_threads+0x16a/0x2a0 [nfsd]\n nfsctl_transaction_write+0x74/0xa0 [nfsd]\n vfs_write+0x1a5/0x6d0\n ksys_write+0xc1/0x160\n do_syscall_64+0x5f/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nTo resolve this issue, cancel `nfsd_shrinker_work` using synchronous\nmode in nfs4_state_shutdown_net.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50121",
"url": "https://www.suse.com/security/cve/CVE-2024-50121"
},
{
"category": "external",
"summary": "SUSE Bug 1232925 for CVE-2024-50121",
"url": "https://bugzilla.suse.com/1232925"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50121"
},
{
"cve": "CVE-2024-50124",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50124"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: ISO: Fix UAF on iso_sock_timeout\n\nconn-\u003esk maybe have been unlinked/freed while waiting for iso_conn_lock\nso this checks if the conn-\u003esk is still valid by checking if it part of\niso_sk_list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50124",
"url": "https://www.suse.com/security/cve/CVE-2024-50124"
},
{
"category": "external",
"summary": "SUSE Bug 1232926 for CVE-2024-50124",
"url": "https://bugzilla.suse.com/1232926"
},
{
"category": "external",
"summary": "SUSE Bug 1232927 for CVE-2024-50124",
"url": "https://bugzilla.suse.com/1232927"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-50124"
},
{
"cve": "CVE-2024-50125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50125"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: SCO: Fix UAF on sco_sock_timeout\n\nconn-\u003esk maybe have been unlinked/freed while waiting for sco_conn_lock\nso this checks if the conn-\u003esk is still valid by checking if it part of\nsco_sk_list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50125",
"url": "https://www.suse.com/security/cve/CVE-2024-50125"
},
{
"category": "external",
"summary": "SUSE Bug 1232928 for CVE-2024-50125",
"url": "https://bugzilla.suse.com/1232928"
},
{
"category": "external",
"summary": "SUSE Bug 1232929 for CVE-2024-50125",
"url": "https://bugzilla.suse.com/1232929"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-50125"
},
{
"cve": "CVE-2024-50127",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50127"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix use-after-free in taprio_change()\n\nIn \u0027taprio_change()\u0027, \u0027admin\u0027 pointer may become dangling due to sched\nswitch / removal caused by \u0027advance_sched()\u0027, and critical section\nprotected by \u0027q-\u003ecurrent_entry_lock\u0027 is too small to prevent from such\na scenario (which causes use-after-free detected by KASAN). Fix this\nby prefer \u0027rcu_replace_pointer()\u0027 over \u0027rcu_assign_pointer()\u0027 to update\n\u0027admin\u0027 immediately before an attempt to schedule freeing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50127",
"url": "https://www.suse.com/security/cve/CVE-2024-50127"
},
{
"category": "external",
"summary": "SUSE Bug 1232907 for CVE-2024-50127",
"url": "https://bugzilla.suse.com/1232907"
},
{
"category": "external",
"summary": "SUSE Bug 1232908 for CVE-2024-50127",
"url": "https://bugzilla.suse.com/1232908"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-50127"
},
{
"cve": "CVE-2024-50128",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50128"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: wwan: fix global oob in wwan_rtnl_policy\n\nThe variable wwan_rtnl_link_ops assign a *bigger* maxtype which leads to\na global out-of-bounds read when parsing the netlink attributes. Exactly\nsame bug cause as the oob fixed in commit b33fb5b801c6 (\"net: qualcomm:\nrmnet: fix global oob in rmnet_policy\").\n\n==================================================================\nBUG: KASAN: global-out-of-bounds in validate_nla lib/nlattr.c:388 [inline]\nBUG: KASAN: global-out-of-bounds in __nla_validate_parse+0x19d7/0x29a0 lib/nlattr.c:603\nRead of size 1 at addr ffffffff8b09cb60 by task syz.1.66276/323862\n\nCPU: 0 PID: 323862 Comm: syz.1.66276 Not tainted 6.1.70 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x177/0x231 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:284 [inline]\n print_report+0x14f/0x750 mm/kasan/report.c:395\n kasan_report+0x139/0x170 mm/kasan/report.c:495\n validate_nla lib/nlattr.c:388 [inline]\n __nla_validate_parse+0x19d7/0x29a0 lib/nlattr.c:603\n __nla_parse+0x3c/0x50 lib/nlattr.c:700\n nla_parse_nested_deprecated include/net/netlink.h:1269 [inline]\n __rtnl_newlink net/core/rtnetlink.c:3514 [inline]\n rtnl_newlink+0x7bc/0x1fd0 net/core/rtnetlink.c:3623\n rtnetlink_rcv_msg+0x794/0xef0 net/core/rtnetlink.c:6122\n netlink_rcv_skb+0x1de/0x420 net/netlink/af_netlink.c:2508\n netlink_unicast_kernel net/netlink/af_netlink.c:1326 [inline]\n netlink_unicast+0x74b/0x8c0 net/netlink/af_netlink.c:1352\n netlink_sendmsg+0x882/0xb90 net/netlink/af_netlink.c:1874\n sock_sendmsg_nosec net/socket.c:716 [inline]\n __sock_sendmsg net/socket.c:728 [inline]\n ____sys_sendmsg+0x5cc/0x8f0 net/socket.c:2499\n ___sys_sendmsg+0x21c/0x290 net/socket.c:2553\n __sys_sendmsg net/socket.c:2582 [inline]\n __do_sys_sendmsg net/socket.c:2591 [inline]\n __se_sys_sendmsg+0x19e/0x270 net/socket.c:2589\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x45/0x90 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7f67b19a24ad\nRSP: 002b:00007f67b17febb8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f67b1b45f80 RCX: 00007f67b19a24ad\nRDX: 0000000000000000 RSI: 0000000020005e40 RDI: 0000000000000004\nRBP: 00007f67b1a1e01d R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007ffd2513764f R14: 00007ffd251376e0 R15: 00007f67b17fed40\n \u003c/TASK\u003e\n\nThe buggy address belongs to the variable:\n wwan_rtnl_policy+0x20/0x40\n\nThe buggy address belongs to the physical page:\npage:ffffea00002c2700 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xb09c\nflags: 0xfff00000001000(reserved|node=0|zone=1|lastcpupid=0x7ff)\nraw: 00fff00000001000 ffffea00002c2708 ffffea00002c2708 0000000000000000\nraw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner info is not present (never set?)\n\nMemory state around the buggy address:\n ffffffff8b09ca00: 05 f9 f9 f9 05 f9 f9 f9 00 01 f9 f9 00 01 f9 f9\n ffffffff8b09ca80: 00 00 00 05 f9 f9 f9 f9 00 00 03 f9 f9 f9 f9 f9\n\u003effffffff8b09cb00: 00 00 00 00 05 f9 f9 f9 00 00 00 00 f9 f9 f9 f9\n ^\n ffffffff8b09cb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n==================================================================\n\nAccording to the comment of `nla_parse_nested_deprecated`, use correct size\n`IFLA_WWAN_MAX` here to fix this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50128",
"url": "https://www.suse.com/security/cve/CVE-2024-50128"
},
{
"category": "external",
"summary": "SUSE Bug 1232905 for CVE-2024-50128",
"url": "https://bugzilla.suse.com/1232905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50128"
},
{
"cve": "CVE-2024-50130",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50130"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: bpf: must hold reference on net namespace\n\nBUG: KASAN: slab-use-after-free in __nf_unregister_net_hook+0x640/0x6b0\nRead of size 8 at addr ffff8880106fe400 by task repro/72=\nbpf_nf_link_release+0xda/0x1e0\nbpf_link_free+0x139/0x2d0\nbpf_link_release+0x68/0x80\n__fput+0x414/0xb60\n\nEric says:\n It seems that bpf was able to defer the __nf_unregister_net_hook()\n after exit()/close() time.\n Perhaps a netns reference is missing, because the netns has been\n dismantled/freed already.\n bpf_nf_link_attach() does :\n link-\u003enet = net;\n But I do not see a reference being taken on net.\n\nAdd such a reference and release it after hook unreg.\nNote that I was unable to get syzbot reproducer to work, so I\ndo not know if this resolves this splat.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50130",
"url": "https://www.suse.com/security/cve/CVE-2024-50130"
},
{
"category": "external",
"summary": "SUSE Bug 1232894 for CVE-2024-50130",
"url": "https://bugzilla.suse.com/1232894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50130"
},
{
"cve": "CVE-2024-50131",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50131"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Consider the NULL character when validating the event length\n\nstrlen() returns a string length excluding the null byte. If the string\nlength equals to the maximum buffer length, the buffer will have no\nspace for the NULL terminating character.\n\nThis commit checks this condition and returns failure for it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50131",
"url": "https://www.suse.com/security/cve/CVE-2024-50131"
},
{
"category": "external",
"summary": "SUSE Bug 1232896 for CVE-2024-50131",
"url": "https://bugzilla.suse.com/1232896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50131"
},
{
"cve": "CVE-2024-50134",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50134"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA\n\nReplace the fake VLA at end of the vbva_mouse_pointer_shape shape with\na real VLA to fix a \"memcpy: detected field-spanning write error\" warning:\n\n[ 13.319813] memcpy: detected field-spanning write (size 16896) of single field \"p-\u003edata\" at drivers/gpu/drm/vboxvideo/hgsmi_base.c:154 (size 4)\n[ 13.319841] WARNING: CPU: 0 PID: 1105 at drivers/gpu/drm/vboxvideo/hgsmi_base.c:154 hgsmi_update_pointer_shape+0x192/0x1c0 [vboxvideo]\n[ 13.320038] Call Trace:\n[ 13.320173] hgsmi_update_pointer_shape [vboxvideo]\n[ 13.320184] vbox_cursor_atomic_update [vboxvideo]\n\nNote as mentioned in the added comment it seems the original length\ncalculation for the allocated and send hgsmi buffer is 4 bytes too large.\nChanging this is not the goal of this patch, so this behavior is kept.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50134",
"url": "https://www.suse.com/security/cve/CVE-2024-50134"
},
{
"category": "external",
"summary": "SUSE Bug 1232890 for CVE-2024-50134",
"url": "https://bugzilla.suse.com/1232890"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50134"
},
{
"cve": "CVE-2024-50135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50135"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: fix race condition between reset and nvme_dev_disable()\n\nnvme_dev_disable() modifies the dev-\u003eonline_queues field, therefore\nnvme_pci_update_nr_queues() should avoid racing against it, otherwise\nwe could end up passing invalid values to blk_mq_update_nr_hw_queues().\n\n WARNING: CPU: 39 PID: 61303 at drivers/pci/msi/api.c:347\n pci_irq_get_affinity+0x187/0x210\n Workqueue: nvme-reset-wq nvme_reset_work [nvme]\n RIP: 0010:pci_irq_get_affinity+0x187/0x210\n Call Trace:\n \u003cTASK\u003e\n ? blk_mq_pci_map_queues+0x87/0x3c0\n ? pci_irq_get_affinity+0x187/0x210\n blk_mq_pci_map_queues+0x87/0x3c0\n nvme_pci_map_queues+0x189/0x460 [nvme]\n blk_mq_update_nr_hw_queues+0x2a/0x40\n nvme_reset_work+0x1be/0x2a0 [nvme]\n\nFix the bug by locking the shutdown_lock mutex before using\ndev-\u003eonline_queues. Give up if nvme_dev_disable() is running or if\nit has been executed already.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50135",
"url": "https://www.suse.com/security/cve/CVE-2024-50135"
},
{
"category": "external",
"summary": "SUSE Bug 1232888 for CVE-2024-50135",
"url": "https://bugzilla.suse.com/1232888"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50135"
},
{
"cve": "CVE-2024-50136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50136"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Unregister notifier on eswitch init failure\n\nIt otherwise remains registered and a subsequent attempt at eswitch\nenabling might trigger warnings of the sort:\n\n[ 682.589148] ------------[ cut here ]------------\n[ 682.590204] notifier callback eswitch_vport_event [mlx5_core] already registered\n[ 682.590256] WARNING: CPU: 13 PID: 2660 at kernel/notifier.c:31 notifier_chain_register+0x3e/0x90\n[...snipped]\n[ 682.610052] Call Trace:\n[ 682.610369] \u003cTASK\u003e\n[ 682.610663] ? __warn+0x7c/0x110\n[ 682.611050] ? notifier_chain_register+0x3e/0x90\n[ 682.611556] ? report_bug+0x148/0x170\n[ 682.611977] ? handle_bug+0x36/0x70\n[ 682.612384] ? exc_invalid_op+0x13/0x60\n[ 682.612817] ? asm_exc_invalid_op+0x16/0x20\n[ 682.613284] ? notifier_chain_register+0x3e/0x90\n[ 682.613789] atomic_notifier_chain_register+0x25/0x40\n[ 682.614322] mlx5_eswitch_enable_locked+0x1d4/0x3b0 [mlx5_core]\n[ 682.614965] mlx5_eswitch_enable+0xc9/0x100 [mlx5_core]\n[ 682.615551] mlx5_device_enable_sriov+0x25/0x340 [mlx5_core]\n[ 682.616170] mlx5_core_sriov_configure+0x50/0x170 [mlx5_core]\n[ 682.616789] sriov_numvfs_store+0xb0/0x1b0\n[ 682.617248] kernfs_fop_write_iter+0x117/0x1a0\n[ 682.617734] vfs_write+0x231/0x3f0\n[ 682.618138] ksys_write+0x63/0xe0\n[ 682.618536] do_syscall_64+0x4c/0x100\n[ 682.618958] entry_SYSCALL_64_after_hwframe+0x4b/0x53",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50136",
"url": "https://www.suse.com/security/cve/CVE-2024-50136"
},
{
"category": "external",
"summary": "SUSE Bug 1232914 for CVE-2024-50136",
"url": "https://bugzilla.suse.com/1232914"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50136"
},
{
"cve": "CVE-2024-50138",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50138"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Use raw_spinlock_t in ringbuf\n\nThe function __bpf_ringbuf_reserve is invoked from a tracepoint, which\ndisables preemption. Using spinlock_t in this context can lead to a\n\"sleep in atomic\" warning in the RT variant. This issue is illustrated\nin the example below:\n\nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\nin_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 556208, name: test_progs\npreempt_count: 1, expected: 0\nRCU nest depth: 1, expected: 1\nINFO: lockdep is turned off.\nPreemption disabled at:\n[\u003cffffd33a5c88ea44\u003e] migrate_enable+0xc0/0x39c\nCPU: 7 PID: 556208 Comm: test_progs Tainted: G\nHardware name: Qualcomm SA8775P Ride (DT)\nCall trace:\n dump_backtrace+0xac/0x130\n show_stack+0x1c/0x30\n dump_stack_lvl+0xac/0xe8\n dump_stack+0x18/0x30\n __might_resched+0x3bc/0x4fc\n rt_spin_lock+0x8c/0x1a4\n __bpf_ringbuf_reserve+0xc4/0x254\n bpf_ringbuf_reserve_dynptr+0x5c/0xdc\n bpf_prog_ac3d15160d62622a_test_read_write+0x104/0x238\n trace_call_bpf+0x238/0x774\n perf_call_bpf_enter.isra.0+0x104/0x194\n perf_syscall_enter+0x2f8/0x510\n trace_sys_enter+0x39c/0x564\n syscall_trace_enter+0x220/0x3c0\n do_el0_svc+0x138/0x1dc\n el0_svc+0x54/0x130\n el0t_64_sync_handler+0x134/0x150\n el0t_64_sync+0x17c/0x180\n\nSwitch the spinlock to raw_spinlock_t to avoid this error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50138",
"url": "https://www.suse.com/security/cve/CVE-2024-50138"
},
{
"category": "external",
"summary": "SUSE Bug 1232935 for CVE-2024-50138",
"url": "https://bugzilla.suse.com/1232935"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50138"
},
{
"cve": "CVE-2024-50139",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50139"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Fix shift-out-of-bounds bug\n\nFix a shift-out-of-bounds bug reported by UBSAN when running\nVM with MTE enabled host kernel.\n\nUBSAN: shift-out-of-bounds in arch/arm64/kvm/sys_regs.c:1988:14\nshift exponent 33 is too large for 32-bit type \u0027int\u0027\nCPU: 26 UID: 0 PID: 7629 Comm: qemu-kvm Not tainted 6.12.0-rc2 #34\nHardware name: IEI NF5280R7/Mitchell MB, BIOS 00.00. 2024-10-12 09:28:54 10/14/2024\nCall trace:\n dump_backtrace+0xa0/0x128\n show_stack+0x20/0x38\n dump_stack_lvl+0x74/0x90\n dump_stack+0x18/0x28\n __ubsan_handle_shift_out_of_bounds+0xf8/0x1e0\n reset_clidr+0x10c/0x1c8\n kvm_reset_sys_regs+0x50/0x1c8\n kvm_reset_vcpu+0xec/0x2b0\n __kvm_vcpu_set_target+0x84/0x158\n kvm_vcpu_set_target+0x138/0x168\n kvm_arch_vcpu_ioctl_vcpu_init+0x40/0x2b0\n kvm_arch_vcpu_ioctl+0x28c/0x4b8\n kvm_vcpu_ioctl+0x4bc/0x7a8\n __arm64_sys_ioctl+0xb4/0x100\n invoke_syscall+0x70/0x100\n el0_svc_common.constprop.0+0x48/0xf0\n do_el0_svc+0x24/0x38\n el0_svc+0x3c/0x158\n el0t_64_sync_handler+0x120/0x130\n el0t_64_sync+0x194/0x198",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50139",
"url": "https://www.suse.com/security/cve/CVE-2024-50139"
},
{
"category": "external",
"summary": "SUSE Bug 1233062 for CVE-2024-50139",
"url": "https://bugzilla.suse.com/1233062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50139"
},
{
"cve": "CVE-2024-50141",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50141"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context\n\nPRMT needs to find the correct type of block to translate the PA-VA\nmapping for EFI runtime services.\n\nThe issue arises because the PRMT is finding a block of type\nEFI_CONVENTIONAL_MEMORY, which is not appropriate for runtime services\nas described in Section 2.2.2 (Runtime Services) of the UEFI\nSpecification [1]. Since the PRM handler is a type of runtime service,\nthis causes an exception when the PRM handler is called.\n\n [Firmware Bug]: Unable to handle paging request in EFI runtime service\n WARNING: CPU: 22 PID: 4330 at drivers/firmware/efi/runtime-wrappers.c:341\n __efi_queue_work+0x11c/0x170\n Call trace:\n\nLet PRMT find a block with EFI_MEMORY_RUNTIME for PRM handler and PRM\ncontext.\n\nIf no suitable block is found, a warning message will be printed, but\nthe procedure continues to manage the next PRM handler.\n\nHowever, if the PRM handler is actually called without proper allocation,\nit would result in a failure during error handling.\n\nBy using the correct memory types for runtime services, ensure that the\nPRM handler and the context are properly mapped in the virtual address\nspace during runtime, preventing the paging request error.\n\nThe issue is really that only memory that has been remapped for runtime\nby the firmware can be used by the PRM handler, and so the region needs\nto have the EFI_MEMORY_RUNTIME attribute.\n\n[ rjw: Subject and changelog edits ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50141",
"url": "https://www.suse.com/security/cve/CVE-2024-50141"
},
{
"category": "external",
"summary": "SUSE Bug 1233065 for CVE-2024-50141",
"url": "https://bugzilla.suse.com/1233065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50141"
},
{
"cve": "CVE-2024-50145",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50145"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteon_ep: Add SKB allocation failures handling in __octep_oq_process_rx()\n\nbuild_skb() returns NULL in case of a memory allocation failure so handle\nit inside __octep_oq_process_rx() to avoid NULL pointer dereference.\n\n__octep_oq_process_rx() is called during NAPI polling by the driver. If\nskb allocation fails, keep on pulling packets out of the Rx DMA queue: we\nshouldn\u0027t break the polling immediately and thus falsely indicate to the\noctep_napi_poll() that the Rx pressure is going down. As there is no\nassociated skb in this case, don\u0027t process the packets and don\u0027t push them\nup the network stack - they are skipped.\n\nHelper function is implemented to unmmap/flush all the fragment buffers\nused by the dropped packet. \u0027alloc_failures\u0027 counter is incremented to\nmark the skb allocation error in driver statistics.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50145",
"url": "https://www.suse.com/security/cve/CVE-2024-50145"
},
{
"category": "external",
"summary": "SUSE Bug 1233044 for CVE-2024-50145",
"url": "https://bugzilla.suse.com/1233044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50145"
},
{
"cve": "CVE-2024-50146",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50146"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Don\u0027t call cleanup on profile rollback failure\n\nWhen profile rollback fails in mlx5e_netdev_change_profile, the netdev\nprofile var is left set to NULL. Avoid a crash when unloading the driver\nby not calling profile-\u003ecleanup in such a case.\n\nThis was encountered while testing, with the original trigger that\nthe wq rescuer thread creation got interrupted (presumably due to\nCtrl+C-ing modprobe), which gets converted to ENOMEM (-12) by\nmlx5e_priv_init, the profile rollback also fails for the same reason\n(signal still active) so the profile is left as NULL, leading to a crash\nlater in _mlx5e_remove.\n\n [ 732.473932] mlx5_core 0000:08:00.1: E-Switch: Unload vfs: mode(OFFLOADS), nvfs(2), necvfs(0), active vports(2)\n [ 734.525513] workqueue: Failed to create a rescuer kthread for wq \"mlx5e\": -EINTR\n [ 734.557372] mlx5_core 0000:08:00.1: mlx5e_netdev_init_profile:6235:(pid 6086): mlx5e_priv_init failed, err=-12\n [ 734.559187] mlx5_core 0000:08:00.1 eth3: mlx5e_netdev_change_profile: new profile init failed, -12\n [ 734.560153] workqueue: Failed to create a rescuer kthread for wq \"mlx5e\": -EINTR\n [ 734.589378] mlx5_core 0000:08:00.1: mlx5e_netdev_init_profile:6235:(pid 6086): mlx5e_priv_init failed, err=-12\n [ 734.591136] mlx5_core 0000:08:00.1 eth3: mlx5e_netdev_change_profile: failed to rollback to orig profile, -12\n [ 745.537492] BUG: kernel NULL pointer dereference, address: 0000000000000008\n [ 745.538222] #PF: supervisor read access in kernel mode\n\u003csnipped\u003e\n [ 745.551290] Call Trace:\n [ 745.551590] \u003cTASK\u003e\n [ 745.551866] ? __die+0x20/0x60\n [ 745.552218] ? page_fault_oops+0x150/0x400\n [ 745.555307] ? exc_page_fault+0x79/0x240\n [ 745.555729] ? asm_exc_page_fault+0x22/0x30\n [ 745.556166] ? mlx5e_remove+0x6b/0xb0 [mlx5_core]\n [ 745.556698] auxiliary_bus_remove+0x18/0x30\n [ 745.557134] device_release_driver_internal+0x1df/0x240\n [ 745.557654] bus_remove_device+0xd7/0x140\n [ 745.558075] device_del+0x15b/0x3c0\n [ 745.558456] mlx5_rescan_drivers_locked.part.0+0xb1/0x2f0 [mlx5_core]\n [ 745.559112] mlx5_unregister_device+0x34/0x50 [mlx5_core]\n [ 745.559686] mlx5_uninit_one+0x46/0xf0 [mlx5_core]\n [ 745.560203] remove_one+0x4e/0xd0 [mlx5_core]\n [ 745.560694] pci_device_remove+0x39/0xa0\n [ 745.561112] device_release_driver_internal+0x1df/0x240\n [ 745.561631] driver_detach+0x47/0x90\n [ 745.562022] bus_remove_driver+0x84/0x100\n [ 745.562444] pci_unregister_driver+0x3b/0x90\n [ 745.562890] mlx5_cleanup+0xc/0x1b [mlx5_core]\n [ 745.563415] __x64_sys_delete_module+0x14d/0x2f0\n [ 745.563886] ? kmem_cache_free+0x1b0/0x460\n [ 745.564313] ? lockdep_hardirqs_on_prepare+0xe2/0x190\n [ 745.564825] do_syscall_64+0x6d/0x140\n [ 745.565223] entry_SYSCALL_64_after_hwframe+0x4b/0x53\n [ 745.565725] RIP: 0033:0x7f1579b1288b",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50146",
"url": "https://www.suse.com/security/cve/CVE-2024-50146"
},
{
"category": "external",
"summary": "SUSE Bug 1233056 for CVE-2024-50146",
"url": "https://bugzilla.suse.com/1233056"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50146"
},
{
"cve": "CVE-2024-50147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50147"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix command bitmask initialization\n\nCommand bitmask have a dedicated bit for MANAGE_PAGES command, this bit\nisn\u0027t Initialize during command bitmask Initialization, only during\nMANAGE_PAGES.\n\nIn addition, mlx5_cmd_trigger_completions() is trying to trigger\ncompletion for MANAGE_PAGES command as well.\n\nHence, in case health error occurred before any MANAGE_PAGES command\nhave been invoke (for example, during mlx5_enable_hca()),\nmlx5_cmd_trigger_completions() will try to trigger completion for\nMANAGE_PAGES command, which will result in null-ptr-deref error.[1]\n\nFix it by Initialize command bitmask correctly.\n\nWhile at it, re-write the code for better understanding.\n\n[1]\nBUG: KASAN: null-ptr-deref in mlx5_cmd_trigger_completions+0x1db/0x600 [mlx5_core]\nWrite of size 4 at addr 0000000000000214 by task kworker/u96:2/12078\nCPU: 10 PID: 12078 Comm: kworker/u96:2 Not tainted 6.9.0-rc2_for_upstream_debug_2024_04_07_19_01 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nWorkqueue: mlx5_health0000:08:00.0 mlx5_fw_fatal_reporter_err_work [mlx5_core]\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x7e/0xc0\n kasan_report+0xb9/0xf0\n kasan_check_range+0xec/0x190\n mlx5_cmd_trigger_completions+0x1db/0x600 [mlx5_core]\n mlx5_cmd_flush+0x94/0x240 [mlx5_core]\n enter_error_state+0x6c/0xd0 [mlx5_core]\n mlx5_fw_fatal_reporter_err_work+0xf3/0x480 [mlx5_core]\n process_one_work+0x787/0x1490\n ? lockdep_hardirqs_on_prepare+0x400/0x400\n ? pwq_dec_nr_in_flight+0xda0/0xda0\n ? assign_work+0x168/0x240\n worker_thread+0x586/0xd30\n ? rescuer_thread+0xae0/0xae0\n kthread+0x2df/0x3b0\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x2d/0x70\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50147",
"url": "https://www.suse.com/security/cve/CVE-2024-50147"
},
{
"category": "external",
"summary": "SUSE Bug 1233067 for CVE-2024-50147",
"url": "https://bugzilla.suse.com/1233067"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50147"
},
{
"cve": "CVE-2024-50148",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50148"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: bnep: fix wild-memory-access in proto_unregister\n\nThere\u0027s issue as follows:\n KASAN: maybe wild-memory-access in range [0xdead...108-0xdead...10f]\n CPU: 3 UID: 0 PID: 2805 Comm: rmmod Tainted: G W\n RIP: 0010:proto_unregister+0xee/0x400\n Call Trace:\n \u003cTASK\u003e\n __do_sys_delete_module+0x318/0x580\n do_syscall_64+0xc1/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nAs bnep_init() ignore bnep_sock_init()\u0027s return value, and bnep_sock_init()\nwill cleanup all resource. Then when remove bnep module will call\nbnep_sock_cleanup() to cleanup sock\u0027s resource.\nTo solve above issue just return bnep_sock_init()\u0027s return value in\nbnep_exit().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50148",
"url": "https://www.suse.com/security/cve/CVE-2024-50148"
},
{
"category": "external",
"summary": "SUSE Bug 1233063 for CVE-2024-50148",
"url": "https://bugzilla.suse.com/1233063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50148"
},
{
"cve": "CVE-2024-50150",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50150"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: altmode should keep reference to parent\n\nThe altmode device release refers to its parent device, but without keeping\na reference to it.\n\nWhen registering the altmode, get a reference to the parent and put it in\nthe release function.\n\nBefore this fix, when using CONFIG_DEBUG_KOBJECT_RELEASE, we see issues\nlike this:\n\n[ 43.572860] kobject: \u0027port0.0\u0027 (ffff8880057ba008): kobject_release, parent 0000000000000000 (delayed 3000)\n[ 43.573532] kobject: \u0027port0.1\u0027 (ffff8880057bd008): kobject_release, parent 0000000000000000 (delayed 1000)\n[ 43.574407] kobject: \u0027port0\u0027 (ffff8880057b9008): kobject_release, parent 0000000000000000 (delayed 3000)\n[ 43.575059] kobject: \u0027port1.0\u0027 (ffff8880057ca008): kobject_release, parent 0000000000000000 (delayed 4000)\n[ 43.575908] kobject: \u0027port1.1\u0027 (ffff8880057c9008): kobject_release, parent 0000000000000000 (delayed 4000)\n[ 43.576908] kobject: \u0027typec\u0027 (ffff8880062dbc00): kobject_release, parent 0000000000000000 (delayed 4000)\n[ 43.577769] kobject: \u0027port1\u0027 (ffff8880057bf008): kobject_release, parent 0000000000000000 (delayed 3000)\n[ 46.612867] ==================================================================\n[ 46.613402] BUG: KASAN: slab-use-after-free in typec_altmode_release+0x38/0x129\n[ 46.614003] Read of size 8 at addr ffff8880057b9118 by task kworker/2:1/48\n[ 46.614538]\n[ 46.614668] CPU: 2 UID: 0 PID: 48 Comm: kworker/2:1 Not tainted 6.12.0-rc1-00138-gedbae730ad31 #535\n[ 46.615391] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[ 46.616042] Workqueue: events kobject_delayed_cleanup\n[ 46.616446] Call Trace:\n[ 46.616648] \u003cTASK\u003e\n[ 46.616820] dump_stack_lvl+0x5b/0x7c\n[ 46.617112] ? typec_altmode_release+0x38/0x129\n[ 46.617470] print_report+0x14c/0x49e\n[ 46.617769] ? rcu_read_unlock_sched+0x56/0x69\n[ 46.618117] ? __virt_addr_valid+0x19a/0x1ab\n[ 46.618456] ? kmem_cache_debug_flags+0xc/0x1d\n[ 46.618807] ? typec_altmode_release+0x38/0x129\n[ 46.619161] kasan_report+0x8d/0xb4\n[ 46.619447] ? typec_altmode_release+0x38/0x129\n[ 46.619809] ? process_scheduled_works+0x3cb/0x85f\n[ 46.620185] typec_altmode_release+0x38/0x129\n[ 46.620537] ? process_scheduled_works+0x3cb/0x85f\n[ 46.620907] device_release+0xaf/0xf2\n[ 46.621206] kobject_delayed_cleanup+0x13b/0x17a\n[ 46.621584] process_scheduled_works+0x4f6/0x85f\n[ 46.621955] ? __pfx_process_scheduled_works+0x10/0x10\n[ 46.622353] ? hlock_class+0x31/0x9a\n[ 46.622647] ? lock_acquired+0x361/0x3c3\n[ 46.622956] ? move_linked_works+0x46/0x7d\n[ 46.623277] worker_thread+0x1ce/0x291\n[ 46.623582] ? __kthread_parkme+0xc8/0xdf\n[ 46.623900] ? __pfx_worker_thread+0x10/0x10\n[ 46.624236] kthread+0x17e/0x190\n[ 46.624501] ? kthread+0xfb/0x190\n[ 46.624756] ? __pfx_kthread+0x10/0x10\n[ 46.625015] ret_from_fork+0x20/0x40\n[ 46.625268] ? __pfx_kthread+0x10/0x10\n[ 46.625532] ret_from_fork_asm+0x1a/0x30\n[ 46.625805] \u003c/TASK\u003e\n[ 46.625953]\n[ 46.626056] Allocated by task 678:\n[ 46.626287] kasan_save_stack+0x24/0x44\n[ 46.626555] kasan_save_track+0x14/0x2d\n[ 46.626811] __kasan_kmalloc+0x3f/0x4d\n[ 46.627049] __kmalloc_noprof+0x1bf/0x1f0\n[ 46.627362] typec_register_port+0x23/0x491\n[ 46.627698] cros_typec_probe+0x634/0xbb6\n[ 46.628026] platform_probe+0x47/0x8c\n[ 46.628311] really_probe+0x20a/0x47d\n[ 46.628605] device_driver_attach+0x39/0x72\n[ 46.628940] bind_store+0x87/0xd7\n[ 46.629213] kernfs_fop_write_iter+0x1aa/0x218\n[ 46.629574] vfs_write+0x1d6/0x29b\n[ 46.629856] ksys_write+0xcd/0x13b\n[ 46.630128] do_syscall_64+0xd4/0x139\n[ 46.630420] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 46.630820]\n[ 46.630946] Freed by task 48:\n[ 46.631182] kasan_save_stack+0x24/0x44\n[ 46.631493] kasan_save_track+0x14/0x2d\n[ 46.631799] kasan_save_free_info+0x3f/0x4d\n[ 46.632144] __kasan_slab_free+0x37/0x45\n[ 46.632474]\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50150",
"url": "https://www.suse.com/security/cve/CVE-2024-50150"
},
{
"category": "external",
"summary": "SUSE Bug 1233051 for CVE-2024-50150",
"url": "https://bugzilla.suse.com/1233051"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50150"
},
{
"cve": "CVE-2024-50153",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50153"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: core: Fix null-ptr-deref in target_alloc_device()\n\nThere is a null-ptr-deref issue reported by KASAN:\n\nBUG: KASAN: null-ptr-deref in target_alloc_device+0xbc4/0xbe0 [target_core_mod]\n...\n kasan_report+0xb9/0xf0\n target_alloc_device+0xbc4/0xbe0 [target_core_mod]\n core_dev_setup_virtual_lun0+0xef/0x1f0 [target_core_mod]\n target_core_init_configfs+0x205/0x420 [target_core_mod]\n do_one_initcall+0xdd/0x4e0\n...\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nIn target_alloc_device(), if allocing memory for dev queues fails, then\ndev will be freed by dev-\u003etransport-\u003efree_device(), but dev-\u003etransport\nis not initialized at that time, which will lead to a null pointer\nreference problem.\n\nFixing this bug by freeing dev with hba-\u003ebackend-\u003eops-\u003efree_device().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50153",
"url": "https://www.suse.com/security/cve/CVE-2024-50153"
},
{
"category": "external",
"summary": "SUSE Bug 1233061 for CVE-2024-50153",
"url": "https://bugzilla.suse.com/1233061"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50153"
},
{
"cve": "CVE-2024-50154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50154"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp/dccp: Don\u0027t use timer_pending() in reqsk_queue_unlink().\n\nMartin KaFai Lau reported use-after-free [0] in reqsk_timer_handler().\n\n \"\"\"\n We are seeing a use-after-free from a bpf prog attached to\n trace_tcp_retransmit_synack. The program passes the req-\u003esk to the\n bpf_sk_storage_get_tracing kernel helper which does check for null\n before using it.\n \"\"\"\n\nThe commit 83fccfc3940c (\"inet: fix potential deadlock in\nreqsk_queue_unlink()\") added timer_pending() in reqsk_queue_unlink() not\nto call del_timer_sync() from reqsk_timer_handler(), but it introduced a\nsmall race window.\n\nBefore the timer is called, expire_timers() calls detach_timer(timer, true)\nto clear timer-\u003eentry.pprev and marks it as not pending.\n\nIf reqsk_queue_unlink() checks timer_pending() just after expire_timers()\ncalls detach_timer(), TCP will miss del_timer_sync(); the reqsk timer will\ncontinue running and send multiple SYN+ACKs until it expires.\n\nThe reported UAF could happen if req-\u003esk is close()d earlier than the timer\nexpiration, which is 63s by default.\n\nThe scenario would be\n\n 1. inet_csk_complete_hashdance() calls inet_csk_reqsk_queue_drop(),\n but del_timer_sync() is missed\n\n 2. reqsk timer is executed and scheduled again\n\n 3. req-\u003esk is accept()ed and reqsk_put() decrements rsk_refcnt, but\n reqsk timer still has another one, and inet_csk_accept() does not\n clear req-\u003esk for non-TFO sockets\n\n 4. sk is close()d\n\n 5. reqsk timer is executed again, and BPF touches req-\u003esk\n\nLet\u0027s not use timer_pending() by passing the caller context to\n__inet_csk_reqsk_queue_drop().\n\nNote that reqsk timer is pinned, so the issue does not happen in most\nuse cases. [1]\n\n[0]\nBUG: KFENCE: use-after-free read in bpf_sk_storage_get_tracing+0x2e/0x1b0\n\nUse-after-free read at 0x00000000a891fb3a (in kfence-#1):\nbpf_sk_storage_get_tracing+0x2e/0x1b0\nbpf_prog_5ea3e95db6da0438_tcp_retransmit_synack+0x1d20/0x1dda\nbpf_trace_run2+0x4c/0xc0\ntcp_rtx_synack+0xf9/0x100\nreqsk_timer_handler+0xda/0x3d0\nrun_timer_softirq+0x292/0x8a0\nirq_exit_rcu+0xf5/0x320\nsysvec_apic_timer_interrupt+0x6d/0x80\nasm_sysvec_apic_timer_interrupt+0x16/0x20\nintel_idle_irq+0x5a/0xa0\ncpuidle_enter_state+0x94/0x273\ncpu_startup_entry+0x15e/0x260\nstart_secondary+0x8a/0x90\nsecondary_startup_64_no_verify+0xfa/0xfb\n\nkfence-#1: 0x00000000a72cc7b6-0x00000000d97616d9, size=2376, cache=TCPv6\n\nallocated by task 0 on cpu 9 at 260507.901592s:\nsk_prot_alloc+0x35/0x140\nsk_clone_lock+0x1f/0x3f0\ninet_csk_clone_lock+0x15/0x160\ntcp_create_openreq_child+0x1f/0x410\ntcp_v6_syn_recv_sock+0x1da/0x700\ntcp_check_req+0x1fb/0x510\ntcp_v6_rcv+0x98b/0x1420\nipv6_list_rcv+0x2258/0x26e0\nnapi_complete_done+0x5b1/0x2990\nmlx5e_napi_poll+0x2ae/0x8d0\nnet_rx_action+0x13e/0x590\nirq_exit_rcu+0xf5/0x320\ncommon_interrupt+0x80/0x90\nasm_common_interrupt+0x22/0x40\ncpuidle_enter_state+0xfb/0x273\ncpu_startup_entry+0x15e/0x260\nstart_secondary+0x8a/0x90\nsecondary_startup_64_no_verify+0xfa/0xfb\n\nfreed by task 0 on cpu 9 at 260507.927527s:\nrcu_core_si+0x4ff/0xf10\nirq_exit_rcu+0xf5/0x320\nsysvec_apic_timer_interrupt+0x6d/0x80\nasm_sysvec_apic_timer_interrupt+0x16/0x20\ncpuidle_enter_state+0xfb/0x273\ncpu_startup_entry+0x15e/0x260\nstart_secondary+0x8a/0x90\nsecondary_startup_64_no_verify+0xfa/0xfb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50154",
"url": "https://www.suse.com/security/cve/CVE-2024-50154"
},
{
"category": "external",
"summary": "SUSE Bug 1233070 for CVE-2024-50154",
"url": "https://bugzilla.suse.com/1233070"
},
{
"category": "external",
"summary": "SUSE Bug 1233072 for CVE-2024-50154",
"url": "https://bugzilla.suse.com/1233072"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-50154"
},
{
"cve": "CVE-2024-50155",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50155"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetdevsim: use cond_resched() in nsim_dev_trap_report_work()\n\nI am still seeing many syzbot reports hinting that syzbot\nmight fool nsim_dev_trap_report_work() with hundreds of ports [1]\n\nLets use cond_resched(), and system_unbound_wq\ninstead of implicit system_wq.\n\n[1]\nINFO: task syz-executor:20633 blocked for more than 143 seconds.\n Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:syz-executor state:D stack:25856 pid:20633 tgid:20633 ppid:1 flags:0x00004006\n...\nNMI backtrace for cpu 1\nCPU: 1 UID: 0 PID: 16760 Comm: kworker/1:0 Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: events nsim_dev_trap_report_work\n RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70 kernel/kcov.c:210\nCode: 89 fb e8 23 00 00 00 48 8b 3d 04 fb 9c 0c 48 89 de 5b e9 c3 c7 5d 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 \u003cf3\u003e 0f 1e fa 48 8b 04 24 65 48 8b 0c 25 c0 d7 03 00 65 8b 15 60 f0\nRSP: 0018:ffffc90000a187e8 EFLAGS: 00000246\nRAX: 0000000000000100 RBX: ffffc90000a188e0 RCX: ffff888027d3bc00\nRDX: ffff888027d3bc00 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffff88804a2e6000 R08: ffffffff8a4bc495 R09: ffffffff89da3577\nR10: 0000000000000004 R11: ffffffff8a4bc2b0 R12: dffffc0000000000\nR13: ffff88806573b503 R14: dffffc0000000000 R15: ffff8880663cca00\nFS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fc90a747f98 CR3: 000000000e734000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 000000000000002b DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cNMI\u003e\n \u003c/NMI\u003e\n \u003cTASK\u003e\n __local_bh_enable_ip+0x1bb/0x200 kernel/softirq.c:382\n spin_unlock_bh include/linux/spinlock.h:396 [inline]\n nsim_dev_trap_report drivers/net/netdevsim/dev.c:820 [inline]\n nsim_dev_trap_report_work+0x75d/0xaa0 drivers/net/netdevsim/dev.c:850\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50155",
"url": "https://www.suse.com/security/cve/CVE-2024-50155"
},
{
"category": "external",
"summary": "SUSE Bug 1233035 for CVE-2024-50155",
"url": "https://bugzilla.suse.com/1233035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50155"
},
{
"cve": "CVE-2024-50156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50156"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: Avoid NULL dereference in msm_disp_state_print_regs()\n\nIf the allocation in msm_disp_state_dump_regs() failed then\n`block-\u003estate` can be NULL. The msm_disp_state_print_regs() function\n_does_ have code to try to handle it with:\n\n if (*reg)\n dump_addr = *reg;\n\n...but since \"dump_addr\" is initialized to NULL the above is actually\na noop. The code then goes on to dereference `dump_addr`.\n\nMake the function print \"Registers not stored\" when it sees a NULL to\nsolve this. Since we\u0027re touching the code, fix\nmsm_disp_state_print_regs() not to pointlessly take a double-pointer\nand properly mark the pointer as `const`.\n\nPatchwork: https://patchwork.freedesktop.org/patch/619657/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50156",
"url": "https://www.suse.com/security/cve/CVE-2024-50156"
},
{
"category": "external",
"summary": "SUSE Bug 1233073 for CVE-2024-50156",
"url": "https://bugzilla.suse.com/1233073"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50156"
},
{
"cve": "CVE-2024-50157",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50157"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop\n\nDriver waits indefinitely for the fifo occupancy to go below a threshold\nas soon as the pacing interrupt is received. This can cause soft lockup on\none of the processors, if the rate of DB is very high.\n\nAdd a loop count for FPGA and exit the __wait_for_fifo_occupancy_below_th\nif the loop is taking more time. Pacing will be continuing until the\noccupancy is below the threshold. This is ensured by the checks in\nbnxt_re_pacing_timer_exp and further scheduling the work for pacing based\non the fifo occupancy.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50157",
"url": "https://www.suse.com/security/cve/CVE-2024-50157"
},
{
"category": "external",
"summary": "SUSE Bug 1233032 for CVE-2024-50157",
"url": "https://bugzilla.suse.com/1233032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50157"
},
{
"cve": "CVE-2024-50158",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50158"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Fix out of bound check\n\nDriver exports pacing stats only on GenP5 and P7 adapters. But while\nparsing the pacing stats, driver has a check for \"rdev-\u003edbr_pacing\". This\ncaused a trace when KASAN is enabled.\n\nBUG: KASAN: slab-out-of-bounds in bnxt_re_get_hw_stats+0x2b6a/0x2e00 [bnxt_re]\nWrite of size 8 at addr ffff8885942a6340 by task modprobe/4809",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50158",
"url": "https://www.suse.com/security/cve/CVE-2024-50158"
},
{
"category": "external",
"summary": "SUSE Bug 1233036 for CVE-2024-50158",
"url": "https://bugzilla.suse.com/1233036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50158"
},
{
"cve": "CVE-2024-50159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50159"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup()\n\nClang static checker(scan-build) throws below warning:\n | drivers/firmware/arm_scmi/driver.c:line 2915, column 2\n | Attempt to free released memory.\n\nWhen devm_add_action_or_reset() fails, scmi_debugfs_common_cleanup()\nwill run twice which causes double free of \u0027dbg-\u003ename\u0027.\n\nRemove the redundant scmi_debugfs_common_cleanup() to fix this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50159",
"url": "https://www.suse.com/security/cve/CVE-2024-50159"
},
{
"category": "external",
"summary": "SUSE Bug 1233041 for CVE-2024-50159",
"url": "https://bugzilla.suse.com/1233041"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50159"
},
{
"cve": "CVE-2024-50160",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50160"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda/cs8409: Fix possible NULL dereference\n\nIf snd_hda_gen_add_kctl fails to allocate memory and returns NULL, then\nNULL pointer dereference will occur in the next line.\n\nSince dolphin_fixups function is a hda_fixup function which is not supposed\nto return any errors, add simple check before dereference, ignore the fail.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50160",
"url": "https://www.suse.com/security/cve/CVE-2024-50160"
},
{
"category": "external",
"summary": "SUSE Bug 1233074 for CVE-2024-50160",
"url": "https://bugzilla.suse.com/1233074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50160"
},
{
"cve": "CVE-2024-50166",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50166"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfsl/fman: Fix refcount handling of fman-related devices\n\nIn mac_probe() there are multiple calls to of_find_device_by_node(),\nfman_bind() and fman_port_bind() which takes references to of_dev-\u003edev.\nNot all references taken by these calls are released later on error path\nin mac_probe() and in mac_remove() which lead to reference leaks.\n\nAdd references release.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50166",
"url": "https://www.suse.com/security/cve/CVE-2024-50166"
},
{
"category": "external",
"summary": "SUSE Bug 1233050 for CVE-2024-50166",
"url": "https://bugzilla.suse.com/1233050"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50166"
},
{
"cve": "CVE-2024-50167",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50167"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbe2net: fix potential memory leak in be_xmit()\n\nThe be_xmit() returns NETDEV_TX_OK without freeing skb\nin case of be_xmit_enqueue() fails, add dev_kfree_skb_any() to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50167",
"url": "https://www.suse.com/security/cve/CVE-2024-50167"
},
{
"category": "external",
"summary": "SUSE Bug 1233049 for CVE-2024-50167",
"url": "https://bugzilla.suse.com/1233049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50167"
},
{
"cve": "CVE-2024-50169",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50169"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Update rx_bytes on read_skb()\n\nMake sure virtio_transport_inc_rx_pkt() and virtio_transport_dec_rx_pkt()\ncalls are balanced (i.e. virtio_vsock_sock::rx_bytes doesn\u0027t lie) after\nvsock_transport::read_skb().\n\nWhile here, also inform the peer that we\u0027ve freed up space and it has more\ncredit.\n\nFailing to update rx_bytes after packet is dequeued leads to a warning on\nSOCK_STREAM recv():\n\n[ 233.396654] rx_queue is empty, but rx_bytes is non-zero\n[ 233.396702] WARNING: CPU: 11 PID: 40601 at net/vmw_vsock/virtio_transport_common.c:589",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50169",
"url": "https://www.suse.com/security/cve/CVE-2024-50169"
},
{
"category": "external",
"summary": "SUSE Bug 1233320 for CVE-2024-50169",
"url": "https://bugzilla.suse.com/1233320"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50169"
},
{
"cve": "CVE-2024-50171",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50171"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: systemport: fix potential memory leak in bcm_sysport_xmit()\n\nThe bcm_sysport_xmit() returns NETDEV_TX_OK without freeing skb\nin case of dma_map_single() fails, add dev_kfree_skb() to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50171",
"url": "https://www.suse.com/security/cve/CVE-2024-50171"
},
{
"category": "external",
"summary": "SUSE Bug 1233057 for CVE-2024-50171",
"url": "https://bugzilla.suse.com/1233057"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50171"
},
{
"cve": "CVE-2024-50172",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50172"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Fix a possible memory leak\n\nIn bnxt_re_setup_chip_ctx() when bnxt_qplib_map_db_bar() fails\ndriver is not freeing the memory allocated for \"rdev-\u003echip_ctx\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50172",
"url": "https://www.suse.com/security/cve/CVE-2024-50172"
},
{
"category": "external",
"summary": "SUSE Bug 1233029 for CVE-2024-50172",
"url": "https://bugzilla.suse.com/1233029"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50172"
},
{
"cve": "CVE-2024-50175",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50175"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: qcom: camss: Remove use_count guard in stop_streaming\n\nThe use_count check was introduced so that multiple concurrent Raw Data\nInterfaces RDIs could be driven by different virtual channels VCs on the\nCSIPHY input driving the video pipeline.\n\nThis is an invalid use of use_count though as use_count pertains to the\nnumber of times a video entity has been opened by user-space not the number\nof active streams.\n\nIf use_count and stream-on count don\u0027t agree then stop_streaming() will\nbreak as is currently the case and has become apparent when using CAMSS\nwith libcamera\u0027s released softisp 0.3.\n\nThe use of use_count like this is a bit hacky and right now breaks regular\nusage of CAMSS for a single stream case. Stopping qcam results in the splat\nbelow, and then it cannot be started again and any attempts to do so fails\nwith -EBUSY.\n\n[ 1265.509831] WARNING: CPU: 5 PID: 919 at drivers/media/common/videobuf2/videobuf2-core.c:2183 __vb2_queue_cancel+0x230/0x2c8 [videobuf2_common]\n...\n[ 1265.510630] Call trace:\n[ 1265.510636] __vb2_queue_cancel+0x230/0x2c8 [videobuf2_common]\n[ 1265.510648] vb2_core_streamoff+0x24/0xcc [videobuf2_common]\n[ 1265.510660] vb2_ioctl_streamoff+0x5c/0xa8 [videobuf2_v4l2]\n[ 1265.510673] v4l_streamoff+0x24/0x30 [videodev]\n[ 1265.510707] __video_do_ioctl+0x190/0x3f4 [videodev]\n[ 1265.510732] video_usercopy+0x304/0x8c4 [videodev]\n[ 1265.510757] video_ioctl2+0x18/0x34 [videodev]\n[ 1265.510782] v4l2_ioctl+0x40/0x60 [videodev]\n...\n[ 1265.510944] videobuf2_common: driver bug: stop_streaming operation is leaving buffer 0 in active state\n[ 1265.511175] videobuf2_common: driver bug: stop_streaming operation is leaving buffer 1 in active state\n[ 1265.511398] videobuf2_common: driver bug: stop_streaming operation is leaving buffer 2 in active st\n\nOne CAMSS specific way to handle multiple VCs on the same RDI might be:\n\n- Reference count each pipeline enable for CSIPHY, CSID, VFE and RDIx.\n- The video buffers are already associated with msm_vfeN_rdiX so\n release video buffers when told to do so by stop_streaming.\n- Only release the power-domains for the CSIPHY, CSID and VFE when\n their internal refcounts drop.\n\nEither way refusing to release video buffers based on use_count is\nerroneous and should be reverted. The silicon enabling code for selecting\nVCs is perfectly fine. Its a \"known missing feature\" that concurrent VCs\nwon\u0027t work with CAMSS right now.\n\nInitial testing with this code didn\u0027t show an error but, SoftISP and \"real\"\nusage with Google Hangouts breaks the upstream code pretty quickly, we need\nto do a partial revert and take another pass at VCs.\n\nThis commit partially reverts commit 89013969e232 (\"media: camss: sm8250:\nPipeline starting and stopping for multiple virtual channels\")",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50175",
"url": "https://www.suse.com/security/cve/CVE-2024-50175"
},
{
"category": "external",
"summary": "SUSE Bug 1233092 for CVE-2024-50175",
"url": "https://bugzilla.suse.com/1233092"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50175"
},
{
"cve": "CVE-2024-50176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50176"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: k3-r5: Fix error handling when power-up failed\n\nBy simply bailing out, the driver was violating its rule and internal\nassumptions that either both or no rproc should be initialized. E.g.,\nthis could cause the first core to be available but not the second one,\nleading to crashes on its shutdown later on while trying to dereference\nthat second instance.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50176",
"url": "https://www.suse.com/security/cve/CVE-2024-50176"
},
{
"category": "external",
"summary": "SUSE Bug 1233091 for CVE-2024-50176",
"url": "https://bugzilla.suse.com/1233091"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50176"
},
{
"cve": "CVE-2024-50177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50177"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix a UBSAN warning in DML2.1\n\nWhen programming phantom pipe, since cursor_width is explicity set to 0,\nthis causes calculation logic to trigger overflow for an unsigned int\ntriggering the kernel\u0027s UBSAN check as below:\n\n[ 40.962845] UBSAN: shift-out-of-bounds in /tmp/amd.EfpumTkO/amd/amdgpu/../display/dc/dml2/dml21/src/dml2_core/dml2_core_dcn4_calcs.c:3312:34\n[ 40.962849] shift exponent 4294967170 is too large for 32-bit type \u0027unsigned int\u0027\n[ 40.962852] CPU: 1 PID: 1670 Comm: gnome-shell Tainted: G W OE 6.5.0-41-generic #41~22.04.2-Ubuntu\n[ 40.962854] Hardware name: Gigabyte Technology Co., Ltd. X670E AORUS PRO X/X670E AORUS PRO X, BIOS F21 01/10/2024\n[ 40.962856] Call Trace:\n[ 40.962857] \u003cTASK\u003e\n[ 40.962860] dump_stack_lvl+0x48/0x70\n[ 40.962870] dump_stack+0x10/0x20\n[ 40.962872] __ubsan_handle_shift_out_of_bounds+0x1ac/0x360\n[ 40.962878] calculate_cursor_req_attributes.cold+0x1b/0x28 [amdgpu]\n[ 40.963099] dml_core_mode_support+0x6b91/0x16bc0 [amdgpu]\n[ 40.963327] ? srso_alias_return_thunk+0x5/0x7f\n[ 40.963331] ? CalculateWatermarksMALLUseAndDRAMSpeedChangeSupport+0x18b8/0x2790 [amdgpu]\n[ 40.963534] ? srso_alias_return_thunk+0x5/0x7f\n[ 40.963536] ? dml_core_mode_support+0xb3db/0x16bc0 [amdgpu]\n[ 40.963730] dml2_core_calcs_mode_support_ex+0x2c/0x90 [amdgpu]\n[ 40.963906] ? srso_alias_return_thunk+0x5/0x7f\n[ 40.963909] ? dml2_core_calcs_mode_support_ex+0x2c/0x90 [amdgpu]\n[ 40.964078] core_dcn4_mode_support+0x72/0xbf0 [amdgpu]\n[ 40.964247] dml2_top_optimization_perform_optimization_phase+0x1d3/0x2a0 [amdgpu]\n[ 40.964420] dml2_build_mode_programming+0x23d/0x750 [amdgpu]\n[ 40.964587] dml21_validate+0x274/0x770 [amdgpu]\n[ 40.964761] ? srso_alias_return_thunk+0x5/0x7f\n[ 40.964763] ? resource_append_dpp_pipes_for_plane_composition+0x27c/0x3b0 [amdgpu]\n[ 40.964942] dml2_validate+0x504/0x750 [amdgpu]\n[ 40.965117] ? dml21_copy+0x95/0xb0 [amdgpu]\n[ 40.965291] ? srso_alias_return_thunk+0x5/0x7f\n[ 40.965295] dcn401_validate_bandwidth+0x4e/0x70 [amdgpu]\n[ 40.965491] update_planes_and_stream_state+0x38d/0x5c0 [amdgpu]\n[ 40.965672] update_planes_and_stream_v3+0x52/0x1e0 [amdgpu]\n[ 40.965845] ? srso_alias_return_thunk+0x5/0x7f\n[ 40.965849] dc_update_planes_and_stream+0x71/0xb0 [amdgpu]\n\nFix this by adding a guard for checking cursor width before triggering\nthe size calculation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50177",
"url": "https://www.suse.com/security/cve/CVE-2024-50177"
},
{
"category": "external",
"summary": "SUSE Bug 1233115 for CVE-2024-50177",
"url": "https://bugzilla.suse.com/1233115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50177"
},
{
"cve": "CVE-2024-50179",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50179"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: remove the incorrect Fw reference check when dirtying pages\n\nWhen doing the direct-io reads it will also try to mark pages dirty,\nbut for the read path it won\u0027t hold the Fw caps and there is case\nwill it get the Fw reference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50179",
"url": "https://www.suse.com/security/cve/CVE-2024-50179"
},
{
"category": "external",
"summary": "SUSE Bug 1233123 for CVE-2024-50179",
"url": "https://bugzilla.suse.com/1233123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50179"
},
{
"cve": "CVE-2024-50180",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50180"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: sisfb: Fix strbuf array overflow\n\nThe values of the variables xres and yres are placed in strbuf.\nThese variables are obtained from strbuf1.\nThe strbuf1 array contains digit characters\nand a space if the array contains non-digit characters.\nThen, when executing sprintf(strbuf, \"%ux%ux8\", xres, yres);\nmore than 16 bytes will be written to strbuf.\nIt is suggested to increase the size of the strbuf array to 24.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50180",
"url": "https://www.suse.com/security/cve/CVE-2024-50180"
},
{
"category": "external",
"summary": "SUSE Bug 1233125 for CVE-2024-50180",
"url": "https://bugzilla.suse.com/1233125"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50180"
},
{
"cve": "CVE-2024-50181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50181"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50181",
"url": "https://www.suse.com/security/cve/CVE-2024-50181"
},
{
"category": "external",
"summary": "SUSE Bug 1233127 for CVE-2024-50181",
"url": "https://bugzilla.suse.com/1233127"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50181"
},
{
"cve": "CVE-2024-50182",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50182"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsecretmem: disable memfd_secret() if arch cannot set direct map\n\nReturn -ENOSYS from memfd_secret() syscall if !can_set_direct_map(). This\nis the case for example on some arm64 configurations, where marking 4k\nPTEs in the direct map not present can only be done if the direct map is\nset up at 4k granularity in the first place (as ARM\u0027s break-before-make\nsemantics do not easily allow breaking apart large/gigantic pages).\n\nMore precisely, on arm64 systems with !can_set_direct_map(),\nset_direct_map_invalid_noflush() is a no-op, however it returns success\n(0) instead of an error. This means that memfd_secret will seemingly\n\"work\" (e.g. syscall succeeds, you can mmap the fd and fault in pages),\nbut it does not actually achieve its goal of removing its memory from the\ndirect map.\n\nNote that with this patch, memfd_secret() will start erroring on systems\nwhere can_set_direct_map() returns false (arm64 with\nCONFIG_RODATA_FULL_DEFAULT_ENABLED=n, CONFIG_DEBUG_PAGEALLOC=n and\nCONFIG_KFENCE=n), but that still seems better than the current silent\nfailure. Since CONFIG_RODATA_FULL_DEFAULT_ENABLED defaults to \u0027y\u0027, most\narm64 systems actually have a working memfd_secret() and aren\u0027t be\naffected.\n\nFrom going through the iterations of the original memfd_secret patch\nseries, it seems that disabling the syscall in these scenarios was the\nintended behavior [1] (preferred over having\nset_direct_map_invalid_noflush return an error as that would result in\nSIGBUSes at page-fault time), however the check for it got dropped between\nv16 [2] and v17 [3], when secretmem moved away from CMA allocations.\n\n[1]: https://lore.kernel.org/lkml/20201124164930.GK8537@kernel.org/\n[2]: https://lore.kernel.org/lkml/20210121122723.3446-11-rppt@kernel.org/#t\n[3]: https://lore.kernel.org/lkml/20201125092208.12544-10-rppt@kernel.org/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50182",
"url": "https://www.suse.com/security/cve/CVE-2024-50182"
},
{
"category": "external",
"summary": "SUSE Bug 1233129 for CVE-2024-50182",
"url": "https://bugzilla.suse.com/1233129"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50182"
},
{
"cve": "CVE-2024-50183",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50183"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance\n\nDeleting an NPIV instance requires all fabric ndlps to be released before\nan NPIV\u0027s resources can be torn down. Failure to release fabric ndlps\nbeforehand opens kref imbalance race conditions. Fix by forcing the DA_ID\nto complete synchronously with usage of wait_queue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50183",
"url": "https://www.suse.com/security/cve/CVE-2024-50183"
},
{
"category": "external",
"summary": "SUSE Bug 1233130 for CVE-2024-50183",
"url": "https://bugzilla.suse.com/1233130"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50183"
},
{
"cve": "CVE-2024-50184",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50184"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_pmem: Check device status before requesting flush\n\nIf a pmem device is in a bad status, the driver side could wait for\nhost ack forever in virtio_pmem_flush(), causing the system to hang.\n\nSo add a status check in the beginning of virtio_pmem_flush() to return\nearly if the device is not activated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50184",
"url": "https://www.suse.com/security/cve/CVE-2024-50184"
},
{
"category": "external",
"summary": "SUSE Bug 1233135 for CVE-2024-50184",
"url": "https://bugzilla.suse.com/1233135"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50184"
},
{
"cve": "CVE-2024-50186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50186"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: explicitly clear the sk pointer, when pf-\u003ecreate fails\n\nWe have recently noticed the exact same KASAN splat as in commit\n6cd4a78d962b (\"net: do not leave a dangling sk pointer, when socket\ncreation fails\"). The problem is that commit did not fully address the\nproblem, as some pf-\u003ecreate implementations do not use sk_common_release\nin their error paths.\n\nFor example, we can use the same reproducer as in the above commit, but\nchanging ping to arping. arping uses AF_PACKET socket and if packet_create\nfails, it will just sk_free the allocated sk object.\n\nWhile we could chase all the pf-\u003ecreate implementations and make sure they\nNULL the freed sk object on error from the socket, we can\u0027t guarantee\nfuture protocols will not make the same mistake.\n\nSo it is easier to just explicitly NULL the sk pointer upon return from\npf-\u003ecreate in __sock_create. We do know that pf-\u003ecreate always releases the\nallocated sk object on error, so if the pointer is not NULL, it is\ndefinitely dangling.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50186",
"url": "https://www.suse.com/security/cve/CVE-2024-50186"
},
{
"category": "external",
"summary": "SUSE Bug 1233110 for CVE-2024-50186",
"url": "https://bugzilla.suse.com/1233110"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50186"
},
{
"cve": "CVE-2024-50187",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50187"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vc4: Stop the active perfmon before being destroyed\n\nUpon closing the file descriptor, the active performance monitor is not\nstopped. Although all perfmons are destroyed in `vc4_perfmon_close_file()`,\nthe active performance monitor\u0027s pointer (`vc4-\u003eactive_perfmon`) is still\nretained.\n\nIf we open a new file descriptor and submit a few jobs with performance\nmonitors, the driver will attempt to stop the active performance monitor\nusing the stale pointer in `vc4-\u003eactive_perfmon`. However, this pointer\nis no longer valid because the previous process has already terminated,\nand all performance monitors associated with it have been destroyed and\nfreed.\n\nTo fix this, when the active performance monitor belongs to a given\nprocess, explicitly stop it before destroying and freeing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50187",
"url": "https://www.suse.com/security/cve/CVE-2024-50187"
},
{
"category": "external",
"summary": "SUSE Bug 1233108 for CVE-2024-50187",
"url": "https://bugzilla.suse.com/1233108"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50187"
},
{
"cve": "CVE-2024-50188",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50188"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: dp83869: fix memory corruption when enabling fiber\n\nWhen configuring the fiber port, the DP83869 PHY driver incorrectly\ncalls linkmode_set_bit() with a bit mask (1 \u003c\u003c 10) rather than a bit\nnumber (10). This corrupts some other memory location -- in case of\narm64 the priv pointer in the same structure.\n\nSince the advertising flags are updated from supported at the end of the\nfunction the incorrect line isn\u0027t needed at all and can be removed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50188",
"url": "https://www.suse.com/security/cve/CVE-2024-50188"
},
{
"category": "external",
"summary": "SUSE Bug 1233107 for CVE-2024-50188",
"url": "https://bugzilla.suse.com/1233107"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50188"
},
{
"cve": "CVE-2024-50189",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50189"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: amd_sfh: Switch to device-managed dmam_alloc_coherent()\n\nUsing the device-managed version allows to simplify clean-up in probe()\nerror path.\n\nAdditionally, this device-managed ensures proper cleanup, which helps to\nresolve memory errors, page faults, btrfs going read-only, and btrfs\ndisk corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50189",
"url": "https://www.suse.com/security/cve/CVE-2024-50189"
},
{
"category": "external",
"summary": "SUSE Bug 1233105 for CVE-2024-50189",
"url": "https://bugzilla.suse.com/1233105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50189"
},
{
"cve": "CVE-2024-50192",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50192"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/gic-v4: Don\u0027t allow a VMOVP on a dying VPE\n\nKunkun Jiang reported that there is a small window of opportunity for\nuserspace to force a change of affinity for a VPE while the VPE has already\nbeen unmapped, but the corresponding doorbell interrupt still visible in\n/proc/irq/.\n\nPlug the race by checking the value of vmapp_count, which tracks whether\nthe VPE is mapped ot not, and returning an error in this case.\n\nThis involves making vmapp_count common to both GICv4.1 and its v4.0\nancestor.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50192",
"url": "https://www.suse.com/security/cve/CVE-2024-50192"
},
{
"category": "external",
"summary": "SUSE Bug 1233106 for CVE-2024-50192",
"url": "https://bugzilla.suse.com/1233106"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50192"
},
{
"cve": "CVE-2024-50194",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50194"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: probes: Fix uprobes for big-endian kernels\n\nThe arm64 uprobes code is broken for big-endian kernels as it doesn\u0027t\nconvert the in-memory instruction encoding (which is always\nlittle-endian) into the kernel\u0027s native endianness before analyzing and\nsimulating instructions. This may result in a few distinct problems:\n\n* The kernel may may erroneously reject probing an instruction which can\n safely be probed.\n\n* The kernel may erroneously erroneously permit stepping an\n instruction out-of-line when that instruction cannot be stepped\n out-of-line safely.\n\n* The kernel may erroneously simulate instruction incorrectly dur to\n interpretting the byte-swapped encoding.\n\nThe endianness mismatch isn\u0027t caught by the compiler or sparse because:\n\n* The arch_uprobe::{insn,ixol} fields are encoded as arrays of u8, so\n the compiler and sparse have no idea these contain a little-endian\n 32-bit value. The core uprobes code populates these with a memcpy()\n which similarly does not handle endianness.\n\n* While the uprobe_opcode_t type is an alias for __le32, both\n arch_uprobe_analyze_insn() and arch_uprobe_skip_sstep() cast from u8[]\n to the similarly-named probe_opcode_t, which is an alias for u32.\n Hence there is no endianness conversion warning.\n\nFix this by changing the arch_uprobe::{insn,ixol} fields to __le32 and\nadding the appropriate __le32_to_cpu() conversions prior to consuming\nthe instruction encoding. The core uprobes copies these fields as opaque\nranges of bytes, and so is unaffected by this change.\n\nAt the same time, remove MAX_UINSN_BYTES and consistently use\nAARCH64_INSN_SIZE for clarity.\n\nTested with the following:\n\n| #include \u003cstdio.h\u003e\n| #include \u003cstdbool.h\u003e\n|\n| #define noinline __attribute__((noinline))\n|\n| static noinline void *adrp_self(void)\n| {\n| void *addr;\n|\n| asm volatile(\n| \" adrp %x0, adrp_self\\n\"\n| \" add %x0, %x0, :lo12:adrp_self\\n\"\n| : \"=r\" (addr));\n| }\n|\n|\n| int main(int argc, char *argv)\n| {\n| void *ptr = adrp_self();\n| bool equal = (ptr == adrp_self);\n|\n| printf(\"adrp_self =\u003e %p\\n\"\n| \"adrp_self() =\u003e %p\\n\"\n| \"%s\\n\",\n| adrp_self, ptr, equal ? \"EQUAL\" : \"NOT EQUAL\");\n|\n| return 0;\n| }\n\n.... where the adrp_self() function was compiled to:\n\n| 00000000004007e0 \u003cadrp_self\u003e:\n| 4007e0: 90000000 adrp x0, 400000 \u003c__ehdr_start\u003e\n| 4007e4: 911f8000 add x0, x0, #0x7e0\n| 4007e8: d65f03c0 ret\n\nBefore this patch, the ADRP is not recognized, and is assumed to be\nsteppable, resulting in corruption of the result:\n\n| # ./adrp-self\n| adrp_self =\u003e 0x4007e0\n| adrp_self() =\u003e 0x4007e0\n| EQUAL\n| # echo \u0027p /root/adrp-self:0x007e0\u0027 \u003e /sys/kernel/tracing/uprobe_events\n| # echo 1 \u003e /sys/kernel/tracing/events/uprobes/enable\n| # ./adrp-self\n| adrp_self =\u003e 0x4007e0\n| adrp_self() =\u003e 0xffffffffff7e0\n| NOT EQUAL\n\nAfter this patch, the ADRP is correctly recognized and simulated:\n\n| # ./adrp-self\n| adrp_self =\u003e 0x4007e0\n| adrp_self() =\u003e 0x4007e0\n| EQUAL\n| #\n| # echo \u0027p /root/adrp-self:0x007e0\u0027 \u003e /sys/kernel/tracing/uprobe_events\n| # echo 1 \u003e /sys/kernel/tracing/events/uprobes/enable\n| # ./adrp-self\n| adrp_self =\u003e 0x4007e0\n| adrp_self() =\u003e 0x4007e0\n| EQUAL",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50194",
"url": "https://www.suse.com/security/cve/CVE-2024-50194"
},
{
"category": "external",
"summary": "SUSE Bug 1233111 for CVE-2024-50194",
"url": "https://bugzilla.suse.com/1233111"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50194"
},
{
"cve": "CVE-2024-50195",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50195"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nposix-clock: Fix missing timespec64 check in pc_clock_settime()\n\nAs Andrew pointed out, it will make sense that the PTP core\nchecked timespec64 struct\u0027s tv_sec and tv_nsec range before calling\nptp-\u003einfo-\u003esettime64().\n\nAs the man manual of clock_settime() said, if tp.tv_sec is negative or\ntp.tv_nsec is outside the range [0..999,999,999], it should return EINVAL,\nwhich include dynamic clocks which handles PTP clock, and the condition is\nconsistent with timespec64_valid(). As Thomas suggested, timespec64_valid()\nonly check the timespec is valid, but not ensure that the time is\nin a valid range, so check it ahead using timespec64_valid_strict()\nin pc_clock_settime() and return -EINVAL if not valid.\n\nThere are some drivers that use tp-\u003etv_sec and tp-\u003etv_nsec directly to\nwrite registers without validity checks and assume that the higher layer\nhas checked it, which is dangerous and will benefit from this, such as\nhclge_ptp_settime(), igb_ptp_settime_i210(), _rcar_gen4_ptp_settime(),\nand some drivers can remove the checks of itself.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50195",
"url": "https://www.suse.com/security/cve/CVE-2024-50195"
},
{
"category": "external",
"summary": "SUSE Bug 1233103 for CVE-2024-50195",
"url": "https://bugzilla.suse.com/1233103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50195"
},
{
"cve": "CVE-2024-50196",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50196"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: ocelot: fix system hang on level based interrupts\n\nThe current implementation only calls chained_irq_enter() and\nchained_irq_exit() if it detects pending interrupts.\n\n```\nfor (i = 0; i \u003c info-\u003estride; i++) {\n\turegmap_read(info-\u003emap, id_reg + 4 * i, \u0026reg);\n\tif (!reg)\n\t\tcontinue;\n\n\tchained_irq_enter(parent_chip, desc);\n```\n\nHowever, in case of GPIO pin configured in level mode and the parent\ncontroller configured in edge mode, GPIO interrupt might be lowered by the\nhardware. In the result, if the interrupt is short enough, the parent\ninterrupt is still pending while the GPIO interrupt is cleared;\nchained_irq_enter() never gets called and the system hangs trying to\nservice the parent interrupt.\n\nMoving chained_irq_enter() and chained_irq_exit() outside the for loop\nensures that they are called even when GPIO interrupt is lowered by the\nhardware.\n\nThe similar code with chained_irq_enter() / chained_irq_exit() functions\nwrapping interrupt checking loop may be found in many other drivers:\n```\ngrep -r -A 10 chained_irq_enter drivers/pinctrl\n```",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50196",
"url": "https://www.suse.com/security/cve/CVE-2024-50196"
},
{
"category": "external",
"summary": "SUSE Bug 1233113 for CVE-2024-50196",
"url": "https://bugzilla.suse.com/1233113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50196"
},
{
"cve": "CVE-2024-50198",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50198"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: light: veml6030: fix IIO device retrieval from embedded device\n\nThe dev pointer that is received as an argument in the\nin_illuminance_period_available_show function references the device\nembedded in the IIO device, not in the i2c client.\n\ndev_to_iio_dev() must be used to accessthe right data. The current\nimplementation leads to a segmentation fault on every attempt to read\nthe attribute because indio_dev gets a NULL assignment.\n\nThis bug has been present since the first appearance of the driver,\napparently since the last version (V6) before getting applied. A\nconstant attribute was used until then, and the last modifications might\nhave not been tested again.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50198",
"url": "https://www.suse.com/security/cve/CVE-2024-50198"
},
{
"category": "external",
"summary": "SUSE Bug 1233100 for CVE-2024-50198",
"url": "https://bugzilla.suse.com/1233100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50198"
},
{
"cve": "CVE-2024-50200",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50200"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmaple_tree: correct tree corruption on spanning store\n\nPatch series \"maple_tree: correct tree corruption on spanning store\", v3.\n\nThere has been a nasty yet subtle maple tree corruption bug that appears\nto have been in existence since the inception of the algorithm.\n\nThis bug seems far more likely to happen since commit f8d112a4e657\n(\"mm/mmap: avoid zeroing vma tree in mmap_region()\"), which is the point\nat which reports started to be submitted concerning this bug.\n\nWe were made definitely aware of the bug thanks to the kind efforts of\nBert Karwatzki who helped enormously in my being able to track this down\nand identify the cause of it.\n\nThe bug arises when an attempt is made to perform a spanning store across\ntwo leaf nodes, where the right leaf node is the rightmost child of the\nshared parent, AND the store completely consumes the right-mode node.\n\nThis results in mas_wr_spanning_store() mitakenly duplicating the new and\nexisting entries at the maximum pivot within the range, and thus maple\ntree corruption.\n\nThe fix patch corrects this by detecting this scenario and disallowing the\nmistaken duplicate copy.\n\nThe fix patch commit message goes into great detail as to how this occurs.\n\nThis series also includes a test which reliably reproduces the issue, and\nasserts that the fix works correctly.\n\nBert has kindly tested the fix and confirmed it resolved his issues. Also\nMikhail Gavrilov kindly reported what appears to be precisely the same\nbug, which this fix should also resolve.\n\n\nThis patch (of 2):\n\nThere has been a subtle bug present in the maple tree implementation from\nits inception.\n\nThis arises from how stores are performed - when a store occurs, it will\noverwrite overlapping ranges and adjust the tree as necessary to\naccommodate this.\n\nA range may always ultimately span two leaf nodes. In this instance we\nwalk the two leaf nodes, determine which elements are not overwritten to\nthe left and to the right of the start and end of the ranges respectively\nand then rebalance the tree to contain these entries and the newly\ninserted one.\n\nThis kind of store is dubbed a \u0027spanning store\u0027 and is implemented by\nmas_wr_spanning_store().\n\nIn order to reach this stage, mas_store_gfp() invokes\nmas_wr_preallocate(), mas_wr_store_type() and mas_wr_walk() in turn to\nwalk the tree and update the object (mas) to traverse to the location\nwhere the write should be performed, determining its store type.\n\nWhen a spanning store is required, this function returns false stopping at\nthe parent node which contains the target range, and mas_wr_store_type()\nmarks the mas-\u003estore_type as wr_spanning_store to denote this fact.\n\nWhen we go to perform the store in mas_wr_spanning_store(), we first\ndetermine the elements AFTER the END of the range we wish to store (that\nis, to the right of the entry to be inserted) - we do this by walking to\nthe NEXT pivot in the tree (i.e. r_mas.last + 1), starting at the node we\nhave just determined contains the range over which we intend to write.\n\nWe then turn our attention to the entries to the left of the entry we are\ninserting, whose state is represented by l_mas, and copy these into a \u0027big\nnode\u0027, which is a special node which contains enough slots to contain two\nleaf node\u0027s worth of data.\n\nWe then copy the entry we wish to store immediately after this - the copy\nand the insertion of the new entry is performed by mas_store_b_node().\n\nAfter this we copy the elements to the right of the end of the range which\nwe are inserting, if we have not exceeded the length of the node (i.e. \nr_mas.offset \u003c= r_mas.end).\n\nHerein lies the bug - under very specific circumstances, this logic can\nbreak and corrupt the maple tree.\n\nConsider the following tree:\n\nHeight\n 0 Root Node\n / \\\n pivot = 0xffff / \\ pivot = ULONG_MAX\n / \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50200",
"url": "https://www.suse.com/security/cve/CVE-2024-50200"
},
{
"category": "external",
"summary": "SUSE Bug 1233088 for CVE-2024-50200",
"url": "https://bugzilla.suse.com/1233088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50200"
},
{
"cve": "CVE-2024-50201",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50201"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: Fix encoder-\u003epossible_clones\n\nInclude the encoder itself in its possible_clones bitmask.\nIn the past nothing validated that drivers were populating\npossible_clones correctly, but that changed in commit\n74d2aacbe840 (\"drm: Validate encoder-\u003epossible_clones\").\nLooks like radeon never got the memo and is still not\nfollowing the rules 100% correctly.\n\nThis results in some warnings during driver initialization:\nBogus possible_clones: [ENCODER:46:TV-46] possible_clones=0x4 (full encoder mask=0x7)\nWARNING: CPU: 0 PID: 170 at drivers/gpu/drm/drm_mode_config.c:615 drm_mode_config_validate+0x113/0x39c\n...\n\n(cherry picked from commit 3b6e7d40649c0d75572039aff9d0911864c689db)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50201",
"url": "https://www.suse.com/security/cve/CVE-2024-50201"
},
{
"category": "external",
"summary": "SUSE Bug 1233104 for CVE-2024-50201",
"url": "https://bugzilla.suse.com/1233104"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50201"
},
{
"cve": "CVE-2024-50205",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50205"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()\n\nThe step variable is initialized to zero. It is changed in the loop,\nbut if it\u0027s not changed it will remain zero. Add a variable check\nbefore the division.\n\nThe observed behavior was introduced by commit 826b5de90c0b\n(\"ALSA: firewire-lib: fix insufficient PCM rule for period/buffer size\"),\nand it is difficult to show that any of the interval parameters will\nsatisfy the snd_interval_test() condition with data from the\namdtp_rate_table[] table.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50205",
"url": "https://www.suse.com/security/cve/CVE-2024-50205"
},
{
"category": "external",
"summary": "SUSE Bug 1233293 for CVE-2024-50205",
"url": "https://bugzilla.suse.com/1233293"
},
{
"category": "external",
"summary": "SUSE Bug 1233294 for CVE-2024-50205",
"url": "https://bugzilla.suse.com/1233294"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-50205"
},
{
"cve": "CVE-2024-50208",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50208"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages\n\nAvoid memory corruption while setting up Level-2 PBL pages for the non MR\nresources when num_pages \u003e 256K.\n\nThere will be a single PDE page address (contiguous pages in the case of \u003e\nPAGE_SIZE), but, current logic assumes multiple pages, leading to invalid\nmemory access after 256K PBL entries in the PDE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50208",
"url": "https://www.suse.com/security/cve/CVE-2024-50208"
},
{
"category": "external",
"summary": "SUSE Bug 1233117 for CVE-2024-50208",
"url": "https://bugzilla.suse.com/1233117"
},
{
"category": "external",
"summary": "SUSE Bug 1233118 for CVE-2024-50208",
"url": "https://bugzilla.suse.com/1233118"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-50208"
},
{
"cve": "CVE-2024-50209",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50209"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Add a check for memory allocation\n\n__alloc_pbl() can return error when memory allocation fails.\nDriver is not checking the status on one of the instances.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50209",
"url": "https://www.suse.com/security/cve/CVE-2024-50209"
},
{
"category": "external",
"summary": "SUSE Bug 1233114 for CVE-2024-50209",
"url": "https://bugzilla.suse.com/1233114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50209"
},
{
"cve": "CVE-2024-50210",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50210"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nposix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()\n\nIf get_clock_desc() succeeds, it calls fget() for the clockid\u0027s fd,\nand get the clk-\u003erwsem read lock, so the error path should release\nthe lock to make the lock balance and fput the clockid\u0027s fd to make\nthe refcount balance and release the fd related resource.\n\nHowever the below commit left the error path locked behind resulting in\nunbalanced locking. Check timespec64_valid_strict() before\nget_clock_desc() to fix it, because the \"ts\" is not changed\nafter that.\n\n[pabeni@redhat.com: fixed commit message typo]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50210",
"url": "https://www.suse.com/security/cve/CVE-2024-50210"
},
{
"category": "external",
"summary": "SUSE Bug 1233097 for CVE-2024-50210",
"url": "https://bugzilla.suse.com/1233097"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50210"
},
{
"cve": "CVE-2024-50215",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50215"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-auth: assign dh_key to NULL after kfree_sensitive\n\nctrl-\u003edh_key might be used across multiple calls to nvmet_setup_dhgroup()\nfor the same controller. So it\u0027s better to nullify it after release on\nerror path in order to avoid double free later in nvmet_destroy_auth().\n\nFound by Linux Verification Center (linuxtesting.org) with Svace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50215",
"url": "https://www.suse.com/security/cve/CVE-2024-50215"
},
{
"category": "external",
"summary": "SUSE Bug 1233189 for CVE-2024-50215",
"url": "https://bugzilla.suse.com/1233189"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50215"
},
{
"cve": "CVE-2024-50216",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50216"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: fix finding a last resort AG in xfs_filestream_pick_ag\n\nWhen the main loop in xfs_filestream_pick_ag fails to find a suitable\nAG it tries to just pick the online AG. But the loop for that uses\nargs-\u003epag as loop iterator while the later code expects pag to be\nset. Fix this by reusing the max_pag case for this last resort, and\nalso add a check for impossible case of no AG just to make sure that\nthe uninitialized pag doesn\u0027t even escape in theory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50216",
"url": "https://www.suse.com/security/cve/CVE-2024-50216"
},
{
"category": "external",
"summary": "SUSE Bug 1233179 for CVE-2024-50216",
"url": "https://bugzilla.suse.com/1233179"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50216"
},
{
"cve": "CVE-2024-50218",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50218"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: pass u64 to ocfs2_truncate_inline maybe overflow\n\nSyzbot reported a kernel BUG in ocfs2_truncate_inline. There are two\nreasons for this: first, the parameter value passed is greater than\nocfs2_max_inline_data_with_xattr, second, the start and end parameters of\nocfs2_truncate_inline are \"unsigned int\".\n\nSo, we need to add a sanity check for byte_start and byte_len right before\nocfs2_truncate_inline() in ocfs2_remove_inode_range(), if they are greater\nthan ocfs2_max_inline_data_with_xattr return -EINVAL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50218",
"url": "https://www.suse.com/security/cve/CVE-2024-50218"
},
{
"category": "external",
"summary": "SUSE Bug 1233191 for CVE-2024-50218",
"url": "https://bugzilla.suse.com/1233191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50218"
},
{
"cve": "CVE-2024-50221",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50221"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Vangogh: Fix kernel memory out of bounds write\n\nKASAN reports that the GPU metrics table allocated in\nvangogh_tables_init() is not large enough for the memset done in\nsmu_cmn_init_soft_gpu_metrics(). Condensed report follows:\n\n[ 33.861314] BUG: KASAN: slab-out-of-bounds in smu_cmn_init_soft_gpu_metrics+0x73/0x200 [amdgpu]\n[ 33.861799] Write of size 168 at addr ffff888129f59500 by task mangoapp/1067\n...\n[ 33.861808] CPU: 6 UID: 1000 PID: 1067 Comm: mangoapp Tainted: G W 6.12.0-rc4 #356 1a56f59a8b5182eeaf67eb7cb8b13594dd23b544\n[ 33.861816] Tainted: [W]=WARN\n[ 33.861818] Hardware name: Valve Galileo/Galileo, BIOS F7G0107 12/01/2023\n[ 33.861822] Call Trace:\n[ 33.861826] \u003cTASK\u003e\n[ 33.861829] dump_stack_lvl+0x66/0x90\n[ 33.861838] print_report+0xce/0x620\n[ 33.861853] kasan_report+0xda/0x110\n[ 33.862794] kasan_check_range+0xfd/0x1a0\n[ 33.862799] __asan_memset+0x23/0x40\n[ 33.862803] smu_cmn_init_soft_gpu_metrics+0x73/0x200 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779]\n[ 33.863306] vangogh_get_gpu_metrics_v2_4+0x123/0xad0 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779]\n[ 33.864257] vangogh_common_get_gpu_metrics+0xb0c/0xbc0 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779]\n[ 33.865682] amdgpu_dpm_get_gpu_metrics+0xcc/0x110 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779]\n[ 33.866160] amdgpu_get_gpu_metrics+0x154/0x2d0 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779]\n[ 33.867135] dev_attr_show+0x43/0xc0\n[ 33.867147] sysfs_kf_seq_show+0x1f1/0x3b0\n[ 33.867155] seq_read_iter+0x3f8/0x1140\n[ 33.867173] vfs_read+0x76c/0xc50\n[ 33.867198] ksys_read+0xfb/0x1d0\n[ 33.867214] do_syscall_64+0x90/0x160\n...\n[ 33.867353] Allocated by task 378 on cpu 7 at 22.794876s:\n[ 33.867358] kasan_save_stack+0x33/0x50\n[ 33.867364] kasan_save_track+0x17/0x60\n[ 33.867367] __kasan_kmalloc+0x87/0x90\n[ 33.867371] vangogh_init_smc_tables+0x3f9/0x840 [amdgpu]\n[ 33.867835] smu_sw_init+0xa32/0x1850 [amdgpu]\n[ 33.868299] amdgpu_device_init+0x467b/0x8d90 [amdgpu]\n[ 33.868733] amdgpu_driver_load_kms+0x19/0xf0 [amdgpu]\n[ 33.869167] amdgpu_pci_probe+0x2d6/0xcd0 [amdgpu]\n[ 33.869608] local_pci_probe+0xda/0x180\n[ 33.869614] pci_device_probe+0x43f/0x6b0\n\nEmpirically we can confirm that the former allocates 152 bytes for the\ntable, while the latter memsets the 168 large block.\n\nRoot cause appears that when GPU metrics tables for v2_4 parts were added\nit was not considered to enlarge the table to fit.\n\nThe fix in this patch is rather \"brute force\" and perhaps later should be\ndone in a smarter way, by extracting and consolidating the part version to\nsize logic to a common helper, instead of brute forcing the largest\npossible allocation. Nevertheless, for now this works and fixes the out of\nbounds write.\n\nv2:\n * Drop impossible v3_0 case. (Mario)\n\n(cherry picked from commit 0880f58f9609f0200483a49429af0f050d281703)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50221",
"url": "https://www.suse.com/security/cve/CVE-2024-50221"
},
{
"category": "external",
"summary": "SUSE Bug 1233185 for CVE-2024-50221",
"url": "https://bugzilla.suse.com/1233185"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50221"
},
{
"cve": "CVE-2024-50224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50224"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: spi-fsl-dspi: Fix crash when not using GPIO chip select\n\nAdd check for the return value of spi_get_csgpiod() to avoid passing a NULL\npointer to gpiod_direction_output(), preventing a crash when GPIO chip\nselect is not used.\n\nFix below crash:\n[ 4.251960] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[ 4.260762] Mem abort info:\n[ 4.263556] ESR = 0x0000000096000004\n[ 4.267308] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 4.272624] SET = 0, FnV = 0\n[ 4.275681] EA = 0, S1PTW = 0\n[ 4.278822] FSC = 0x04: level 0 translation fault\n[ 4.283704] Data abort info:\n[ 4.286583] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[ 4.292074] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 4.297130] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 4.302445] [0000000000000000] user address but active_mm is swapper\n[ 4.308805] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 4.315072] Modules linked in:\n[ 4.318124] CPU: 2 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-rc4-next-20241023-00008-ga20ec42c5fc1 #359\n[ 4.328130] Hardware name: LS1046A QDS Board (DT)\n[ 4.332832] pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 4.339794] pc : gpiod_direction_output+0x34/0x5c\n[ 4.344505] lr : gpiod_direction_output+0x18/0x5c\n[ 4.349208] sp : ffff80008003b8f0\n[ 4.352517] x29: ffff80008003b8f0 x28: 0000000000000000 x27: ffffc96bcc7e9068\n[ 4.359659] x26: ffffc96bcc6e00b0 x25: ffffc96bcc598398 x24: ffff447400132810\n[ 4.366800] x23: 0000000000000000 x22: 0000000011e1a300 x21: 0000000000020002\n[ 4.373940] x20: 0000000000000000 x19: 0000000000000000 x18: ffffffffffffffff\n[ 4.381081] x17: ffff44740016e600 x16: 0000000500000003 x15: 0000000000000007\n[ 4.388221] x14: 0000000000989680 x13: 0000000000020000 x12: 000000000000001e\n[ 4.395362] x11: 0044b82fa09b5a53 x10: 0000000000000019 x9 : 0000000000000008\n[ 4.402502] x8 : 0000000000000002 x7 : 0000000000000007 x6 : 0000000000000000\n[ 4.409641] x5 : 0000000000000200 x4 : 0000000002000000 x3 : 0000000000000000\n[ 4.416781] x2 : 0000000000022202 x1 : 0000000000000000 x0 : 0000000000000000\n[ 4.423921] Call trace:\n[ 4.426362] gpiod_direction_output+0x34/0x5c (P)\n[ 4.431067] gpiod_direction_output+0x18/0x5c (L)\n[ 4.435771] dspi_setup+0x220/0x334",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50224",
"url": "https://www.suse.com/security/cve/CVE-2024-50224"
},
{
"category": "external",
"summary": "SUSE Bug 1233188 for CVE-2024-50224",
"url": "https://bugzilla.suse.com/1233188"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50224"
},
{
"cve": "CVE-2024-50225",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50225"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix error propagation of split bios\n\nThe purpose of btrfs_bbio_propagate_error() shall be propagating an error\nof split bio to its original btrfs_bio, and tell the error to the upper\nlayer. However, it\u0027s not working well on some cases.\n\n* Case 1. Immediate (or quick) end_bio with an error\n\nWhen btrfs sends btrfs_bio to mirrored devices, btrfs calls\nbtrfs_bio_end_io() when all the mirroring bios are completed. If that\nbtrfs_bio was split, it is from btrfs_clone_bioset and its end_io function\nis btrfs_orig_write_end_io. For this case, btrfs_bbio_propagate_error()\naccesses the orig_bbio\u0027s bio context to increase the error count.\n\nThat works well in most cases. However, if the end_io is called enough\nfast, orig_bbio\u0027s (remaining part after split) bio context may not be\nproperly set at that time. Since the bio context is set when the orig_bbio\n(the last btrfs_bio) is sent to devices, that might be too late for earlier\nsplit btrfs_bio\u0027s completion. That will result in NULL pointer\ndereference.\n\nThat bug is easily reproducible by running btrfs/146 on zoned devices [1]\nand it shows the following trace.\n\n[1] You need raid-stripe-tree feature as it create \"-d raid0 -m raid1\" FS.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000020\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] PREEMPT SMP PTI\n CPU: 1 UID: 0 PID: 13 Comm: kworker/u32:1 Not tainted 6.11.0-rc7-BTRFS-ZNS+ #474\n Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011\n Workqueue: writeback wb_workfn (flush-btrfs-5)\n RIP: 0010:btrfs_bio_end_io+0xae/0xc0 [btrfs]\n BTRFS error (device dm-0): bdev /dev/mapper/error-test errs: wr 2, rd 0, flush 0, corrupt 0, gen 0\n RSP: 0018:ffffc9000006f248 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: ffff888005a7f080 RCX: ffffc9000006f1dc\n RDX: 0000000000000000 RSI: 000000000000000a RDI: ffff888005a7f080\n RBP: ffff888011dfc540 R08: 0000000000000000 R09: 0000000000000001\n R10: ffffffff82e508e0 R11: 0000000000000005 R12: ffff88800ddfbe58\n R13: ffff888005a7f080 R14: ffff888005a7f158 R15: ffff888005a7f158\n FS: 0000000000000000(0000) GS:ffff88803ea80000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000020 CR3: 0000000002e22006 CR4: 0000000000370ef0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n ? __die_body.cold+0x19/0x26\n ? page_fault_oops+0x13e/0x2b0\n ? _printk+0x58/0x73\n ? do_user_addr_fault+0x5f/0x750\n ? exc_page_fault+0x76/0x240\n ? asm_exc_page_fault+0x22/0x30\n ? btrfs_bio_end_io+0xae/0xc0 [btrfs]\n ? btrfs_log_dev_io_error+0x7f/0x90 [btrfs]\n btrfs_orig_write_end_io+0x51/0x90 [btrfs]\n dm_submit_bio+0x5c2/0xa50 [dm_mod]\n ? find_held_lock+0x2b/0x80\n ? blk_try_enter_queue+0x90/0x1e0\n __submit_bio+0xe0/0x130\n ? ktime_get+0x10a/0x160\n ? lockdep_hardirqs_on+0x74/0x100\n submit_bio_noacct_nocheck+0x199/0x410\n btrfs_submit_bio+0x7d/0x150 [btrfs]\n btrfs_submit_chunk+0x1a1/0x6d0 [btrfs]\n ? lockdep_hardirqs_on+0x74/0x100\n ? __folio_start_writeback+0x10/0x2c0\n btrfs_submit_bbio+0x1c/0x40 [btrfs]\n submit_one_bio+0x44/0x60 [btrfs]\n submit_extent_folio+0x13f/0x330 [btrfs]\n ? btrfs_set_range_writeback+0xa3/0xd0 [btrfs]\n extent_writepage_io+0x18b/0x360 [btrfs]\n extent_write_locked_range+0x17c/0x340 [btrfs]\n ? __pfx_end_bbio_data_write+0x10/0x10 [btrfs]\n run_delalloc_cow+0x71/0xd0 [btrfs]\n btrfs_run_delalloc_range+0x176/0x500 [btrfs]\n ? find_lock_delalloc_range+0x119/0x260 [btrfs]\n writepage_delalloc+0x2ab/0x480 [btrfs]\n extent_write_cache_pages+0x236/0x7d0 [btrfs]\n btrfs_writepages+0x72/0x130 [btrfs]\n do_writepages+0xd4/0x240\n ? find_held_lock+0x2b/0x80\n ? wbc_attach_and_unlock_inode+0x12c/0x290\n ? wbc_attach_and_unlock_inode+0x12c/0x29\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50225",
"url": "https://www.suse.com/security/cve/CVE-2024-50225"
},
{
"category": "external",
"summary": "SUSE Bug 1233193 for CVE-2024-50225",
"url": "https://bugzilla.suse.com/1233193"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50225"
},
{
"cve": "CVE-2024-50228",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50228"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50228",
"url": "https://www.suse.com/security/cve/CVE-2024-50228"
},
{
"category": "external",
"summary": "SUSE Bug 1233204 for CVE-2024-50228",
"url": "https://bugzilla.suse.com/1233204"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50228"
},
{
"cve": "CVE-2024-50229",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50229"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential deadlock with newly created symlinks\n\nSyzbot reported that page_symlink(), called by nilfs_symlink(), triggers\nmemory reclamation involving the filesystem layer, which can result in\ncircular lock dependencies among the reader/writer semaphore\nnilfs-\u003ens_segctor_sem, s_writers percpu_rwsem (intwrite) and the\nfs_reclaim pseudo lock.\n\nThis is because after commit 21fc61c73c39 (\"don\u0027t put symlink bodies in\npagecache into highmem\"), the gfp flags of the page cache for symbolic\nlinks are overwritten to GFP_KERNEL via inode_nohighmem().\n\nThis is not a problem for symlinks read from the backing device, because\nthe __GFP_FS flag is dropped after inode_nohighmem() is called. However,\nwhen a new symlink is created with nilfs_symlink(), the gfp flags remain\noverwritten to GFP_KERNEL. Then, memory allocation called from\npage_symlink() etc. triggers memory reclamation including the FS layer,\nwhich may call nilfs_evict_inode() or nilfs_dirty_inode(). And these can\ncause a deadlock if they are called while nilfs-\u003ens_segctor_sem is held:\n\nFix this issue by dropping the __GFP_FS flag from the page cache GFP flags\nof newly created symlinks in the same way that nilfs_new_inode() and\n__nilfs_read_inode() do, as a workaround until we adopt nofs allocation\nscope consistently or improve the locking constraints.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50229",
"url": "https://www.suse.com/security/cve/CVE-2024-50229"
},
{
"category": "external",
"summary": "SUSE Bug 1233205 for CVE-2024-50229",
"url": "https://bugzilla.suse.com/1233205"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50229"
},
{
"cve": "CVE-2024-50230",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50230"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix kernel bug due to missing clearing of checked flag\n\nSyzbot reported that in directory operations after nilfs2 detects\nfilesystem corruption and degrades to read-only,\n__block_write_begin_int(), which is called to prepare block writes, may\nfail the BUG_ON check for accesses exceeding the folio/page size,\ntriggering a kernel bug.\n\nThis was found to be because the \"checked\" flag of a page/folio was not\ncleared when it was discarded by nilfs2\u0027s own routine, which causes the\nsanity check of directory entries to be skipped when the directory\npage/folio is reloaded. So, fix that.\n\nThis was necessary when the use of nilfs2\u0027s own page discard routine was\napplied to more than just metadata files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50230",
"url": "https://www.suse.com/security/cve/CVE-2024-50230"
},
{
"category": "external",
"summary": "SUSE Bug 1233206 for CVE-2024-50230",
"url": "https://bugzilla.suse.com/1233206"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50230"
},
{
"cve": "CVE-2024-50231",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50231"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table()\n\nmodprobe iio-test-gts and rmmod it, then the following memory leak\noccurs:\n\n\tunreferenced object 0xffffff80c810be00 (size 64):\n\t comm \"kunit_try_catch\", pid 1654, jiffies 4294913981\n\t hex dump (first 32 bytes):\n\t 02 00 00 00 08 00 00 00 20 00 00 00 40 00 00 00 ........ ...@...\n\t 80 00 00 00 00 02 00 00 00 04 00 00 00 08 00 00 ................\n\t backtrace (crc a63d875e):\n\t [\u003c0000000028c1b3c2\u003e] kmemleak_alloc+0x34/0x40\n\t [\u003c000000001d6ecc87\u003e] __kmalloc_noprof+0x2bc/0x3c0\n\t [\u003c00000000393795c1\u003e] devm_iio_init_iio_gts+0x4b4/0x16f4\n\t [\u003c0000000071bb4b09\u003e] 0xffffffdf052a62e0\n\t [\u003c000000000315bc18\u003e] 0xffffffdf052a6488\n\t [\u003c00000000f9dc55b5\u003e] kunit_try_run_case+0x13c/0x3ac\n\t [\u003c00000000175a3fd4\u003e] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t [\u003c00000000f505065d\u003e] kthread+0x2e8/0x374\n\t [\u003c00000000bbfb0e5d\u003e] ret_from_fork+0x10/0x20\n\tunreferenced object 0xffffff80cbfe9e70 (size 16):\n\t comm \"kunit_try_catch\", pid 1658, jiffies 4294914015\n\t hex dump (first 16 bytes):\n\t 10 00 00 00 40 00 00 00 80 00 00 00 00 00 00 00 ....@...........\n\t backtrace (crc 857f0cb4):\n\t [\u003c0000000028c1b3c2\u003e] kmemleak_alloc+0x34/0x40\n\t [\u003c000000001d6ecc87\u003e] __kmalloc_noprof+0x2bc/0x3c0\n\t [\u003c00000000393795c1\u003e] devm_iio_init_iio_gts+0x4b4/0x16f4\n\t [\u003c0000000071bb4b09\u003e] 0xffffffdf052a62e0\n\t [\u003c000000007d089d45\u003e] 0xffffffdf052a6864\n\t [\u003c00000000f9dc55b5\u003e] kunit_try_run_case+0x13c/0x3ac\n\t [\u003c00000000175a3fd4\u003e] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t [\u003c00000000f505065d\u003e] kthread+0x2e8/0x374\n\t [\u003c00000000bbfb0e5d\u003e] ret_from_fork+0x10/0x20\n\t......\n\nIt includes 5*5 times \"size 64\" memory leaks, which correspond to 5 times\ntest_init_iio_gain_scale() calls with gts_test_gains size 10 (10*size(int))\nand gts_test_itimes size 5. It also includes 5*1 times \"size 16\"\nmemory leak, which correspond to one time __test_init_iio_gain_scale()\ncall with gts_test_gains_gain_low size 3 (3*size(int)) and gts_test_itimes\nsize 5.\n\nThe reason is that the per_time_gains[i] is not freed which is allocated in\nthe \"gts-\u003enum_itime\" for loop in iio_gts_build_avail_scale_table().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50231",
"url": "https://www.suse.com/security/cve/CVE-2024-50231"
},
{
"category": "external",
"summary": "SUSE Bug 1233208 for CVE-2024-50231",
"url": "https://bugzilla.suse.com/1233208"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50231"
},
{
"cve": "CVE-2024-50232",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50232"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: ad7124: fix division by zero in ad7124_set_channel_odr()\n\nIn the ad7124_write_raw() function, parameter val can potentially\nbe zero. This may lead to a division by zero when DIV_ROUND_CLOSEST()\nis called within ad7124_set_channel_odr(). The ad7124_write_raw()\nfunction is invoked through the sequence: iio_write_channel_raw() -\u003e\niio_write_channel_attribute() -\u003e iio_channel_write(), with no checks\nin place to ensure val is non-zero.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50232",
"url": "https://www.suse.com/security/cve/CVE-2024-50232"
},
{
"category": "external",
"summary": "SUSE Bug 1233209 for CVE-2024-50232",
"url": "https://bugzilla.suse.com/1233209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50232"
},
{
"cve": "CVE-2024-50233",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50233"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg()\n\nIn the ad9832_write_frequency() function, clk_get_rate() might return 0.\nThis can lead to a division by zero when calling ad9832_calc_freqreg().\nThe check if (fout \u003e (clk_get_rate(st-\u003emclk) / 2)) does not protect\nagainst the case when fout is 0. The ad9832_write_frequency() function\nis called from ad9832_write(), and fout is derived from a text buffer,\nwhich can contain any value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50233",
"url": "https://www.suse.com/security/cve/CVE-2024-50233"
},
{
"category": "external",
"summary": "SUSE Bug 1233210 for CVE-2024-50233",
"url": "https://bugzilla.suse.com/1233210"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50233"
},
{
"cve": "CVE-2024-50234",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50234"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlegacy: Clear stale interrupts before resuming device\n\niwl4965 fails upon resume from hibernation on my laptop. The reason\nseems to be a stale interrupt which isn\u0027t being cleared out before\ninterrupts are enabled. We end up with a race beween the resume\ntrying to bring things back up, and the restart work (queued form\nthe interrupt handler) trying to bring things down. Eventually\nthe whole thing blows up.\n\nFix the problem by clearing out any stale interrupts before\ninterrupts get enabled during resume.\n\nHere\u0027s a debug log of the indicent:\n[ 12.042589] ieee80211 phy0: il_isr ISR inta 0x00000080, enabled 0xaa00008b, fh 0x00000000\n[ 12.042625] ieee80211 phy0: il4965_irq_tasklet inta 0x00000080, enabled 0x00000000, fh 0x00000000\n[ 12.042651] iwl4965 0000:10:00.0: RF_KILL bit toggled to enable radio.\n[ 12.042653] iwl4965 0000:10:00.0: On demand firmware reload\n[ 12.042690] ieee80211 phy0: il4965_irq_tasklet End inta 0x00000000, enabled 0xaa00008b, fh 0x00000000, flags 0x00000282\n[ 12.052207] ieee80211 phy0: il4965_mac_start enter\n[ 12.052212] ieee80211 phy0: il_prep_station Add STA to driver ID 31: ff:ff:ff:ff:ff:ff\n[ 12.052244] ieee80211 phy0: il4965_set_hw_ready hardware ready\n[ 12.052324] ieee80211 phy0: il_apm_init Init card\u0027s basic functions\n[ 12.052348] ieee80211 phy0: il_apm_init L1 Enabled; Disabling L0S\n[ 12.055727] ieee80211 phy0: il4965_load_bsm Begin load bsm\n[ 12.056140] ieee80211 phy0: il4965_verify_bsm Begin verify bsm\n[ 12.058642] ieee80211 phy0: il4965_verify_bsm BSM bootstrap uCode image OK\n[ 12.058721] ieee80211 phy0: il4965_load_bsm BSM write complete, poll 1 iterations\n[ 12.058734] ieee80211 phy0: __il4965_up iwl4965 is coming up\n[ 12.058737] ieee80211 phy0: il4965_mac_start Start UP work done.\n[ 12.058757] ieee80211 phy0: __il4965_down iwl4965 is going down\n[ 12.058761] ieee80211 phy0: il_scan_cancel_timeout Scan cancel timeout\n[ 12.058762] ieee80211 phy0: il_do_scan_abort Not performing scan to abort\n[ 12.058765] ieee80211 phy0: il_clear_ucode_stations Clearing ucode stations in driver\n[ 12.058767] ieee80211 phy0: il_clear_ucode_stations No active stations found to be cleared\n[ 12.058819] ieee80211 phy0: _il_apm_stop Stop card, put in low power state\n[ 12.058827] ieee80211 phy0: _il_apm_stop_master stop master\n[ 12.058864] ieee80211 phy0: il4965_clear_free_frames 0 frames on pre-allocated heap on clear.\n[ 12.058869] ieee80211 phy0: Hardware restart was requested\n[ 16.132299] iwl4965 0000:10:00.0: START_ALIVE timeout after 4000ms.\n[ 16.132303] ------------[ cut here ]------------\n[ 16.132304] Hardware became unavailable upon resume. This could be a software issue prior to suspend or a hardware issue.\n[ 16.132338] WARNING: CPU: 0 PID: 181 at net/mac80211/util.c:1826 ieee80211_reconfig+0x8f/0x14b0 [mac80211]\n[ 16.132390] Modules linked in: ctr ccm sch_fq_codel xt_tcpudp xt_multiport xt_state iptable_filter iptable_nat nf_nat nf_conntrack nf_defrag_ipv4 ip_tables x_tables binfmt_misc joydev mousedev btusb btrtl btintel btbcm bluetooth ecdh_generic ecc iTCO_wdt i2c_dev iwl4965 iwlegacy coretemp snd_hda_codec_analog pcspkr psmouse mac80211 snd_hda_codec_generic libarc4 sdhci_pci cqhci sha256_generic sdhci libsha256 firewire_ohci snd_hda_intel snd_intel_dspcfg mmc_core snd_hda_codec snd_hwdep firewire_core led_class iosf_mbi snd_hda_core uhci_hcd lpc_ich crc_itu_t cfg80211 ehci_pci ehci_hcd snd_pcm usbcore mfd_core rfkill snd_timer snd usb_common soundcore video parport_pc parport intel_agp wmi intel_gtt backlight e1000e agpgart evdev\n[ 16.132456] CPU: 0 UID: 0 PID: 181 Comm: kworker/u8:6 Not tainted 6.11.0-cl+ #143\n[ 16.132460] Hardware name: Hewlett-Packard HP Compaq 6910p/30BE, BIOS 68MCU Ver. F.19 07/06/2010\n[ 16.132463] Workqueue: async async_run_entry_fn\n[ 16.132469] RIP: 0010:ieee80211_reconfig+0x8f/0x14b0 [mac80211]\n[ 16.132501] Code: da 02 00 0\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50234",
"url": "https://www.suse.com/security/cve/CVE-2024-50234"
},
{
"category": "external",
"summary": "SUSE Bug 1233211 for CVE-2024-50234",
"url": "https://bugzilla.suse.com/1233211"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50234"
},
{
"cve": "CVE-2024-50235",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50235"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: clear wdev-\u003ecqm_config pointer on free\n\nWhen we free wdev-\u003ecqm_config when unregistering, we also\nneed to clear out the pointer since the same wdev/netdev\nmay get re-registered in another network namespace, then\ndestroyed later, running this code again, which results in\na double-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50235",
"url": "https://www.suse.com/security/cve/CVE-2024-50235"
},
{
"category": "external",
"summary": "SUSE Bug 1233176 for CVE-2024-50235",
"url": "https://bugzilla.suse.com/1233176"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50235"
},
{
"cve": "CVE-2024-50236",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50236"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath10k: Fix memory leak in management tx\n\nIn the current logic, memory is allocated for storing the MSDU context\nduring management packet TX but this memory is not being freed during\nmanagement TX completion. Similar leaks are seen in the management TX\ncleanup logic.\n\nKmemleak reports this problem as below,\n\nunreferenced object 0xffffff80b64ed250 (size 16):\n comm \"kworker/u16:7\", pid 148, jiffies 4294687130 (age 714.199s)\n hex dump (first 16 bytes):\n 00 2b d8 d8 80 ff ff ff c4 74 e9 fd 07 00 00 00 .+.......t......\n backtrace:\n [\u003cffffffe6e7b245dc\u003e] __kmem_cache_alloc_node+0x1e4/0x2d8\n [\u003cffffffe6e7adde88\u003e] kmalloc_trace+0x48/0x110\n [\u003cffffffe6bbd765fc\u003e] ath10k_wmi_tlv_op_gen_mgmt_tx_send+0xd4/0x1d8 [ath10k_core]\n [\u003cffffffe6bbd3eed4\u003e] ath10k_mgmt_over_wmi_tx_work+0x134/0x298 [ath10k_core]\n [\u003cffffffe6e78d5974\u003e] process_scheduled_works+0x1ac/0x400\n [\u003cffffffe6e78d60b8\u003e] worker_thread+0x208/0x328\n [\u003cffffffe6e78dc890\u003e] kthread+0x100/0x1c0\n [\u003cffffffe6e78166c0\u003e] ret_from_fork+0x10/0x20\n\nFree the memory during completion and cleanup to fix the leak.\n\nProtect the mgmt_pending_tx idr_remove() operation in\nath10k_wmi_tlv_op_cleanup_mgmt_tx_send() using ar-\u003edata_lock similar to\nother instances.\n\nTested-on: WCN3990 hw1.0 SNOC WLAN.HL.2.0-01387-QCAHLSWMTPLZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50236",
"url": "https://www.suse.com/security/cve/CVE-2024-50236"
},
{
"category": "external",
"summary": "SUSE Bug 1233212 for CVE-2024-50236",
"url": "https://bugzilla.suse.com/1233212"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50236"
},
{
"cve": "CVE-2024-50237",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50237"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: do not pass a stopped vif to the driver in .get_txpower\n\nAvoid potentially crashing in the driver because of uninitialized private data",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50237",
"url": "https://www.suse.com/security/cve/CVE-2024-50237"
},
{
"category": "external",
"summary": "SUSE Bug 1233216 for CVE-2024-50237",
"url": "https://bugzilla.suse.com/1233216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50237"
},
{
"cve": "CVE-2024-50240",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50240"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: qcom: qmp-usb: fix NULL-deref on runtime suspend\n\nCommit 413db06c05e7 (\"phy: qcom-qmp-usb: clean up probe initialisation\")\nremoved most users of the platform device driver data, but mistakenly\nalso removed the initialisation despite the data still being used in the\nruntime PM callbacks.\n\nRestore the driver data initialisation at probe to avoid a NULL-pointer\ndereference on runtime suspend.\n\nApparently no one uses runtime PM, which currently needs to be enabled\nmanually through sysfs, with this driver.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50240",
"url": "https://www.suse.com/security/cve/CVE-2024-50240"
},
{
"category": "external",
"summary": "SUSE Bug 1233217 for CVE-2024-50240",
"url": "https://bugzilla.suse.com/1233217"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50240"
},
{
"cve": "CVE-2024-50245",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50245"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Fix possible deadlock in mi_read\n\nMutex lock with another subclass used in ni_lock_dir().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50245",
"url": "https://www.suse.com/security/cve/CVE-2024-50245"
},
{
"category": "external",
"summary": "SUSE Bug 1233203 for CVE-2024-50245",
"url": "https://bugzilla.suse.com/1233203"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50245"
},
{
"cve": "CVE-2024-50246",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50246"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Add rough attr alloc_size check",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50246",
"url": "https://www.suse.com/security/cve/CVE-2024-50246"
},
{
"category": "external",
"summary": "SUSE Bug 1233207 for CVE-2024-50246",
"url": "https://bugzilla.suse.com/1233207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50246"
},
{
"cve": "CVE-2024-50248",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50248"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nntfs3: Add bounds checking to mi_enum_attr()\n\nAdded bounds checking to make sure that every attr don\u0027t stray beyond\nvalid memory region.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50248",
"url": "https://www.suse.com/security/cve/CVE-2024-50248"
},
{
"category": "external",
"summary": "SUSE Bug 1233219 for CVE-2024-50248",
"url": "https://bugzilla.suse.com/1233219"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50248"
},
{
"cve": "CVE-2024-50249",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50249"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: CPPC: Make rmw_lock a raw_spin_lock\n\nThe following BUG was triggered:\n\n=============================\n[ BUG: Invalid wait context ]\n6.12.0-rc2-XXX #406 Not tainted\n-----------------------------\nkworker/1:1/62 is trying to lock:\nffffff8801593030 (\u0026cpc_ptr-\u003ermw_lock){+.+.}-{3:3}, at: cpc_write+0xcc/0x370\nother info that might help us debug this:\ncontext-{5:5}\n2 locks held by kworker/1:1/62:\n #0: ffffff897ef5ec98 (\u0026rq-\u003e__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2c/0x50\n #1: ffffff880154e238 (\u0026sg_policy-\u003eupdate_lock){....}-{2:2}, at: sugov_update_shared+0x3c/0x280\nstack backtrace:\nCPU: 1 UID: 0 PID: 62 Comm: kworker/1:1 Not tainted 6.12.0-rc2-g9654bd3e8806 #406\nWorkqueue: 0x0 (events)\nCall trace:\n dump_backtrace+0xa4/0x130\n show_stack+0x20/0x38\n dump_stack_lvl+0x90/0xd0\n dump_stack+0x18/0x28\n __lock_acquire+0x480/0x1ad8\n lock_acquire+0x114/0x310\n _raw_spin_lock+0x50/0x70\n cpc_write+0xcc/0x370\n cppc_set_perf+0xa0/0x3a8\n cppc_cpufreq_fast_switch+0x40/0xc0\n cpufreq_driver_fast_switch+0x4c/0x218\n sugov_update_shared+0x234/0x280\n update_load_avg+0x6ec/0x7b8\n dequeue_entities+0x108/0x830\n dequeue_task_fair+0x58/0x408\n __schedule+0x4f0/0x1070\n schedule+0x54/0x130\n worker_thread+0xc0/0x2e8\n kthread+0x130/0x148\n ret_from_fork+0x10/0x20\n\nsugov_update_shared() locks a raw_spinlock while cpc_write() locks a\nspinlock.\n\nTo have a correct wait-type order, update rmw_lock to a raw spinlock and\nensure that interrupts will be disabled on the CPU holding it.\n\n[ rjw: Changelog edits ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50249",
"url": "https://www.suse.com/security/cve/CVE-2024-50249"
},
{
"category": "external",
"summary": "SUSE Bug 1233197 for CVE-2024-50249",
"url": "https://bugzilla.suse.com/1233197"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50249"
},
{
"cve": "CVE-2024-50250",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50250"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfsdax: dax_unshare_iter needs to copy entire blocks\n\nThe code that copies data from srcmap to iomap in dax_unshare_iter is\nvery very broken, which bfoster\u0027s recent fsx changes have exposed.\n\nIf the pos and len passed to dax_file_unshare are not aligned to an\nfsblock boundary, the iter pos and length in the _iter function will\nreflect this unalignment.\n\ndax_iomap_direct_access always returns a pointer to the start of the\nkmapped fsdax page, even if its pos argument is in the middle of that\npage. This is catastrophic for data integrity when iter-\u003epos is not\naligned to a page, because daddr/saddr do not point to the same byte in\nthe file as iter-\u003epos. Hence we corrupt user data by copying it to the\nwrong place.\n\nIf iter-\u003epos + iomap_length() in the _iter function not aligned to a\npage, then we fail to copy a full block, and only partially populate the\ndestination block. This is catastrophic for data confidentiality\nbecause we expose stale pmem contents.\n\nFix both of these issues by aligning copy_pos/copy_len to a page\nboundary (remember, this is fsdax so 1 fsblock == 1 base page) so that\nwe always copy full blocks.\n\nWe\u0027re not done yet -- there\u0027s no call to invalidate_inode_pages2_range,\nso programs that have the file range mmap\u0027d will continue accessing the\nold memory mapping after the file metadata updates have completed.\n\nBe careful with the return value -- if the unshare succeeds, we still\nneed to return the number of bytes that the iomap iter thinks we\u0027re\noperating on.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50250",
"url": "https://www.suse.com/security/cve/CVE-2024-50250"
},
{
"category": "external",
"summary": "SUSE Bug 1233226 for CVE-2024-50250",
"url": "https://bugzilla.suse.com/1233226"
},
{
"category": "external",
"summary": "SUSE Bug 1233227 for CVE-2024-50250",
"url": "https://bugzilla.suse.com/1233227"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-50250"
},
{
"cve": "CVE-2024-50252",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50252"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address\n\nThe device stores IPv6 addresses that are used for encapsulation in\nlinear memory that is managed by the driver.\n\nChanging the remote address of an ip6gre net device never worked\nproperly, but since cited commit the following reproducer [1] would\nresult in a warning [2] and a memory leak [3]. The problem is that the\nnew remote address is never added by the driver to its hash table (and\ntherefore the device) and the old address is never removed from it.\n\nFix by programming the new address when the configuration of the ip6gre\nnet device changes and removing the old one. If the address did not\nchange, then the above would result in increasing the reference count of\nthe address and then decreasing it.\n\n[1]\n # ip link add name bla up type ip6gre local 2001:db8:1::1 remote 2001:db8:2::1 tos inherit ttl inherit\n # ip link set dev bla type ip6gre remote 2001:db8:3::1\n # ip link del dev bla\n # devlink dev reload pci/0000:01:00.0\n\n[2]\nWARNING: CPU: 0 PID: 1682 at drivers/net/ethernet/mellanox/mlxsw/spectrum.c:3002 mlxsw_sp_ipv6_addr_put+0x140/0x1d0\nModules linked in:\nCPU: 0 UID: 0 PID: 1682 Comm: ip Not tainted 6.12.0-rc3-custom-g86b5b55bc835 #151\nHardware name: Nvidia SN5600/VMOD0013, BIOS 5.13 05/31/2023\nRIP: 0010:mlxsw_sp_ipv6_addr_put+0x140/0x1d0\n[...]\nCall Trace:\n \u003cTASK\u003e\n mlxsw_sp_router_netdevice_event+0x55f/0x1240\n notifier_call_chain+0x5a/0xd0\n call_netdevice_notifiers_info+0x39/0x90\n unregister_netdevice_many_notify+0x63e/0x9d0\n rtnl_dellink+0x16b/0x3a0\n rtnetlink_rcv_msg+0x142/0x3f0\n netlink_rcv_skb+0x50/0x100\n netlink_unicast+0x242/0x390\n netlink_sendmsg+0x1de/0x420\n ____sys_sendmsg+0x2bd/0x320\n ___sys_sendmsg+0x9a/0xe0\n __sys_sendmsg+0x7a/0xd0\n do_syscall_64+0x9e/0x1a0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n[3]\nunreferenced object 0xffff898081f597a0 (size 32):\n comm \"ip\", pid 1626, jiffies 4294719324\n hex dump (first 32 bytes):\n 20 01 0d b8 00 02 00 00 00 00 00 00 00 00 00 01 ...............\n 21 49 61 83 80 89 ff ff 00 00 00 00 01 00 00 00 !Ia.............\n backtrace (crc fd9be911):\n [\u003c00000000df89c55d\u003e] __kmalloc_cache_noprof+0x1da/0x260\n [\u003c00000000ff2a1ddb\u003e] mlxsw_sp_ipv6_addr_kvdl_index_get+0x281/0x340\n [\u003c000000009ddd445d\u003e] mlxsw_sp_router_netdevice_event+0x47b/0x1240\n [\u003c00000000743e7757\u003e] notifier_call_chain+0x5a/0xd0\n [\u003c000000007c7b9e13\u003e] call_netdevice_notifiers_info+0x39/0x90\n [\u003c000000002509645d\u003e] register_netdevice+0x5f7/0x7a0\n [\u003c00000000c2e7d2a9\u003e] ip6gre_newlink_common.isra.0+0x65/0x130\n [\u003c0000000087cd6d8d\u003e] ip6gre_newlink+0x72/0x120\n [\u003c000000004df7c7cc\u003e] rtnl_newlink+0x471/0xa20\n [\u003c0000000057ed632a\u003e] rtnetlink_rcv_msg+0x142/0x3f0\n [\u003c0000000032e0d5b5\u003e] netlink_rcv_skb+0x50/0x100\n [\u003c00000000908bca63\u003e] netlink_unicast+0x242/0x390\n [\u003c00000000cdbe1c87\u003e] netlink_sendmsg+0x1de/0x420\n [\u003c0000000011db153e\u003e] ____sys_sendmsg+0x2bd/0x320\n [\u003c000000003b6d53eb\u003e] ___sys_sendmsg+0x9a/0xe0\n [\u003c00000000cae27c62\u003e] __sys_sendmsg+0x7a/0xd0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50252",
"url": "https://www.suse.com/security/cve/CVE-2024-50252"
},
{
"category": "external",
"summary": "SUSE Bug 1233201 for CVE-2024-50252",
"url": "https://bugzilla.suse.com/1233201"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50252"
},
{
"cve": "CVE-2024-50255",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50255"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs\n\nFix __hci_cmd_sync_sk() to return not NULL for unknown opcodes.\n\n__hci_cmd_sync_sk() returns NULL if a command returns a status event.\nHowever, it also returns NULL where an opcode doesn\u0027t exist in the\nhci_cc table because hci_cmd_complete_evt() assumes status = skb-\u003edata[0]\nfor unknown opcodes.\nThis leads to null-ptr-deref in cmd_sync for HCI_OP_READ_LOCAL_CODECS as\nthere is no hci_cc for HCI_OP_READ_LOCAL_CODECS, which always assumes\nstatus = skb-\u003edata[0].\n\nKASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077]\nCPU: 1 PID: 2000 Comm: kworker/u9:5 Not tainted 6.9.0-ga6bcb805883c-dirty #10\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nWorkqueue: hci7 hci_power_on\nRIP: 0010:hci_read_supported_codecs+0xb9/0x870 net/bluetooth/hci_codec.c:138\nCode: 08 48 89 ef e8 b8 c1 8f fd 48 8b 75 00 e9 96 00 00 00 49 89 c6 48 ba 00 00 00 00 00 fc ff df 4c 8d 60 70 4c 89 e3 48 c1 eb 03 \u003c0f\u003e b6 04 13 84 c0 0f 85 82 06 00 00 41 83 3c 24 02 77 0a e8 bf 78\nRSP: 0018:ffff888120bafac8 EFLAGS: 00010212\nRAX: 0000000000000000 RBX: 000000000000000e RCX: ffff8881173f0040\nRDX: dffffc0000000000 RSI: ffffffffa58496c0 RDI: ffff88810b9ad1e4\nRBP: ffff88810b9ac000 R08: ffffffffa77882a7 R09: 1ffffffff4ef1054\nR10: dffffc0000000000 R11: fffffbfff4ef1055 R12: 0000000000000070\nR13: 0000000000000000 R14: 0000000000000000 R15: ffff88810b9ac000\nFS: 0000000000000000(0000) GS:ffff8881f6c00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f6ddaa3439e CR3: 0000000139764003 CR4: 0000000000770ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n hci_read_local_codecs_sync net/bluetooth/hci_sync.c:4546 [inline]\n hci_init_stage_sync net/bluetooth/hci_sync.c:3441 [inline]\n hci_init4_sync net/bluetooth/hci_sync.c:4706 [inline]\n hci_init_sync net/bluetooth/hci_sync.c:4742 [inline]\n hci_dev_init_sync net/bluetooth/hci_sync.c:4912 [inline]\n hci_dev_open_sync+0x19a9/0x2d30 net/bluetooth/hci_sync.c:4994\n hci_dev_do_open net/bluetooth/hci_core.c:483 [inline]\n hci_power_on+0x11e/0x560 net/bluetooth/hci_core.c:1015\n process_one_work kernel/workqueue.c:3267 [inline]\n process_scheduled_works+0x8ef/0x14f0 kernel/workqueue.c:3348\n worker_thread+0x91f/0xe50 kernel/workqueue.c:3429\n kthread+0x2cb/0x360 kernel/kthread.c:388\n ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50255",
"url": "https://www.suse.com/security/cve/CVE-2024-50255"
},
{
"category": "external",
"summary": "SUSE Bug 1233238 for CVE-2024-50255",
"url": "https://bugzilla.suse.com/1233238"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50255"
},
{
"cve": "CVE-2024-50257",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50257"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: Fix use-after-free in get_info()\n\nip6table_nat module unload has refcnt warning for UAF. call trace is:\n\nWARNING: CPU: 1 PID: 379 at kernel/module/main.c:853 module_put+0x6f/0x80\nModules linked in: ip6table_nat(-)\nCPU: 1 UID: 0 PID: 379 Comm: ip6tables Not tainted 6.12.0-rc4-00047-gc2ee9f594da8-dirty #205\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:module_put+0x6f/0x80\nCall Trace:\n \u003cTASK\u003e\n get_info+0x128/0x180\n do_ip6t_get_ctl+0x6a/0x430\n nf_getsockopt+0x46/0x80\n ipv6_getsockopt+0xb9/0x100\n rawv6_getsockopt+0x42/0x190\n do_sock_getsockopt+0xaa/0x180\n __sys_getsockopt+0x70/0xc0\n __x64_sys_getsockopt+0x20/0x30\n do_syscall_64+0xa2/0x1a0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nConcurrent execution of module unload and get_info() trigered the warning.\nThe root cause is as follows:\n\ncpu0\t\t\t\t cpu1\nmodule_exit\n//mod-\u003estate = MODULE_STATE_GOING\n ip6table_nat_exit\n xt_unregister_template\n\tkfree(t)\n\t//removed from templ_list\n\t\t\t\t getinfo()\n\t\t\t\t\t t = xt_find_table_lock\n\t\t\t\t\t\tlist_for_each_entry(tmpl, \u0026xt_templates[af]...)\n\t\t\t\t\t\t\tif (strcmp(tmpl-\u003ename, name))\n\t\t\t\t\t\t\t\tcontinue; //table not found\n\t\t\t\t\t\t\ttry_module_get\n\t\t\t\t\t\tlist_for_each_entry(t, \u0026xt_net-\u003etables[af]...)\n\t\t\t\t\t\t\treturn t; //not get refcnt\n\t\t\t\t\t module_put(t-\u003eme) //uaf\n unregister_pernet_subsys\n //remove table from xt_net list\n\nWhile xt_table module was going away and has been removed from\nxt_templates list, we couldnt get refcnt of xt_table-\u003eme. Check\nmodule in xt_net-\u003etables list re-traversal to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50257",
"url": "https://www.suse.com/security/cve/CVE-2024-50257"
},
{
"category": "external",
"summary": "SUSE Bug 1233244 for CVE-2024-50257",
"url": "https://bugzilla.suse.com/1233244"
},
{
"category": "external",
"summary": "SUSE Bug 1233245 for CVE-2024-50257",
"url": "https://bugzilla.suse.com/1233245"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-50257"
},
{
"cve": "CVE-2024-50261",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50261"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmacsec: Fix use-after-free while sending the offloading packet\n\nKASAN reports the following UAF. The metadata_dst, which is used to\nstore the SCI value for macsec offload, is already freed by\nmetadata_dst_free() in macsec_free_netdev(), while driver still use it\nfor sending the packet.\n\nTo fix this issue, dst_release() is used instead to release\nmetadata_dst. So it is not freed instantly in macsec_free_netdev() if\nstill referenced by skb.\n\n BUG: KASAN: slab-use-after-free in mlx5e_xmit+0x1e8f/0x4190 [mlx5_core]\n Read of size 2 at addr ffff88813e42e038 by task kworker/7:2/714\n [...]\n Workqueue: mld mld_ifc_work\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x51/0x60\n print_report+0xc1/0x600\n kasan_report+0xab/0xe0\n mlx5e_xmit+0x1e8f/0x4190 [mlx5_core]\n dev_hard_start_xmit+0x120/0x530\n sch_direct_xmit+0x149/0x11e0\n __qdisc_run+0x3ad/0x1730\n __dev_queue_xmit+0x1196/0x2ed0\n vlan_dev_hard_start_xmit+0x32e/0x510 [8021q]\n dev_hard_start_xmit+0x120/0x530\n __dev_queue_xmit+0x14a7/0x2ed0\n macsec_start_xmit+0x13e9/0x2340\n dev_hard_start_xmit+0x120/0x530\n __dev_queue_xmit+0x14a7/0x2ed0\n ip6_finish_output2+0x923/0x1a70\n ip6_finish_output+0x2d7/0x970\n ip6_output+0x1ce/0x3a0\n NF_HOOK.constprop.0+0x15f/0x190\n mld_sendpack+0x59a/0xbd0\n mld_ifc_work+0x48a/0xa80\n process_one_work+0x5aa/0xe50\n worker_thread+0x79c/0x1290\n kthread+0x28f/0x350\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e\n\n Allocated by task 3922:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x10/0x30\n __kasan_kmalloc+0x77/0x90\n __kmalloc_noprof+0x188/0x400\n metadata_dst_alloc+0x1f/0x4e0\n macsec_newlink+0x914/0x1410\n __rtnl_newlink+0xe08/0x15b0\n rtnl_newlink+0x5f/0x90\n rtnetlink_rcv_msg+0x667/0xa80\n netlink_rcv_skb+0x12c/0x360\n netlink_unicast+0x551/0x770\n netlink_sendmsg+0x72d/0xbd0\n __sock_sendmsg+0xc5/0x190\n ____sys_sendmsg+0x52e/0x6a0\n ___sys_sendmsg+0xeb/0x170\n __sys_sendmsg+0xb5/0x140\n do_syscall_64+0x4c/0x100\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n Freed by task 4011:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x50\n poison_slab_object+0x10c/0x190\n __kasan_slab_free+0x11/0x30\n kfree+0xe0/0x290\n macsec_free_netdev+0x3f/0x140\n netdev_run_todo+0x450/0xc70\n rtnetlink_rcv_msg+0x66f/0xa80\n netlink_rcv_skb+0x12c/0x360\n netlink_unicast+0x551/0x770\n netlink_sendmsg+0x72d/0xbd0\n __sock_sendmsg+0xc5/0x190\n ____sys_sendmsg+0x52e/0x6a0\n ___sys_sendmsg+0xeb/0x170\n __sys_sendmsg+0xb5/0x140\n do_syscall_64+0x4c/0x100\n entry_SYSCALL_64_after_hwframe+0x4b/0x53",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50261",
"url": "https://www.suse.com/security/cve/CVE-2024-50261"
},
{
"category": "external",
"summary": "SUSE Bug 1233253 for CVE-2024-50261",
"url": "https://bugzilla.suse.com/1233253"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50261"
},
{
"cve": "CVE-2024-50264",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50264"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/virtio: Initialization of the dangling pointer occurring in vsk-\u003etrans\n\nDuring loopback communication, a dangling pointer can be created in\nvsk-\u003etrans, potentially leading to a Use-After-Free condition. This\nissue is resolved by initializing vsk-\u003etrans to NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50264",
"url": "https://www.suse.com/security/cve/CVE-2024-50264"
},
{
"category": "external",
"summary": "SUSE Bug 1233453 for CVE-2024-50264",
"url": "https://bugzilla.suse.com/1233453"
},
{
"category": "external",
"summary": "SUSE Bug 1233712 for CVE-2024-50264",
"url": "https://bugzilla.suse.com/1233712"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-50264"
},
{
"cve": "CVE-2024-50265",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50265"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove()\n\nSyzkaller is able to provoke null-ptr-dereference in ocfs2_xa_remove():\n\n[ 57.319872] (a.out,1161,7):ocfs2_xa_remove:2028 ERROR: status = -12\n[ 57.320420] (a.out,1161,7):ocfs2_xa_cleanup_value_truncate:1999 ERROR: Partial truncate while removing xattr overlay.upper. Leaking 1 clusters and removing the entry\n[ 57.321727] BUG: kernel NULL pointer dereference, address: 0000000000000004\n[...]\n[ 57.325727] RIP: 0010:ocfs2_xa_block_wipe_namevalue+0x2a/0xc0\n[...]\n[ 57.331328] Call Trace:\n[ 57.331477] \u003cTASK\u003e\n[...]\n[ 57.333511] ? do_user_addr_fault+0x3e5/0x740\n[ 57.333778] ? exc_page_fault+0x70/0x170\n[ 57.334016] ? asm_exc_page_fault+0x2b/0x30\n[ 57.334263] ? __pfx_ocfs2_xa_block_wipe_namevalue+0x10/0x10\n[ 57.334596] ? ocfs2_xa_block_wipe_namevalue+0x2a/0xc0\n[ 57.334913] ocfs2_xa_remove_entry+0x23/0xc0\n[ 57.335164] ocfs2_xa_set+0x704/0xcf0\n[ 57.335381] ? _raw_spin_unlock+0x1a/0x40\n[ 57.335620] ? ocfs2_inode_cache_unlock+0x16/0x20\n[ 57.335915] ? trace_preempt_on+0x1e/0x70\n[ 57.336153] ? start_this_handle+0x16c/0x500\n[ 57.336410] ? preempt_count_sub+0x50/0x80\n[ 57.336656] ? _raw_read_unlock+0x20/0x40\n[ 57.336906] ? start_this_handle+0x16c/0x500\n[ 57.337162] ocfs2_xattr_block_set+0xa6/0x1e0\n[ 57.337424] __ocfs2_xattr_set_handle+0x1fd/0x5d0\n[ 57.337706] ? ocfs2_start_trans+0x13d/0x290\n[ 57.337971] ocfs2_xattr_set+0xb13/0xfb0\n[ 57.338207] ? dput+0x46/0x1c0\n[ 57.338393] ocfs2_xattr_trusted_set+0x28/0x30\n[ 57.338665] ? ocfs2_xattr_trusted_set+0x28/0x30\n[ 57.338948] __vfs_removexattr+0x92/0xc0\n[ 57.339182] __vfs_removexattr_locked+0xd5/0x190\n[ 57.339456] ? preempt_count_sub+0x50/0x80\n[ 57.339705] vfs_removexattr+0x5f/0x100\n[...]\n\nReproducer uses faultinject facility to fail ocfs2_xa_remove() -\u003e\nocfs2_xa_value_truncate() with -ENOMEM.\n\nIn this case the comment mentions that we can return 0 if\nocfs2_xa_cleanup_value_truncate() is going to wipe the entry\nanyway. But the following \u0027rc\u0027 check is wrong and execution flow do\n\u0027ocfs2_xa_remove_entry(loc);\u0027 twice:\n* 1st: in ocfs2_xa_cleanup_value_truncate();\n* 2nd: returning back to ocfs2_xa_remove() instead of going to \u0027out\u0027.\n\nFix this by skipping the 2nd removal of the same entry and making\nsyzkaller repro happy.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50265",
"url": "https://www.suse.com/security/cve/CVE-2024-50265"
},
{
"category": "external",
"summary": "SUSE Bug 1233454 for CVE-2024-50265",
"url": "https://bugzilla.suse.com/1233454"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50265"
},
{
"cve": "CVE-2024-50267",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50267"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: serial: io_edgeport: fix use after free in debug printk\n\nThe \"dev_dbg(\u0026urb-\u003edev-\u003edev, ...\" which happens after usb_free_urb(urb)\nis a use after free of the \"urb\" pointer. Store the \"dev\" pointer at the\nstart of the function to avoid this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50267",
"url": "https://www.suse.com/security/cve/CVE-2024-50267"
},
{
"category": "external",
"summary": "SUSE Bug 1233456 for CVE-2024-50267",
"url": "https://bugzilla.suse.com/1233456"
},
{
"category": "external",
"summary": "SUSE Bug 1233711 for CVE-2024-50267",
"url": "https://bugzilla.suse.com/1233711"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-50267"
},
{
"cve": "CVE-2024-50268",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50268"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd()\n\nThe \"*cmd\" variable can be controlled by the user via debugfs. That means\n\"new_cam\" can be as high as 255 while the size of the uc-\u003eupdated[] array\nis UCSI_MAX_ALTMODES (30).\n\nThe call tree is:\nucsi_cmd() // val comes from simple_attr_write_xsigned()\n-\u003e ucsi_send_command()\n -\u003e ucsi_send_command_common()\n -\u003e ucsi_run_command() // calls ucsi-\u003eops-\u003esync_control()\n -\u003e ucsi_ccg_sync_control()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50268",
"url": "https://www.suse.com/security/cve/CVE-2024-50268"
},
{
"category": "external",
"summary": "SUSE Bug 1233457 for CVE-2024-50268",
"url": "https://bugzilla.suse.com/1233457"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50268"
},
{
"cve": "CVE-2024-50269",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50269"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: musb: sunxi: Fix accessing an released usb phy\n\nCommit 6ed05c68cbca (\"usb: musb: sunxi: Explicitly release USB PHY on\nexit\") will cause that usb phy @glue-\u003exceiv is accessed after released.\n\n1) register platform driver @sunxi_musb_driver\n// get the usb phy @glue-\u003exceiv\nsunxi_musb_probe() -\u003e devm_usb_get_phy().\n\n2) register and unregister platform driver @musb_driver\nmusb_probe() -\u003e sunxi_musb_init()\nuse the phy here\n//the phy is released here\nmusb_remove() -\u003e sunxi_musb_exit() -\u003e devm_usb_put_phy()\n\n3) register @musb_driver again\nmusb_probe() -\u003e sunxi_musb_init()\nuse the phy here but the phy has been released at 2).\n...\n\nFixed by reverting the commit, namely, removing devm_usb_put_phy()\nfrom sunxi_musb_exit().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50269",
"url": "https://www.suse.com/security/cve/CVE-2024-50269"
},
{
"category": "external",
"summary": "SUSE Bug 1233458 for CVE-2024-50269",
"url": "https://bugzilla.suse.com/1233458"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50269"
},
{
"cve": "CVE-2024-50271",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50271"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsignal: restore the override_rlimit logic\n\nPrior to commit d64696905554 (\"Reimplement RLIMIT_SIGPENDING on top of\nucounts\") UCOUNT_RLIMIT_SIGPENDING rlimit was not enforced for a class of\nsignals. However now it\u0027s enforced unconditionally, even if\noverride_rlimit is set. This behavior change caused production issues. \n\nFor example, if the limit is reached and a process receives a SIGSEGV\nsignal, sigqueue_alloc fails to allocate the necessary resources for the\nsignal delivery, preventing the signal from being delivered with siginfo. \nThis prevents the process from correctly identifying the fault address and\nhandling the error. From the user-space perspective, applications are\nunaware that the limit has been reached and that the siginfo is\neffectively \u0027corrupted\u0027. This can lead to unpredictable behavior and\ncrashes, as we observed with java applications.\n\nFix this by passing override_rlimit into inc_rlimit_get_ucounts() and skip\nthe comparison to max there if override_rlimit is set. This effectively\nrestores the old behavior.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50271",
"url": "https://www.suse.com/security/cve/CVE-2024-50271"
},
{
"category": "external",
"summary": "SUSE Bug 1233460 for CVE-2024-50271",
"url": "https://bugzilla.suse.com/1233460"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50271"
},
{
"cve": "CVE-2024-50273",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50273"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: reinitialize delayed ref list after deleting it from the list\n\nAt insert_delayed_ref() if we need to update the action of an existing\nref to BTRFS_DROP_DELAYED_REF, we delete the ref from its ref head\u0027s\nref_add_list using list_del(), which leaves the ref\u0027s add_list member\nnot reinitialized, as list_del() sets the next and prev members of the\nlist to LIST_POISON1 and LIST_POISON2, respectively.\n\nIf later we end up calling drop_delayed_ref() against the ref, which can\nhappen during merging or when destroying delayed refs due to a transaction\nabort, we can trigger a crash since at drop_delayed_ref() we call\nlist_empty() against the ref\u0027s add_list, which returns false since\nthe list was not reinitialized after the list_del() and as a consequence\nwe call list_del() again at drop_delayed_ref(). This results in an\ninvalid list access since the next and prev members are set to poison\npointers, resulting in a splat if CONFIG_LIST_HARDENED and\nCONFIG_DEBUG_LIST are set or invalid poison pointer dereferences\notherwise.\n\nSo fix this by deleting from the list with list_del_init() instead.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50273",
"url": "https://www.suse.com/security/cve/CVE-2024-50273"
},
{
"category": "external",
"summary": "SUSE Bug 1233462 for CVE-2024-50273",
"url": "https://bugzilla.suse.com/1233462"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50273"
},
{
"cve": "CVE-2024-50274",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50274"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: avoid vport access in idpf_get_link_ksettings\n\nWhen the device control plane is removed or the platform\nrunning device control plane is rebooted, a reset is detected\non the driver. On driver reset, it releases the resources and\nwaits for the reset to complete. If the reset fails, it takes\nthe error path and releases the vport lock. At this time if the\nmonitoring tools tries to access link settings, it call traces\nfor accessing released vport pointer.\n\nTo avoid it, move link_speed_mbps to netdev_priv structure\nwhich removes the dependency on vport pointer and the vport lock\nin idpf_get_link_ksettings. Also use netif_carrier_ok()\nto check the link status and adjust the offsetof to use link_up\ninstead of link_speed_mbps.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50274",
"url": "https://www.suse.com/security/cve/CVE-2024-50274"
},
{
"category": "external",
"summary": "SUSE Bug 1233463 for CVE-2024-50274",
"url": "https://bugzilla.suse.com/1233463"
},
{
"category": "external",
"summary": "SUSE Bug 1235104 for CVE-2024-50274",
"url": "https://bugzilla.suse.com/1235104"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-50274"
},
{
"cve": "CVE-2024-50275",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50275"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64/sve: Discard stale CPU state when handling SVE traps\n\nThe logic for handling SVE traps manipulates saved FPSIMD/SVE state\nincorrectly, and a race with preemption can result in a task having\nTIF_SVE set and TIF_FOREIGN_FPSTATE clear even though the live CPU state\nis stale (e.g. with SVE traps enabled). This has been observed to result\nin warnings from do_sve_acc() where SVE traps are not expected while\nTIF_SVE is set:\n\n| if (test_and_set_thread_flag(TIF_SVE))\n| WARN_ON(1); /* SVE access shouldn\u0027t have trapped */\n\nWarnings of this form have been reported intermittently, e.g.\n\n https://lore.kernel.org/linux-arm-kernel/CA+G9fYtEGe_DhY2Ms7+L7NKsLYUomGsgqpdBj+QwDLeSg=JhGg@mail.gmail.com/\n https://lore.kernel.org/linux-arm-kernel/000000000000511e9a060ce5a45c@google.com/\n\nThe race can occur when the SVE trap handler is preempted before and\nafter manipulating the saved FPSIMD/SVE state, starting and ending on\nthe same CPU, e.g.\n\n| void do_sve_acc(unsigned long esr, struct pt_regs *regs)\n| {\n| // Trap on CPU 0 with TIF_SVE clear, SVE traps enabled\n| // task-\u003efpsimd_cpu is 0.\n| // per_cpu_ptr(\u0026fpsimd_last_state, 0) is task.\n|\n| ...\n|\n| // Preempted; migrated from CPU 0 to CPU 1.\n| // TIF_FOREIGN_FPSTATE is set.\n|\n| get_cpu_fpsimd_context();\n|\n| if (test_and_set_thread_flag(TIF_SVE))\n| WARN_ON(1); /* SVE access shouldn\u0027t have trapped */\n|\n| sve_init_regs() {\n| if (!test_thread_flag(TIF_FOREIGN_FPSTATE)) {\n| ...\n| } else {\n| fpsimd_to_sve(current);\n| current-\u003ethread.fp_type = FP_STATE_SVE;\n| }\n| }\n|\n| put_cpu_fpsimd_context();\n|\n| // Preempted; migrated from CPU 1 to CPU 0.\n| // task-\u003efpsimd_cpu is still 0\n| // If per_cpu_ptr(\u0026fpsimd_last_state, 0) is still task then:\n| // - Stale HW state is reused (with SVE traps enabled)\n| // - TIF_FOREIGN_FPSTATE is cleared\n| // - A return to userspace skips HW state restore\n| }\n\nFix the case where the state is not live and TIF_FOREIGN_FPSTATE is set\nby calling fpsimd_flush_task_state() to detach from the saved CPU\nstate. This ensures that a subsequent context switch will not reuse the\nstale CPU state, and will instead set TIF_FOREIGN_FPSTATE, forcing the\nnew state to be reloaded from memory prior to a return to userspace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50275",
"url": "https://www.suse.com/security/cve/CVE-2024-50275"
},
{
"category": "external",
"summary": "SUSE Bug 1233464 for CVE-2024-50275",
"url": "https://bugzilla.suse.com/1233464"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50275"
},
{
"cve": "CVE-2024-50276",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50276"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: vertexcom: mse102x: Fix possible double free of TX skb\n\nThe scope of the TX skb is wider than just mse102x_tx_frame_spi(),\nso in case the TX skb room needs to be expanded, we should free the\nthe temporary skb instead of the original skb. Otherwise the original\nTX skb pointer would be freed again in mse102x_tx_work(), which leads\nto crashes:\n\n Internal error: Oops: 0000000096000004 [#2] PREEMPT SMP\n CPU: 0 PID: 712 Comm: kworker/0:1 Tainted: G D 6.6.23\n Hardware name: chargebyte Charge SOM DC-ONE (DT)\n Workqueue: events mse102x_tx_work [mse102x]\n pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : skb_release_data+0xb8/0x1d8\n lr : skb_release_data+0x1ac/0x1d8\n sp : ffff8000819a3cc0\n x29: ffff8000819a3cc0 x28: ffff0000046daa60 x27: ffff0000057f2dc0\n x26: ffff000005386c00 x25: 0000000000000002 x24: 00000000ffffffff\n x23: 0000000000000000 x22: 0000000000000001 x21: ffff0000057f2e50\n x20: 0000000000000006 x19: 0000000000000000 x18: ffff00003fdacfcc\n x17: e69ad452d0c49def x16: 84a005feff870102 x15: 0000000000000000\n x14: 000000000000024a x13: 0000000000000002 x12: 0000000000000000\n x11: 0000000000000400 x10: 0000000000000930 x9 : ffff00003fd913e8\n x8 : fffffc00001bc008\n x7 : 0000000000000000 x6 : 0000000000000008\n x5 : ffff00003fd91340 x4 : 0000000000000000 x3 : 0000000000000009\n x2 : 00000000fffffffe x1 : 0000000000000000 x0 : 0000000000000000\n Call trace:\n skb_release_data+0xb8/0x1d8\n kfree_skb_reason+0x48/0xb0\n mse102x_tx_work+0x164/0x35c [mse102x]\n process_one_work+0x138/0x260\n worker_thread+0x32c/0x438\n kthread+0x118/0x11c\n ret_from_fork+0x10/0x20\n Code: aa1303e0 97fffab6 72001c1f 54000141 (f9400660)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50276",
"url": "https://www.suse.com/security/cve/CVE-2024-50276"
},
{
"category": "external",
"summary": "SUSE Bug 1233465 for CVE-2024-50276",
"url": "https://bugzilla.suse.com/1233465"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50276"
},
{
"cve": "CVE-2024-50279",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50279"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm cache: fix out-of-bounds access to the dirty bitset when resizing\n\ndm-cache checks the dirty bits of the cache blocks to be dropped when\nshrinking the fast device, but an index bug in bitset iteration causes\nout-of-bounds access.\n\nReproduce steps:\n\n1. create a cache device of 1024 cache blocks (128 bytes dirty bitset)\n\ndmsetup create cmeta --table \"0 8192 linear /dev/sdc 0\"\ndmsetup create cdata --table \"0 131072 linear /dev/sdc 8192\"\ndmsetup create corig --table \"0 524288 linear /dev/sdc 262144\"\ndd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1 oflag=direct\ndmsetup create cache --table \"0 524288 cache /dev/mapper/cmeta \\\n/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0\"\n\n2. shrink the fast device to 512 cache blocks, triggering out-of-bounds\n access to the dirty bitset (offset 0x80)\n\ndmsetup suspend cache\ndmsetup reload cdata --table \"0 65536 linear /dev/sdc 8192\"\ndmsetup resume cdata\ndmsetup resume cache\n\nKASAN reports:\n\n BUG: KASAN: vmalloc-out-of-bounds in cache_preresume+0x269/0x7b0\n Read of size 8 at addr ffffc900000f3080 by task dmsetup/131\n\n (...snip...)\n The buggy address belongs to the virtual mapping at\n [ffffc900000f3000, ffffc900000f5000) created by:\n cache_ctr+0x176a/0x35f0\n\n (...snip...)\n Memory state around the buggy address:\n ffffc900000f2f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ffffc900000f3000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n \u003effffc900000f3080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ^\n ffffc900000f3100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ffffc900000f3180: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n\nFix by making the index post-incremented.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50279",
"url": "https://www.suse.com/security/cve/CVE-2024-50279"
},
{
"category": "external",
"summary": "SUSE Bug 1233468 for CVE-2024-50279",
"url": "https://bugzilla.suse.com/1233468"
},
{
"category": "external",
"summary": "SUSE Bug 1233708 for CVE-2024-50279",
"url": "https://bugzilla.suse.com/1233708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-50279"
},
{
"cve": "CVE-2024-50282",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50282"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()\n\nAvoid a possible buffer overflow if size is larger than 4K.\n\n(cherry picked from commit f5d873f5825b40d886d03bd2aede91d4cf002434)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50282",
"url": "https://www.suse.com/security/cve/CVE-2024-50282"
},
{
"category": "external",
"summary": "SUSE Bug 1233471 for CVE-2024-50282",
"url": "https://bugzilla.suse.com/1233471"
},
{
"category": "external",
"summary": "SUSE Bug 1233707 for CVE-2024-50282",
"url": "https://bugzilla.suse.com/1233707"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-50282"
},
{
"cve": "CVE-2024-50287",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50287"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l2-tpg: prevent the risk of a division by zero\n\nAs reported by Coverity, the logic at tpg_precalculate_line()\nblindly rescales the buffer even when scaled_witdh is equal to\nzero. If this ever happens, this will cause a division by zero.\n\nInstead, add a WARN_ON_ONCE() to trigger such cases and return\nwithout doing any precalculation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50287",
"url": "https://www.suse.com/security/cve/CVE-2024-50287"
},
{
"category": "external",
"summary": "SUSE Bug 1233476 for CVE-2024-50287",
"url": "https://bugzilla.suse.com/1233476"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50287"
},
{
"cve": "CVE-2024-50289",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50289"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: av7110: fix a spectre vulnerability\n\nAs warned by smatch:\n\tdrivers/staging/media/av7110/av7110_ca.c:270 dvb_ca_ioctl() warn: potential spectre issue \u0027av7110-\u003eci_slot\u0027 [w] (local cap)\n\nThere is a spectre-related vulnerability at the code. Fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50289",
"url": "https://www.suse.com/security/cve/CVE-2024-50289"
},
{
"category": "external",
"summary": "SUSE Bug 1233478 for CVE-2024-50289",
"url": "https://bugzilla.suse.com/1233478"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50289"
},
{
"cve": "CVE-2024-50290",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50290"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: cx24116: prevent overflows on SNR calculus\n\nas reported by Coverity, if reading SNR registers fail, a negative\nnumber will be returned, causing an underflow when reading SNR\nregisters.\n\nPrevent that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50290",
"url": "https://www.suse.com/security/cve/CVE-2024-50290"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1233479 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1233479"
},
{
"category": "external",
"summary": "SUSE Bug 1233681 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1233681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-50290"
},
{
"cve": "CVE-2024-50292",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50292"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove\n\nIn case of error when requesting ctrl_chan DMA channel, ctrl_chan is not\nnull. So the release of the dma channel leads to the following issue:\n[ 4.879000] st,stm32-spdifrx 500d0000.audio-controller:\ndma_request_slave_channel error -19\n[ 4.888975] Unable to handle kernel NULL pointer dereference\nat virtual address 000000000000003d\n[...]\n[ 5.096577] Call trace:\n[ 5.099099] dma_release_channel+0x24/0x100\n[ 5.103235] stm32_spdifrx_remove+0x24/0x60 [snd_soc_stm32_spdifrx]\n[ 5.109494] stm32_spdifrx_probe+0x320/0x4c4 [snd_soc_stm32_spdifrx]\n\nTo avoid this issue, release channel only if the pointer is valid.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50292",
"url": "https://www.suse.com/security/cve/CVE-2024-50292"
},
{
"category": "external",
"summary": "SUSE Bug 1233481 for CVE-2024-50292",
"url": "https://bugzilla.suse.com/1233481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50292"
},
{
"cve": "CVE-2024-50295",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50295"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: arc: fix the device for dma_map_single/dma_unmap_single\n\nThe ndev-\u003edev and pdev-\u003edev aren\u0027t the same device, use ndev-\u003edev.parent\nwhich has dma_mask, ndev-\u003edev.parent is just pdev-\u003edev.\nOr it would cause the following issue:\n\n[ 39.933526] ------------[ cut here ]------------\n[ 39.938414] WARNING: CPU: 1 PID: 501 at kernel/dma/mapping.c:149 dma_map_page_attrs+0x90/0x1f8",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50295",
"url": "https://www.suse.com/security/cve/CVE-2024-50295"
},
{
"category": "external",
"summary": "SUSE Bug 1233484 for CVE-2024-50295",
"url": "https://bugzilla.suse.com/1233484"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50295"
},
{
"cve": "CVE-2024-50296",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50296"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix kernel crash when uninstalling driver\n\nWhen the driver is uninstalled and the VF is disabled concurrently, a\nkernel crash occurs. The reason is that the two actions call function\npci_disable_sriov(). The num_VFs is checked to determine whether to\nrelease the corresponding resources. During the second calling, num_VFs\nis not 0 and the resource release function is called. However, the\ncorresponding resource has been released during the first invoking.\nTherefore, the problem occurs:\n\n[15277.839633][T50670] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020\n...\n[15278.131557][T50670] Call trace:\n[15278.134686][T50670] klist_put+0x28/0x12c\n[15278.138682][T50670] klist_del+0x14/0x20\n[15278.142592][T50670] device_del+0xbc/0x3c0\n[15278.146676][T50670] pci_remove_bus_device+0x84/0x120\n[15278.151714][T50670] pci_stop_and_remove_bus_device+0x6c/0x80\n[15278.157447][T50670] pci_iov_remove_virtfn+0xb4/0x12c\n[15278.162485][T50670] sriov_disable+0x50/0x11c\n[15278.166829][T50670] pci_disable_sriov+0x24/0x30\n[15278.171433][T50670] hnae3_unregister_ae_algo_prepare+0x60/0x90 [hnae3]\n[15278.178039][T50670] hclge_exit+0x28/0xd0 [hclge]\n[15278.182730][T50670] __se_sys_delete_module.isra.0+0x164/0x230\n[15278.188550][T50670] __arm64_sys_delete_module+0x1c/0x30\n[15278.193848][T50670] invoke_syscall+0x50/0x11c\n[15278.198278][T50670] el0_svc_common.constprop.0+0x158/0x164\n[15278.203837][T50670] do_el0_svc+0x34/0xcc\n[15278.207834][T50670] el0_svc+0x20/0x30\n\nFor details, see the following figure.\n\n rmmod hclge disable VFs\n----------------------------------------------------\nhclge_exit() sriov_numvfs_store()\n ... device_lock()\n pci_disable_sriov() hns3_pci_sriov_configure()\n pci_disable_sriov()\n sriov_disable()\n sriov_disable() if !num_VFs :\n if !num_VFs : return;\n return; sriov_del_vfs()\n sriov_del_vfs() ...\n ... klist_put()\n klist_put() ...\n ... num_VFs = 0;\n num_VFs = 0; device_unlock();\n\nIn this patch, when driver is removing, we get the device_lock()\nto protect num_VFs, just like sriov_numvfs_store().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50296",
"url": "https://www.suse.com/security/cve/CVE-2024-50296"
},
{
"category": "external",
"summary": "SUSE Bug 1233485 for CVE-2024-50296",
"url": "https://bugzilla.suse.com/1233485"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50296"
},
{
"cve": "CVE-2024-50298",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50298"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: enetc: allocate vf_state during PF probes\n\nIn the previous implementation, vf_state is allocated memory only when VF\nis enabled. However, net_device_ops::ndo_set_vf_mac() may be called before\nVF is enabled to configure the MAC address of VF. If this is the case,\nenetc_pf_set_vf_mac() will access vf_state, resulting in access to a null\npointer. The simplified error log is as follows.\n\nroot@ls1028ardb:~# ip link set eno0 vf 1 mac 00:0c:e7:66:77:89\n[ 173.543315] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004\n[ 173.637254] pc : enetc_pf_set_vf_mac+0x3c/0x80 Message from sy\n[ 173.641973] lr : do_setlink+0x4a8/0xec8\n[ 173.732292] Call trace:\n[ 173.734740] enetc_pf_set_vf_mac+0x3c/0x80\n[ 173.738847] __rtnl_newlink+0x530/0x89c\n[ 173.742692] rtnl_newlink+0x50/0x7c\n[ 173.746189] rtnetlink_rcv_msg+0x128/0x390\n[ 173.750298] netlink_rcv_skb+0x60/0x130\n[ 173.754145] rtnetlink_rcv+0x18/0x24\n[ 173.757731] netlink_unicast+0x318/0x380\n[ 173.761665] netlink_sendmsg+0x17c/0x3c8",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50298",
"url": "https://www.suse.com/security/cve/CVE-2024-50298"
},
{
"category": "external",
"summary": "SUSE Bug 1233487 for CVE-2024-50298",
"url": "https://bugzilla.suse.com/1233487"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-50298"
},
{
"cve": "CVE-2024-50301",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50301"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsecurity/keys: fix slab-out-of-bounds in key_task_permission\n\nKASAN reports an out of bounds read:\nBUG: KASAN: slab-out-of-bounds in __kuid_val include/linux/uidgid.h:36\nBUG: KASAN: slab-out-of-bounds in uid_eq include/linux/uidgid.h:63 [inline]\nBUG: KASAN: slab-out-of-bounds in key_task_permission+0x394/0x410\nsecurity/keys/permission.c:54\nRead of size 4 at addr ffff88813c3ab618 by task stress-ng/4362\n\nCPU: 2 PID: 4362 Comm: stress-ng Not tainted 5.10.0-14930-gafbffd6c3ede #15\nCall Trace:\n __dump_stack lib/dump_stack.c:82 [inline]\n dump_stack+0x107/0x167 lib/dump_stack.c:123\n print_address_description.constprop.0+0x19/0x170 mm/kasan/report.c:400\n __kasan_report.cold+0x6c/0x84 mm/kasan/report.c:560\n kasan_report+0x3a/0x50 mm/kasan/report.c:585\n __kuid_val include/linux/uidgid.h:36 [inline]\n uid_eq include/linux/uidgid.h:63 [inline]\n key_task_permission+0x394/0x410 security/keys/permission.c:54\n search_nested_keyrings+0x90e/0xe90 security/keys/keyring.c:793\n\nThis issue was also reported by syzbot.\n\nIt can be reproduced by following these steps(more details [1]):\n1. Obtain more than 32 inputs that have similar hashes, which ends with the\n pattern \u00270xxxxxxxe6\u0027.\n2. Reboot and add the keys obtained in step 1.\n\nThe reproducer demonstrates how this issue happened:\n1. In the search_nested_keyrings function, when it iterates through the\n slots in a node(below tag ascend_to_node), if the slot pointer is meta\n and node-\u003eback_pointer != NULL(it means a root), it will proceed to\n descend_to_node. However, there is an exception. If node is the root,\n and one of the slots points to a shortcut, it will be treated as a\n keyring.\n2. Whether the ptr is keyring decided by keyring_ptr_is_keyring function.\n However, KEYRING_PTR_SUBTYPE is 0x2UL, the same as\n ASSOC_ARRAY_PTR_SUBTYPE_MASK.\n3. When 32 keys with the similar hashes are added to the tree, the ROOT\n has keys with hashes that are not similar (e.g. slot 0) and it splits\n NODE A without using a shortcut. When NODE A is filled with keys that\n all hashes are xxe6, the keys are similar, NODE A will split with a\n shortcut. Finally, it forms the tree as shown below, where slot 6 points\n to a shortcut.\n\n NODE A\n +------\u003e+---+\n ROOT | | 0 | xxe6\n +---+ | +---+\n xxxx | 0 | shortcut : : xxe6\n +---+ | +---+\n xxe6 : : | | | xxe6\n +---+ | +---+\n | 6 |---+ : : xxe6\n +---+ +---+\n xxe6 : : | f | xxe6\n +---+ +---+\n xxe6 | f |\n +---+\n\n4. As mentioned above, If a slot(slot 6) of the root points to a shortcut,\n it may be mistakenly transferred to a key*, leading to a read\n out-of-bounds read.\n\nTo fix this issue, one should jump to descend_to_node if the ptr is a\nshortcut, regardless of whether the node is root or not.\n\n[1] https://lore.kernel.org/linux-kernel/1cfa878e-8c7b-4570-8606-21daf5e13ce7@huaweicloud.com/\n\n[jarkko: tweaked the commit message a bit to have an appropriate closes\n tag.]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50301",
"url": "https://www.suse.com/security/cve/CVE-2024-50301"
},
{
"category": "external",
"summary": "SUSE Bug 1233490 for CVE-2024-50301",
"url": "https://bugzilla.suse.com/1233490"
},
{
"category": "external",
"summary": "SUSE Bug 1233680 for CVE-2024-50301",
"url": "https://bugzilla.suse.com/1233680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-50301"
},
{
"cve": "CVE-2024-50302",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50302"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: zero-initialize the report buffer\n\nSince the report buffer is used by all kinds of drivers in various ways, let\u0027s\nzero-initialize it during allocation to make sure that it can\u0027t be ever used\nto leak kernel memory via specially-crafted report.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50302",
"url": "https://www.suse.com/security/cve/CVE-2024-50302"
},
{
"category": "external",
"summary": "SUSE Bug 1233491 for CVE-2024-50302",
"url": "https://bugzilla.suse.com/1233491"
},
{
"category": "external",
"summary": "SUSE Bug 1233679 for CVE-2024-50302",
"url": "https://bugzilla.suse.com/1233679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-50302"
},
{
"cve": "CVE-2024-53042",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53042"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow()\n\nThere are code paths from which the function is called without holding\nthe RCU read lock, resulting in a suspicious RCU usage warning [1].\n\nFix by using l3mdev_master_upper_ifindex_by_index() which will acquire\nthe RCU read lock before calling\nl3mdev_master_upper_ifindex_by_index_rcu().\n\n[1]\nWARNING: suspicious RCU usage\n6.12.0-rc3-custom-gac8f72681cf2 #141 Not tainted\n-----------------------------\nnet/core/dev.c:876 RCU-list traversed in non-reader section!!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n1 lock held by ip/361:\n #0: ffffffff86fc7cb0 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x377/0xf60\n\nstack backtrace:\nCPU: 3 UID: 0 PID: 361 Comm: ip Not tainted 6.12.0-rc3-custom-gac8f72681cf2 #141\nHardware name: Bochs Bochs, BIOS Bochs 01/01/2011\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xba/0x110\n lockdep_rcu_suspicious.cold+0x4f/0xd6\n dev_get_by_index_rcu+0x1d3/0x210\n l3mdev_master_upper_ifindex_by_index_rcu+0x2b/0xf0\n ip_tunnel_bind_dev+0x72f/0xa00\n ip_tunnel_newlink+0x368/0x7a0\n ipgre_newlink+0x14c/0x170\n __rtnl_newlink+0x1173/0x19c0\n rtnl_newlink+0x6c/0xa0\n rtnetlink_rcv_msg+0x3cc/0xf60\n netlink_rcv_skb+0x171/0x450\n netlink_unicast+0x539/0x7f0\n netlink_sendmsg+0x8c1/0xd80\n ____sys_sendmsg+0x8f9/0xc20\n ___sys_sendmsg+0x197/0x1e0\n __sys_sendmsg+0x122/0x1f0\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53042",
"url": "https://www.suse.com/security/cve/CVE-2024-53042"
},
{
"category": "external",
"summary": "SUSE Bug 1233540 for CVE-2024-53042",
"url": "https://bugzilla.suse.com/1233540"
},
{
"category": "external",
"summary": "SUSE Bug 1233678 for CVE-2024-53042",
"url": "https://bugzilla.suse.com/1233678"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-53042"
},
{
"cve": "CVE-2024-53043",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53043"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmctp i2c: handle NULL header address\n\ndaddr can be NULL if there is no neighbour table entry present,\nin that case the tx packet should be dropped.\n\nsaddr will usually be set by MCTP core, but check for NULL in case a\npacket is transmitted by a different protocol.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53043",
"url": "https://www.suse.com/security/cve/CVE-2024-53043"
},
{
"category": "external",
"summary": "SUSE Bug 1233523 for CVE-2024-53043",
"url": "https://bugzilla.suse.com/1233523"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-53043"
},
{
"cve": "CVE-2024-53045",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53045"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: dapm: fix bounds checker error in dapm_widget_list_create\n\nThe widgets array in the snd_soc_dapm_widget_list has a __counted_by\nattribute attached to it, which points to the num_widgets variable. This\nattribute is used in bounds checking, and if it is not set before the\narray is filled, then the bounds sanitizer will issue a warning or a\nkernel panic if CONFIG_UBSAN_TRAP is set.\n\nThis patch sets the size of the widgets list calculated with\nlist_for_each as the initial value for num_widgets as it is used for\nallocating memory for the array. It is updated with the actual number of\nadded elements after the array is filled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53045",
"url": "https://www.suse.com/security/cve/CVE-2024-53045"
},
{
"category": "external",
"summary": "SUSE Bug 1233524 for CVE-2024-53045",
"url": "https://bugzilla.suse.com/1233524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-53045"
},
{
"cve": "CVE-2024-53048",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53048"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix crash on probe for DPLL enabled E810 LOM\n\nThe E810 Lan On Motherboard (LOM) design is vendor specific. Intel\nprovides the reference design, but it is up to vendor on the final\nproduct design. For some cases, like Linux DPLL support, the static\nvalues defined in the driver does not reflect the actual LOM design.\nCurrent implementation of dpll pins is causing the crash on probe\nof the ice driver for such DPLL enabled E810 LOM designs:\n\nWARNING: (...) at drivers/dpll/dpll_core.c:495 dpll_pin_get+0x2c4/0x330\n...\nCall Trace:\n \u003cTASK\u003e\n ? __warn+0x83/0x130\n ? dpll_pin_get+0x2c4/0x330\n ? report_bug+0x1b7/0x1d0\n ? handle_bug+0x42/0x70\n ? exc_invalid_op+0x18/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? dpll_pin_get+0x117/0x330\n ? dpll_pin_get+0x2c4/0x330\n ? dpll_pin_get+0x117/0x330\n ice_dpll_get_pins.isra.0+0x52/0xe0 [ice]\n...\n\nThe number of dpll pins enabled by LOM vendor is greater than expected\nand defined in the driver for Intel designed NICs, which causes the crash.\n\nPrevent the crash and allow generic pin initialization within Linux DPLL\nsubsystem for DPLL enabled E810 LOM designs.\n\nNewly designed solution for described issue will be based on \"per HW\ndesign\" pin initialization. It requires pin information dynamically\nacquired from the firmware and is already in progress, planned for\nnext-tree only.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53048",
"url": "https://www.suse.com/security/cve/CVE-2024-53048"
},
{
"category": "external",
"summary": "SUSE Bug 1233721 for CVE-2024-53048",
"url": "https://bugzilla.suse.com/1233721"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-53048"
},
{
"cve": "CVE-2024-53051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53051"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/hdcp: Add encoder check in intel_hdcp_get_capability\n\nSometimes during hotplug scenario or suspend/resume scenario encoder is\nnot always initialized when intel_hdcp_get_capability add\na check to avoid kernel null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53051",
"url": "https://www.suse.com/security/cve/CVE-2024-53051"
},
{
"category": "external",
"summary": "SUSE Bug 1233547 for CVE-2024-53051",
"url": "https://bugzilla.suse.com/1233547"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-53051"
},
{
"cve": "CVE-2024-53052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53052"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/rw: fix missing NOWAIT check for O_DIRECT start write\n\nWhen io_uring starts a write, it\u0027ll call kiocb_start_write() to bump the\nsuper block rwsem, preventing any freezes from happening while that\nwrite is in-flight. The freeze side will grab that rwsem for writing,\nexcluding any new writers from happening and waiting for existing writes\nto finish. But io_uring unconditionally uses kiocb_start_write(), which\nwill block if someone is currently attempting to freeze the mount point.\nThis causes a deadlock where freeze is waiting for previous writes to\ncomplete, but the previous writes cannot complete, as the task that is\nsupposed to complete them is blocked waiting on starting a new write.\nThis results in the following stuck trace showing that dependency with\nthe write blocked starting a new write:\n\ntask:fio state:D stack:0 pid:886 tgid:886 ppid:876\nCall trace:\n __switch_to+0x1d8/0x348\n __schedule+0x8e8/0x2248\n schedule+0x110/0x3f0\n percpu_rwsem_wait+0x1e8/0x3f8\n __percpu_down_read+0xe8/0x500\n io_write+0xbb8/0xff8\n io_issue_sqe+0x10c/0x1020\n io_submit_sqes+0x614/0x2110\n __arm64_sys_io_uring_enter+0x524/0x1038\n invoke_syscall+0x74/0x268\n el0_svc_common.constprop.0+0x160/0x238\n do_el0_svc+0x44/0x60\n el0_svc+0x44/0xb0\n el0t_64_sync_handler+0x118/0x128\n el0t_64_sync+0x168/0x170\nINFO: task fsfreeze:7364 blocked for more than 15 seconds.\n Not tainted 6.12.0-rc5-00063-g76aaf945701c #7963\n\nwith the attempting freezer stuck trying to grab the rwsem:\n\ntask:fsfreeze state:D stack:0 pid:7364 tgid:7364 ppid:995\nCall trace:\n __switch_to+0x1d8/0x348\n __schedule+0x8e8/0x2248\n schedule+0x110/0x3f0\n percpu_down_write+0x2b0/0x680\n freeze_super+0x248/0x8a8\n do_vfs_ioctl+0x149c/0x1b18\n __arm64_sys_ioctl+0xd0/0x1a0\n invoke_syscall+0x74/0x268\n el0_svc_common.constprop.0+0x160/0x238\n do_el0_svc+0x44/0x60\n el0_svc+0x44/0xb0\n el0t_64_sync_handler+0x118/0x128\n el0t_64_sync+0x168/0x170\n\nFix this by having the io_uring side honor IOCB_NOWAIT, and only attempt a\nblocking grab of the super block rwsem if it isn\u0027t set. For normal issue\nwhere IOCB_NOWAIT would always be set, this returns -EAGAIN which will\nhave io_uring core issue a blocking attempt of the write. That will in\nturn also get completions run, ensuring forward progress.\n\nSince freezing requires CAP_SYS_ADMIN in the first place, this isn\u0027t\nsomething that can be triggered by a regular user.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53052",
"url": "https://www.suse.com/security/cve/CVE-2024-53052"
},
{
"category": "external",
"summary": "SUSE Bug 1233548 for CVE-2024-53052",
"url": "https://bugzilla.suse.com/1233548"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-53052"
},
{
"cve": "CVE-2024-53055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53055"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: fix 6 GHz scan construction\n\nIf more than 255 colocated APs exist for the set of all\nAPs found during 2.4/5 GHz scanning, then the 6 GHz scan\nconstruction will loop forever since the loop variable\nhas type u8, which can never reach the number found when\nthat\u0027s bigger than 255, and is stored in a u32 variable.\nAlso move it into the loops to have a smaller scope.\n\nUsing a u32 there is fine, we limit the number of APs in\nthe scan list and each has a limit on the number of RNR\nentries due to the frame size. With a limit of 1000 scan\nresults, a frame size upper bound of 4096 (really it\u0027s\nmore like ~2300) and a TBTT entry size of at least 11,\nwe get an upper bound for the number of ~372k, well in\nthe bounds of a u32.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53055",
"url": "https://www.suse.com/security/cve/CVE-2024-53055"
},
{
"category": "external",
"summary": "SUSE Bug 1233550 for CVE-2024-53055",
"url": "https://bugzilla.suse.com/1233550"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-53055"
},
{
"cve": "CVE-2024-53056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy()\n\nIn mtk_crtc_create(), if the call to mbox_request_channel() fails then we\nset the \"mtk_crtc-\u003ecmdq_client.chan\" pointer to NULL. In that situation,\nwe do not call cmdq_pkt_create().\n\nDuring the cleanup, we need to check if the \"mtk_crtc-\u003ecmdq_client.chan\"\nis NULL first before calling cmdq_pkt_destroy(). Calling\ncmdq_pkt_destroy() is unnecessary if we didn\u0027t call cmdq_pkt_create() and\nit will result in a NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53056",
"url": "https://www.suse.com/security/cve/CVE-2024-53056"
},
{
"category": "external",
"summary": "SUSE Bug 1233568 for CVE-2024-53056",
"url": "https://bugzilla.suse.com/1233568"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-53056"
},
{
"cve": "CVE-2024-53058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data\n\nIn case the non-paged data of a SKB carries protocol header and protocol\npayload to be transmitted on a certain platform that the DMA AXI address\nwidth is configured to 40-bit/48-bit, or the size of the non-paged data\nis bigger than TSO_MAX_BUFF_SIZE on a certain platform that the DMA AXI\naddress width is configured to 32-bit, then this SKB requires at least\ntwo DMA transmit descriptors to serve it.\n\nFor example, three descriptors are allocated to split one DMA buffer\nmapped from one piece of non-paged data:\n dma_desc[N + 0],\n dma_desc[N + 1],\n dma_desc[N + 2].\nThen three elements of tx_q-\u003etx_skbuff_dma[] will be allocated to hold\nextra information to be reused in stmmac_tx_clean():\n tx_q-\u003etx_skbuff_dma[N + 0],\n tx_q-\u003etx_skbuff_dma[N + 1],\n tx_q-\u003etx_skbuff_dma[N + 2].\nNow we focus on tx_q-\u003etx_skbuff_dma[entry].buf, which is the DMA buffer\naddress returned by DMA mapping call. stmmac_tx_clean() will try to\nunmap the DMA buffer _ONLY_IF_ tx_q-\u003etx_skbuff_dma[entry].buf\nis a valid buffer address.\n\nThe expected behavior that saves DMA buffer address of this non-paged\ndata to tx_q-\u003etx_skbuff_dma[entry].buf is:\n tx_q-\u003etx_skbuff_dma[N + 0].buf = NULL;\n tx_q-\u003etx_skbuff_dma[N + 1].buf = NULL;\n tx_q-\u003etx_skbuff_dma[N + 2].buf = dma_map_single();\nUnfortunately, the current code misbehaves like this:\n tx_q-\u003etx_skbuff_dma[N + 0].buf = dma_map_single();\n tx_q-\u003etx_skbuff_dma[N + 1].buf = NULL;\n tx_q-\u003etx_skbuff_dma[N + 2].buf = NULL;\n\nOn the stmmac_tx_clean() side, when dma_desc[N + 0] is closed by the\nDMA engine, tx_q-\u003etx_skbuff_dma[N + 0].buf is a valid buffer address\nobviously, then the DMA buffer will be unmapped immediately.\nThere may be a rare case that the DMA engine does not finish the\npending dma_desc[N + 1], dma_desc[N + 2] yet. Now things will go\nhorribly wrong, DMA is going to access a unmapped/unreferenced memory\nregion, corrupted data will be transmited or iommu fault will be\ntriggered :(\n\nIn contrast, the for-loop that maps SKB fragments behaves perfectly\nas expected, and that is how the driver should do for both non-paged\ndata and paged frags actually.\n\nThis patch corrects DMA map/unmap sequences by fixing the array index\nfor tx_q-\u003etx_skbuff_dma[entry].buf when assigning DMA buffer address.\n\nTested and verified on DWXGMAC CORE 3.20a",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53058",
"url": "https://www.suse.com/security/cve/CVE-2024-53058"
},
{
"category": "external",
"summary": "SUSE Bug 1233552 for CVE-2024-53058",
"url": "https://bugzilla.suse.com/1233552"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-53058"
},
{
"cve": "CVE-2024-53059",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53059"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd()\n\n1. The size of the response packet is not validated.\n2. The response buffer is not freed.\n\nResolve these issues by switching to iwl_mvm_send_cmd_status(),\nwhich handles both size validation and frees the buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53059",
"url": "https://www.suse.com/security/cve/CVE-2024-53059"
},
{
"category": "external",
"summary": "SUSE Bug 1233553 for CVE-2024-53059",
"url": "https://bugzilla.suse.com/1233553"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-53059"
},
{
"cve": "CVE-2024-53060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53060"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: prevent NULL pointer dereference if ATIF is not supported\n\nacpi_evaluate_object() may return AE_NOT_FOUND (failure), which\nwould result in dereferencing buffer.pointer (obj) while being NULL.\n\nAlthough this case may be unrealistic for the current code, it is\nstill better to protect against possible bugs.\n\nBail out also when status is AE_NOT_FOUND.\n\nThis fixes 1 FORWARD_NULL issue reported by Coverity\nReport: CID 1600951: Null pointer dereferences (FORWARD_NULL)\n\n(cherry picked from commit 91c9e221fe2553edf2db71627d8453f083de87a1)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53060",
"url": "https://www.suse.com/security/cve/CVE-2024-53060"
},
{
"category": "external",
"summary": "SUSE Bug 1233554 for CVE-2024-53060",
"url": "https://bugzilla.suse.com/1233554"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-53060"
},
{
"cve": "CVE-2024-53061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53061"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: s5p-jpeg: prevent buffer overflows\n\nThe current logic allows word to be less than 2. If this happens,\nthere will be buffer overflows, as reported by smatch. Add extra\nchecks to prevent it.\n\nWhile here, remove an unused word = 0 assignment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53061",
"url": "https://www.suse.com/security/cve/CVE-2024-53061"
},
{
"category": "external",
"summary": "SUSE Bug 1233555 for CVE-2024-53061",
"url": "https://bugzilla.suse.com/1233555"
},
{
"category": "external",
"summary": "SUSE Bug 1233621 for CVE-2024-53061",
"url": "https://bugzilla.suse.com/1233621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-53061"
},
{
"cve": "CVE-2024-53063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53063"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvbdev: prevent the risk of out of memory access\n\nThe dvbdev contains a static variable used to store dvb minors.\n\nThe behavior of it depends if CONFIG_DVB_DYNAMIC_MINORS is set\nor not. When not set, dvb_register_device() won\u0027t check for\nboundaries, as it will rely that a previous call to\ndvb_register_adapter() would already be enforcing it.\n\nOn a similar way, dvb_device_open() uses the assumption\nthat the register functions already did the needed checks.\n\nThis can be fragile if some device ends using different\ncalls. This also generate warnings on static check analysers\nlike Coverity.\n\nSo, add explicit guards to prevent potential risk of OOM issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53063",
"url": "https://www.suse.com/security/cve/CVE-2024-53063"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1233557 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1233557"
},
{
"category": "external",
"summary": "SUSE Bug 1233619 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1233619"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-53063"
},
{
"cve": "CVE-2024-53066",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53066"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: Fix KMSAN warning in decode_getfattr_attrs()\n\nFix the following KMSAN warning:\n\nCPU: 1 UID: 0 PID: 7651 Comm: cp Tainted: G B\nTainted: [B]=BAD_PAGE\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009)\n=====================================================\n=====================================================\nBUG: KMSAN: uninit-value in decode_getfattr_attrs+0x2d6d/0x2f90\n decode_getfattr_attrs+0x2d6d/0x2f90\n decode_getfattr_generic+0x806/0xb00\n nfs4_xdr_dec_getattr+0x1de/0x240\n rpcauth_unwrap_resp_decode+0xab/0x100\n rpcauth_unwrap_resp+0x95/0xc0\n call_decode+0x4ff/0xb50\n __rpc_execute+0x57b/0x19d0\n rpc_execute+0x368/0x5e0\n rpc_run_task+0xcfe/0xee0\n nfs4_proc_getattr+0x5b5/0x990\n __nfs_revalidate_inode+0x477/0xd00\n nfs_access_get_cached+0x1021/0x1cc0\n nfs_do_access+0x9f/0xae0\n nfs_permission+0x1e4/0x8c0\n inode_permission+0x356/0x6c0\n link_path_walk+0x958/0x1330\n path_lookupat+0xce/0x6b0\n filename_lookup+0x23e/0x770\n vfs_statx+0xe7/0x970\n vfs_fstatat+0x1f2/0x2c0\n __se_sys_newfstatat+0x67/0x880\n __x64_sys_newfstatat+0xbd/0x120\n x64_sys_call+0x1826/0x3cf0\n do_syscall_64+0xd0/0x1b0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThe KMSAN warning is triggered in decode_getfattr_attrs(), when calling\ndecode_attr_mdsthreshold(). It appears that fattr-\u003emdsthreshold is not\ninitialized.\n\nFix the issue by initializing fattr-\u003emdsthreshold to NULL in\nnfs_fattr_init().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53066",
"url": "https://www.suse.com/security/cve/CVE-2024-53066"
},
{
"category": "external",
"summary": "SUSE Bug 1233560 for CVE-2024-53066",
"url": "https://bugzilla.suse.com/1233560"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-53066"
},
{
"cve": "CVE-2024-53068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53068"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier()\n\nThe scmi_dev-\u003ename is released prematurely in __scmi_device_destroy(),\nwhich causes slab-use-after-free when accessing scmi_dev-\u003ename in\nscmi_bus_notifier(). So move the release of scmi_dev-\u003ename to\nscmi_device_release() to avoid slab-use-after-free.\n\n | BUG: KASAN: slab-use-after-free in strncmp+0xe4/0xec\n | Read of size 1 at addr ffffff80a482bcc0 by task swapper/0/1\n |\n | CPU: 1 PID: 1 Comm: swapper/0 Not tainted 6.6.38-debug #1\n | Hardware name: Qualcomm Technologies, Inc. SA8775P Ride (DT)\n | Call trace:\n | dump_backtrace+0x94/0x114\n | show_stack+0x18/0x24\n | dump_stack_lvl+0x48/0x60\n | print_report+0xf4/0x5b0\n | kasan_report+0xa4/0xec\n | __asan_report_load1_noabort+0x20/0x2c\n | strncmp+0xe4/0xec\n | scmi_bus_notifier+0x5c/0x54c\n | notifier_call_chain+0xb4/0x31c\n | blocking_notifier_call_chain+0x68/0x9c\n | bus_notify+0x54/0x78\n | device_del+0x1bc/0x840\n | device_unregister+0x20/0xb4\n | __scmi_device_destroy+0xac/0x280\n | scmi_device_destroy+0x94/0xd0\n | scmi_chan_setup+0x524/0x750\n | scmi_probe+0x7fc/0x1508\n | platform_probe+0xc4/0x19c\n | really_probe+0x32c/0x99c\n | __driver_probe_device+0x15c/0x3c4\n | driver_probe_device+0x5c/0x170\n | __driver_attach+0x1c8/0x440\n | bus_for_each_dev+0xf4/0x178\n | driver_attach+0x3c/0x58\n | bus_add_driver+0x234/0x4d4\n | driver_register+0xf4/0x3c0\n | __platform_driver_register+0x60/0x88\n | scmi_driver_init+0xb0/0x104\n | do_one_initcall+0xb4/0x664\n | kernel_init_freeable+0x3c8/0x894\n | kernel_init+0x24/0x1e8\n | ret_from_fork+0x10/0x20\n |\n | Allocated by task 1:\n | kasan_save_stack+0x2c/0x54\n | kasan_set_track+0x2c/0x40\n | kasan_save_alloc_info+0x24/0x34\n | __kasan_kmalloc+0xa0/0xb8\n | __kmalloc_node_track_caller+0x6c/0x104\n | kstrdup+0x48/0x84\n | kstrdup_const+0x34/0x40\n | __scmi_device_create.part.0+0x8c/0x408\n | scmi_device_create+0x104/0x370\n | scmi_chan_setup+0x2a0/0x750\n | scmi_probe+0x7fc/0x1508\n | platform_probe+0xc4/0x19c\n | really_probe+0x32c/0x99c\n | __driver_probe_device+0x15c/0x3c4\n | driver_probe_device+0x5c/0x170\n | __driver_attach+0x1c8/0x440\n | bus_for_each_dev+0xf4/0x178\n | driver_attach+0x3c/0x58\n | bus_add_driver+0x234/0x4d4\n | driver_register+0xf4/0x3c0\n | __platform_driver_register+0x60/0x88\n | scmi_driver_init+0xb0/0x104\n | do_one_initcall+0xb4/0x664\n | kernel_init_freeable+0x3c8/0x894\n | kernel_init+0x24/0x1e8\n | ret_from_fork+0x10/0x20\n |\n | Freed by task 1:\n | kasan_save_stack+0x2c/0x54\n | kasan_set_track+0x2c/0x40\n | kasan_save_free_info+0x38/0x5c\n | __kasan_slab_free+0xe8/0x164\n | __kmem_cache_free+0x11c/0x230\n | kfree+0x70/0x130\n | kfree_const+0x20/0x40\n | __scmi_device_destroy+0x70/0x280\n | scmi_device_destroy+0x94/0xd0\n | scmi_chan_setup+0x524/0x750\n | scmi_probe+0x7fc/0x1508\n | platform_probe+0xc4/0x19c\n | really_probe+0x32c/0x99c\n | __driver_probe_device+0x15c/0x3c4\n | driver_probe_device+0x5c/0x170\n | __driver_attach+0x1c8/0x440\n | bus_for_each_dev+0xf4/0x178\n | driver_attach+0x3c/0x58\n | bus_add_driver+0x234/0x4d4\n | driver_register+0xf4/0x3c0\n | __platform_driver_register+0x60/0x88\n | scmi_driver_init+0xb0/0x104\n | do_one_initcall+0xb4/0x664\n | kernel_init_freeable+0x3c8/0x894\n | kernel_init+0x24/0x1e8\n | ret_from_fork+0x10/0x20",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53068",
"url": "https://www.suse.com/security/cve/CVE-2024-53068"
},
{
"category": "external",
"summary": "SUSE Bug 1233561 for CVE-2024-53068",
"url": "https://bugzilla.suse.com/1233561"
},
{
"category": "external",
"summary": "SUSE Bug 1233618 for CVE-2024-53068",
"url": "https://bugzilla.suse.com/1233618"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-53068"
},
{
"cve": "CVE-2024-53072",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53072"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86/amd/pmc: Detect when STB is not available\n\nLoading the amd_pmc module as:\n\n amd_pmc enable_stb=1\n\n...can result in the following messages in the kernel ring buffer:\n\n amd_pmc AMDI0009:00: SMU cmd failed. err: 0xff\n ioremap on RAM at 0x0000000000000000 - 0x0000000000ffffff\n WARNING: CPU: 10 PID: 2151 at arch/x86/mm/ioremap.c:217 __ioremap_caller+0x2cd/0x340\n\nFurther debugging reveals that this occurs when the requests for\nS2D_PHYS_ADDR_LOW and S2D_PHYS_ADDR_HIGH return a value of 0,\nindicating that the STB is inaccessible. To prevent the ioremap\nwarning and provide clarity to the user, handle the invalid address\nand display an error message.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53072",
"url": "https://www.suse.com/security/cve/CVE-2024-53072"
},
{
"category": "external",
"summary": "SUSE Bug 1233564 for CVE-2024-53072",
"url": "https://bugzilla.suse.com/1233564"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-53072"
},
{
"cve": "CVE-2024-53074",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53074"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don\u0027t leak a link on AP removal\n\nRelease the link mapping resource in AP removal. This impacted devices\nthat do not support the MLD API (9260 and down).\nOn those devices, we couldn\u0027t start the AP again after the AP has been\nalready started and stopped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53074",
"url": "https://www.suse.com/security/cve/CVE-2024-53074"
},
{
"category": "external",
"summary": "SUSE Bug 1233566 for CVE-2024-53074",
"url": "https://bugzilla.suse.com/1233566"
},
{
"category": "external",
"summary": "SUSE Bug 1235086 for CVE-2024-53074",
"url": "https://bugzilla.suse.com/1235086"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-53074"
},
{
"cve": "CVE-2024-53076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53076"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: gts-helper: Fix memory leaks for the error path of iio_gts_build_avail_scale_table()\n\nIf per_time_scales[i] or per_time_gains[i] kcalloc fails in the for loop\nof iio_gts_build_avail_scale_table(), the err_free_out will fail to call\nkfree() each time when i is reduced to 0, so all the per_time_scales[0]\nand per_time_gains[0] will not be freed, which will cause memory leaks.\n\nFix it by checking if i \u003e= 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53076",
"url": "https://www.suse.com/security/cve/CVE-2024-53076"
},
{
"category": "external",
"summary": "SUSE Bug 1233567 for CVE-2024-53076",
"url": "https://bugzilla.suse.com/1233567"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-53076"
},
{
"cve": "CVE-2024-53079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53079"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/thp: fix deferred split unqueue naming and locking\n\nRecent changes are putting more pressure on THP deferred split queues:\nunder load revealing long-standing races, causing list_del corruptions,\n\"Bad page state\"s and worse (I keep BUGs in both of those, so usually\ndon\u0027t get to see how badly they end up without). The relevant recent\nchanges being 6.8\u0027s mTHP, 6.10\u0027s mTHP swapout, and 6.12\u0027s mTHP swapin,\nimproved swap allocation, and underused THP splitting.\n\nBefore fixing locking: rename misleading folio_undo_large_rmappable(),\nwhich does not undo large_rmappable, to folio_unqueue_deferred_split(),\nwhich is what it does. But that and its out-of-line __callee are mm\ninternals of very limited usability: add comment and WARN_ON_ONCEs to\ncheck usage; and return a bool to say if a deferred split was unqueued,\nwhich can then be used in WARN_ON_ONCEs around safety checks (sparing\ncallers the arcane conditionals in __folio_unqueue_deferred_split()).\n\nJust omit the folio_unqueue_deferred_split() from free_unref_folios(), all\nof whose callers now call it beforehand (and if any forget then bad_page()\nwill tell) - except for its caller put_pages_list(), which itself no\nlonger has any callers (and will be deleted separately).\n\nSwapout: mem_cgroup_swapout() has been resetting folio-\u003ememcg_data 0\nwithout checking and unqueueing a THP folio from deferred split list;\nwhich is unfortunate, since the split_queue_lock depends on the memcg\n(when memcg is enabled); so swapout has been unqueueing such THPs later,\nwhen freeing the folio, using the pgdat\u0027s lock instead: potentially\ncorrupting the memcg\u0027s list. __remove_mapping() has frozen refcount to 0\nhere, so no problem with calling folio_unqueue_deferred_split() before\nresetting memcg_data.\n\nThat goes back to 5.4 commit 87eaceb3faa5 (\"mm: thp: make deferred split\nshrinker memcg aware\"): which included a check on swapcache before adding\nto deferred queue, but no check on deferred queue before adding THP to\nswapcache. That worked fine with the usual sequence of events in reclaim\n(though there were a couple of rare ways in which a THP on deferred queue\ncould have been swapped out), but 6.12 commit dafff3f4c850 (\"mm: split\nunderused THPs\") avoids splitting underused THPs in reclaim, which makes\nswapcache THPs on deferred queue commonplace.\n\nKeep the check on swapcache before adding to deferred queue? Yes: it is\nno longer essential, but preserves the existing behaviour, and is likely\nto be a worthwhile optimization (vmstat showed much more traffic on the\nqueue under swapping load if the check was removed); update its comment.\n\nMemcg-v1 move (deprecated): mem_cgroup_move_account() has been changing\nfolio-\u003ememcg_data without checking and unqueueing a THP folio from the\ndeferred list, sometimes corrupting \"from\" memcg\u0027s list, like swapout. \nRefcount is non-zero here, so folio_unqueue_deferred_split() can only be\nused in a WARN_ON_ONCE to validate the fix, which must be done earlier:\nmem_cgroup_move_charge_pte_range() first try to split the THP (splitting\nof course unqueues), or skip it if that fails. Not ideal, but moving\ncharge has been requested, and khugepaged should repair the THP later:\nnobody wants new custom unqueueing code just for this deprecated case.\n\nThe 87eaceb3faa5 commit did have the code to move from one deferred list\nto another (but was not conscious of its unsafety while refcount non-0);\nbut that was removed by 5.6 commit fac0516b5534 (\"mm: thp: don\u0027t need care\ndeferred split queue in memcg charge move path\"), which argued that the\nexistence of a PMD mapping guarantees that the THP cannot be on a deferred\nlist. As above, false in rare cases, and now commonly false.\n\nBackport to 6.11 should be straightforward. Earlier backports must take\ncare that other _deferred_list fixes and dependencies are included. There\nis not a strong case for backports, but they can fix cornercases.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53079",
"url": "https://www.suse.com/security/cve/CVE-2024-53079"
},
{
"category": "external",
"summary": "SUSE Bug 1233570 for CVE-2024-53079",
"url": "https://bugzilla.suse.com/1233570"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "low"
}
],
"title": "CVE-2024-53079"
},
{
"cve": "CVE-2024-53081",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53081"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: ar0521: don\u0027t overflow when checking PLL values\n\nThe PLL checks are comparing 64 bit integers with 32 bit\nones, as reported by Coverity. Depending on the values of\nthe variables, this may underflow.\n\nFix it ensuring that both sides of the expression are u64.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53081",
"url": "https://www.suse.com/security/cve/CVE-2024-53081"
},
{
"category": "external",
"summary": "SUSE Bug 1233572 for CVE-2024-53081",
"url": "https://bugzilla.suse.com/1233572"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-53081"
},
{
"cve": "CVE-2024-53082",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53082"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_net: Add hash_key_length check\n\nAdd hash_key_length check in virtnet_probe() to avoid possible out of\nbound errors when setting/reading the hash key.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53082",
"url": "https://www.suse.com/security/cve/CVE-2024-53082"
},
{
"category": "external",
"summary": "SUSE Bug 1233573 for CVE-2024-53082",
"url": "https://bugzilla.suse.com/1233573"
},
{
"category": "external",
"summary": "SUSE Bug 1233677 for CVE-2024-53082",
"url": "https://bugzilla.suse.com/1233677"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-53082"
},
{
"cve": "CVE-2024-53085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: Lock TPM chip in tpm_pm_suspend() first\n\nSetting TPM_CHIP_FLAG_SUSPENDED in the end of tpm_pm_suspend() can be racy\naccording, as this leaves window for tpm_hwrng_read() to be called while\nthe operation is in progress. The recent bug report gives also evidence of\nthis behaviour.\n\nAadress this by locking the TPM chip before checking any chip-\u003eflags both\nin tpm_pm_suspend() and tpm_hwrng_read(). Move TPM_CHIP_FLAG_SUSPENDED\ncheck inside tpm_get_random() so that it will be always checked only when\nthe lock is reserved.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53085",
"url": "https://www.suse.com/security/cve/CVE-2024-53085"
},
{
"category": "external",
"summary": "SUSE Bug 1233577 for CVE-2024-53085",
"url": "https://bugzilla.suse.com/1233577"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-53085"
},
{
"cve": "CVE-2024-53088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53088"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix race condition by adding filter\u0027s intermediate sync state\n\nFix a race condition in the i40e driver that leads to MAC/VLAN filters\nbecoming corrupted and leaking. Address the issue that occurs under\nheavy load when multiple threads are concurrently modifying MAC/VLAN\nfilters by setting mac and port VLAN.\n\n1. Thread T0 allocates a filter in i40e_add_filter() within\n i40e_ndo_set_vf_port_vlan().\n2. Thread T1 concurrently frees the filter in __i40e_del_filter() within\n i40e_ndo_set_vf_mac().\n3. Subsequently, i40e_service_task() calls i40e_sync_vsi_filters(), which\n refers to the already freed filter memory, causing corruption.\n\nReproduction steps:\n1. Spawn multiple VFs.\n2. Apply a concurrent heavy load by running parallel operations to change\n MAC addresses on the VFs and change port VLANs on the host.\n3. Observe errors in dmesg:\n\"Error I40E_AQ_RC_ENOSPC adding RX filters on VF XX,\n\tplease set promiscuous on manually for VF XX\".\n\nExact code for stable reproduction Intel can\u0027t open-source now.\n\nThe fix involves implementing a new intermediate filter state,\nI40E_FILTER_NEW_SYNC, for the time when a filter is on a tmp_add_list.\nThese filters cannot be deleted from the hash list directly but\nmust be removed using the full process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53088",
"url": "https://www.suse.com/security/cve/CVE-2024-53088"
},
{
"category": "external",
"summary": "SUSE Bug 1233580 for CVE-2024-53088",
"url": "https://bugzilla.suse.com/1233580"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-53088"
},
{
"cve": "CVE-2024-53093",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53093"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-multipath: defer partition scanning\n\nWe need to suppress the partition scan from occuring within the\ncontroller\u0027s scan_work context. If a path error occurs here, the IO will\nwait until a path becomes available or all paths are torn down, but that\naction also occurs within scan_work, so it would deadlock. Defer the\npartion scan to a different context that does not block scan_work.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53093",
"url": "https://www.suse.com/security/cve/CVE-2024-53093"
},
{
"category": "external",
"summary": "SUSE Bug 1233640 for CVE-2024-53093",
"url": "https://bugzilla.suse.com/1233640"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-53093"
},
{
"cve": "CVE-2024-53094",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53094"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/siw: Add sendpage_ok() check to disable MSG_SPLICE_PAGES\n\nWhile running ISER over SIW, the initiator machine encounters a warning\nfrom skb_splice_from_iter() indicating that a slab page is being used in\nsend_page. To address this, it is better to add a sendpage_ok() check\nwithin the driver itself, and if it returns 0, then MSG_SPLICE_PAGES flag\nshould be disabled before entering the network stack.\n\nA similar issue has been discussed for NVMe in this thread:\nhttps://lore.kernel.org/all/20240530142417.146696-1-ofir.gal@volumez.com/\n\n WARNING: CPU: 0 PID: 5342 at net/core/skbuff.c:7140 skb_splice_from_iter+0x173/0x320\n Call Trace:\n tcp_sendmsg_locked+0x368/0xe40\n siw_tx_hdt+0x695/0xa40 [siw]\n siw_qp_sq_process+0x102/0xb00 [siw]\n siw_sq_resume+0x39/0x110 [siw]\n siw_run_sq+0x74/0x160 [siw]\n kthread+0xd2/0x100\n ret_from_fork+0x34/0x40\n ret_from_fork_asm+0x1a/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53094",
"url": "https://www.suse.com/security/cve/CVE-2024-53094"
},
{
"category": "external",
"summary": "SUSE Bug 1233641 for CVE-2024-53094",
"url": "https://bugzilla.suse.com/1233641"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-53094"
},
{
"cve": "CVE-2024-53095",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53095"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: Fix use-after-free of network namespace.\n\nRecently, we got a customer report that CIFS triggers oops while\nreconnecting to a server. [0]\n\nThe workload runs on Kubernetes, and some pods mount CIFS servers\nin non-root network namespaces. The problem rarely happened, but\nit was always while the pod was dying.\n\nThe root cause is wrong reference counting for network namespace.\n\nCIFS uses kernel sockets, which do not hold refcnt of the netns that\nthe socket belongs to. That means CIFS must ensure the socket is\nalways freed before its netns; otherwise, use-after-free happens.\n\nThe repro steps are roughly:\n\n 1. mount CIFS in a non-root netns\n 2. drop packets from the netns\n 3. destroy the netns\n 4. unmount CIFS\n\nWe can reproduce the issue quickly with the script [1] below and see\nthe splat [2] if CONFIG_NET_NS_REFCNT_TRACKER is enabled.\n\nWhen the socket is TCP, it is hard to guarantee the netns lifetime\nwithout holding refcnt due to async timers.\n\nLet\u0027s hold netns refcnt for each socket as done for SMC in commit\n9744d2bf1976 (\"smc: Fix use-after-free in tcp_write_timer_handler().\").\n\nNote that we need to move put_net() from cifs_put_tcp_session() to\nclean_demultiplex_info(); otherwise, __sock_create() still could touch a\nfreed netns while cifsd tries to reconnect from cifs_demultiplex_thread().\n\nAlso, maybe_get_net() cannot be put just before __sock_create() because\nthe code is not under RCU and there is a small chance that the same\naddress happened to be reallocated to another netns.\n\n[0]:\nCIFS: VFS: \\\\XXXXXXXXXXX has not responded in 15 seconds. Reconnecting...\nCIFS: Serverclose failed 4 times, giving up\nUnable to handle kernel paging request at virtual address 14de99e461f84a07\nMem abort info:\n ESR = 0x0000000096000004\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x04: level 0 translation fault\nData abort info:\n ISV = 0, ISS = 0x00000004\n CM = 0, WnR = 0\n[14de99e461f84a07] address between user and kernel address ranges\nInternal error: Oops: 0000000096000004 [#1] SMP\nModules linked in: cls_bpf sch_ingress nls_utf8 cifs cifs_arc4 cifs_md4 dns_resolver tcp_diag inet_diag veth xt_state xt_connmark nf_conntrack_netlink xt_nat xt_statistic xt_MASQUERADE xt_mark xt_addrtype ipt_REJECT nf_reject_ipv4 nft_chain_nat nf_nat xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_comment nft_compat nf_tables nfnetlink overlay nls_ascii nls_cp437 sunrpc vfat fat aes_ce_blk aes_ce_cipher ghash_ce sm4_ce_cipher sm4 sm3_ce sm3 sha3_ce sha512_ce sha512_arm64 sha1_ce ena button sch_fq_codel loop fuse configfs dmi_sysfs sha2_ce sha256_arm64 dm_mirror dm_region_hash dm_log dm_mod dax efivarfs\nCPU: 5 PID: 2690970 Comm: cifsd Not tainted 6.1.103-109.184.amzn2023.aarch64 #1\nHardware name: Amazon EC2 r7g.4xlarge/, BIOS 1.0 11/1/2018\npstate: 00400005 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : fib_rules_lookup+0x44/0x238\nlr : __fib_lookup+0x64/0xbc\nsp : ffff8000265db790\nx29: ffff8000265db790 x28: 0000000000000000 x27: 000000000000bd01\nx26: 0000000000000000 x25: ffff000b4baf8000 x24: ffff00047b5e4580\nx23: ffff8000265db7e0 x22: 0000000000000000 x21: ffff00047b5e4500\nx20: ffff0010e3f694f8 x19: 14de99e461f849f7 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\nx14: 0000000000000000 x13: 0000000000000000 x12: 3f92800abd010002\nx11: 0000000000000001 x10: ffff0010e3f69420 x9 : ffff800008a6f294\nx8 : 0000000000000000 x7 : 0000000000000006 x6 : 0000000000000000\nx5 : 0000000000000001 x4 : ffff001924354280 x3 : ffff8000265db7e0\nx2 : 0000000000000000 x1 : ffff0010e3f694f8 x0 : ffff00047b5e4500\nCall trace:\n fib_rules_lookup+0x44/0x238\n __fib_lookup+0x64/0xbc\n ip_route_output_key_hash_rcu+0x2c4/0x398\n ip_route_output_key_hash+0x60/0x8c\n tcp_v4_connect+0x290/0x488\n __inet_stream_connect+0x108/0x3d0\n inet_stream_connect+0x50/0x78\n kernel_connect+0x6c/0xac\n generic_ip_conne\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53095",
"url": "https://www.suse.com/security/cve/CVE-2024-53095"
},
{
"category": "external",
"summary": "SUSE Bug 1233642 for CVE-2024-53095",
"url": "https://bugzilla.suse.com/1233642"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-53095"
},
{
"cve": "CVE-2024-53096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53096"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: resolve faulty mmap_region() error path behaviour\n\nThe mmap_region() function is somewhat terrifying, with spaghetti-like\ncontrol flow and numerous means by which issues can arise and incomplete\nstate, memory leaks and other unpleasantness can occur.\n\nA large amount of the complexity arises from trying to handle errors late\nin the process of mapping a VMA, which forms the basis of recently\nobserved issues with resource leaks and observable inconsistent state.\n\nTaking advantage of previous patches in this series we move a number of\nchecks earlier in the code, simplifying things by moving the core of the\nlogic into a static internal function __mmap_region().\n\nDoing this allows us to perform a number of checks up front before we do\nany real work, and allows us to unwind the writable unmap check\nunconditionally as required and to perform a CONFIG_DEBUG_VM_MAPLE_TREE\nvalidation unconditionally also.\n\nWe move a number of things here:\n\n1. We preallocate memory for the iterator before we call the file-backed\n memory hook, allowing us to exit early and avoid having to perform\n complicated and error-prone close/free logic. We carefully free\n iterator state on both success and error paths.\n\n2. The enclosing mmap_region() function handles the mapping_map_writable()\n logic early. Previously the logic had the mapping_map_writable() at the\n point of mapping a newly allocated file-backed VMA, and a matching\n mapping_unmap_writable() on success and error paths.\n\n We now do this unconditionally if this is a file-backed, shared writable\n mapping. If a driver changes the flags to eliminate VM_MAYWRITE, however\n doing so does not invalidate the seal check we just performed, and we in\n any case always decrement the counter in the wrapper.\n\n We perform a debug assert to ensure a driver does not attempt to do the\n opposite.\n\n3. We also move arch_validate_flags() up into the mmap_region()\n function. This is only relevant on arm64 and sparc64, and the check is\n only meaningful for SPARC with ADI enabled. We explicitly add a warning\n for this arch if a driver invalidates this check, though the code ought\n eventually to be fixed to eliminate the need for this.\n\nWith all of these measures in place, we no longer need to explicitly close\nthe VMA on error paths, as we place all checks which might fail prior to a\ncall to any driver mmap hook.\n\nThis eliminates an entire class of errors, makes the code easier to reason\nabout and more robust.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53096",
"url": "https://www.suse.com/security/cve/CVE-2024-53096"
},
{
"category": "external",
"summary": "SUSE Bug 1233756 for CVE-2024-53096",
"url": "https://bugzilla.suse.com/1233756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-53096"
},
{
"cve": "CVE-2024-53100",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53100"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: tcp: avoid race between queue_lock lock and destroy\n\nCommit 76d54bf20cdc (\"nvme-tcp: don\u0027t access released socket during\nerror recovery\") added a mutex_lock() call for the queue-\u003equeue_lock\nin nvme_tcp_get_address(). However, the mutex_lock() races with\nmutex_destroy() in nvme_tcp_free_queue(), and causes the WARN below.\n\nDEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\nWARNING: CPU: 3 PID: 34077 at kernel/locking/mutex.c:587 __mutex_lock+0xcf0/0x1220\nModules linked in: nvmet_tcp nvmet nvme_tcp nvme_fabrics iw_cm ib_cm ib_core pktcdvd nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables qrtr sunrpc ppdev 9pnet_virtio 9pnet pcspkr netfs parport_pc parport e1000 i2c_piix4 i2c_smbus loop fuse nfnetlink zram bochs drm_vram_helper drm_ttm_helper ttm drm_kms_helper xfs drm sym53c8xx floppy nvme scsi_transport_spi nvme_core nvme_auth serio_raw ata_generic pata_acpi dm_multipath qemu_fw_cfg [last unloaded: ib_uverbs]\nCPU: 3 UID: 0 PID: 34077 Comm: udisksd Not tainted 6.11.0-rc7 #319\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014\nRIP: 0010:__mutex_lock+0xcf0/0x1220\nCode: 08 84 d2 0f 85 c8 04 00 00 8b 15 ef b6 c8 01 85 d2 0f 85 78 f4 ff ff 48 c7 c6 20 93 ee af 48 c7 c7 60 91 ee af e8 f0 a7 6d fd \u003c0f\u003e 0b e9 5e f4 ff ff 48 b8 00 00 00 00 00 fc ff df 4c 89 f2 48 c1\nRSP: 0018:ffff88811305f760 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff88812c652058 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001\nRBP: ffff88811305f8b0 R08: 0000000000000001 R09: ffffed1075c36341\nR10: ffff8883ae1b1a0b R11: 0000000000010498 R12: 0000000000000000\nR13: 0000000000000000 R14: dffffc0000000000 R15: ffff88812c652058\nFS: 00007f9713ae4980(0000) GS:ffff8883ae180000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fcd78483c7c CR3: 0000000122c38000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? __warn.cold+0x5b/0x1af\n ? __mutex_lock+0xcf0/0x1220\n ? report_bug+0x1ec/0x390\n ? handle_bug+0x3c/0x80\n ? exc_invalid_op+0x13/0x40\n ? asm_exc_invalid_op+0x16/0x20\n ? __mutex_lock+0xcf0/0x1220\n ? nvme_tcp_get_address+0xc2/0x1e0 [nvme_tcp]\n ? __pfx___mutex_lock+0x10/0x10\n ? __lock_acquire+0xd6a/0x59e0\n ? nvme_tcp_get_address+0xc2/0x1e0 [nvme_tcp]\n nvme_tcp_get_address+0xc2/0x1e0 [nvme_tcp]\n ? __pfx_nvme_tcp_get_address+0x10/0x10 [nvme_tcp]\n nvme_sysfs_show_address+0x81/0xc0 [nvme_core]\n dev_attr_show+0x42/0x80\n ? __asan_memset+0x1f/0x40\n sysfs_kf_seq_show+0x1f0/0x370\n seq_read_iter+0x2cb/0x1130\n ? rw_verify_area+0x3b1/0x590\n ? __mutex_lock+0x433/0x1220\n vfs_read+0x6a6/0xa20\n ? lockdep_hardirqs_on+0x78/0x100\n ? __pfx_vfs_read+0x10/0x10\n ksys_read+0xf7/0x1d0\n ? __pfx_ksys_read+0x10/0x10\n ? __x64_sys_openat+0x105/0x1d0\n do_syscall_64+0x93/0x180\n ? lockdep_hardirqs_on_prepare+0x16d/0x400\n ? do_syscall_64+0x9f/0x180\n ? lockdep_hardirqs_on+0x78/0x100\n ? do_syscall_64+0x9f/0x180\n ? __pfx_ksys_read+0x10/0x10\n ? lockdep_hardirqs_on_prepare+0x16d/0x400\n ? do_syscall_64+0x9f/0x180\n ? lockdep_hardirqs_on+0x78/0x100\n ? do_syscall_64+0x9f/0x180\n ? lockdep_hardirqs_on_prepare+0x16d/0x400\n ? do_syscall_64+0x9f/0x180\n ? lockdep_hardirqs_on+0x78/0x100\n ? do_syscall_64+0x9f/0x180\n ? lockdep_hardirqs_on_prepare+0x16d/0x400\n ? do_syscall_64+0x9f/0x180\n ? lockdep_hardirqs_on+0x78/0x100\n ? do_syscall_64+0x9f/0x180\n ? lockdep_hardirqs_on_prepare+0x16d/0x400\n ? do_syscall_64+0x9f/0x180\n ? lockdep_hardirqs_on+0x78/0x100\n ? do_syscall_64+0x9f/0x180\n ? do_syscall_64+0x9f/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f9713f55cfa\nCode: 55 48 89 e5 48 83 ec 20 48 89 55 e8 48 89 75 f0 89 7d f8 e8 e8 74 f8 ff 48 8b 55 e8 48 8b 75 f0 4\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53100",
"url": "https://www.suse.com/security/cve/CVE-2024-53100"
},
{
"category": "external",
"summary": "SUSE Bug 1233771 for CVE-2024-53100",
"url": "https://bugzilla.suse.com/1233771"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-53100"
},
{
"cve": "CVE-2024-53101",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53101"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: Fix uninitialized value issue in from_kuid and from_kgid\n\nocfs2_setattr() uses attr-\u003eia_mode, attr-\u003eia_uid and attr-\u003eia_gid in\na trace point even though ATTR_MODE, ATTR_UID and ATTR_GID aren\u0027t set.\n\nInitialize all fields of newattrs to avoid uninitialized variables, by\nchecking if ATTR_MODE, ATTR_UID, ATTR_GID are initialized, otherwise 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53101",
"url": "https://www.suse.com/security/cve/CVE-2024-53101"
},
{
"category": "external",
"summary": "SUSE Bug 1233769 for CVE-2024-53101",
"url": "https://bugzilla.suse.com/1233769"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-53101"
},
{
"cve": "CVE-2024-53104",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53104"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format\n\nThis can lead to out of bounds writes since frames of this type were not\ntaken into account when calculating the size of the frames buffer in\nuvc_parse_streaming.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53104",
"url": "https://www.suse.com/security/cve/CVE-2024-53104"
},
{
"category": "external",
"summary": "SUSE Bug 1234025 for CVE-2024-53104",
"url": "https://bugzilla.suse.com/1234025"
},
{
"category": "external",
"summary": "SUSE Bug 1236783 for CVE-2024-53104",
"url": "https://bugzilla.suse.com/1236783"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "important"
}
],
"title": "CVE-2024-53104"
},
{
"cve": "CVE-2024-53106",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53106"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nima: fix buffer overrun in ima_eventdigest_init_common\n\nFunction ima_eventdigest_init() calls ima_eventdigest_init_common()\nwith HASH_ALGO__LAST which is then used to access the array\nhash_digest_size[] leading to buffer overrun. Have a conditional\nstatement to handle this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53106",
"url": "https://www.suse.com/security/cve/CVE-2024-53106"
},
{
"category": "external",
"summary": "SUSE Bug 1234083 for CVE-2024-53106",
"url": "https://bugzilla.suse.com/1234083"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-53106"
},
{
"cve": "CVE-2024-53108",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53108"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Adjust VSDB parser for replay feature\n\nAt some point, the IEEE ID identification for the replay check in the\nAMD EDID was added. However, this check causes the following\nout-of-bounds issues when using KASAN:\n\n[ 27.804016] BUG: KASAN: slab-out-of-bounds in amdgpu_dm_update_freesync_caps+0xefa/0x17a0 [amdgpu]\n[ 27.804788] Read of size 1 at addr ffff8881647fdb00 by task systemd-udevd/383\n\n...\n\n[ 27.821207] Memory state around the buggy address:\n[ 27.821215] ffff8881647fda00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 27.821224] ffff8881647fda80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 27.821234] \u003effff8881647fdb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[ 27.821243] ^\n[ 27.821250] ffff8881647fdb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[ 27.821259] ffff8881647fdc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 27.821268] ==================================================================\n\nThis is caused because the ID extraction happens outside of the range of\nthe edid lenght. This commit addresses this issue by considering the\namd_vsdb_block size.\n\n(cherry picked from commit b7e381b1ccd5e778e3d9c44c669ad38439a861d8)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53108",
"url": "https://www.suse.com/security/cve/CVE-2024-53108"
},
{
"category": "external",
"summary": "SUSE Bug 1234081 for CVE-2024-53108",
"url": "https://bugzilla.suse.com/1234081"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-53108"
},
{
"cve": "CVE-2024-53110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53110"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvp_vdpa: fix id_table array not null terminated error\n\nAllocate one extra virtio_device_id as null terminator, otherwise\nvdpa_mgmtdev_get_classes() may iterate multiple times and visit\nundefined memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53110",
"url": "https://www.suse.com/security/cve/CVE-2024-53110"
},
{
"category": "external",
"summary": "SUSE Bug 1234085 for CVE-2024-53110",
"url": "https://bugzilla.suse.com/1234085"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-53110"
},
{
"cve": "CVE-2024-53112",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53112"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: uncache inode which has failed entering the group\n\nSyzbot has reported the following BUG:\n\nkernel BUG at fs/ocfs2/uptodate.c:509!\n...\nCall Trace:\n \u003cTASK\u003e\n ? __die_body+0x5f/0xb0\n ? die+0x9e/0xc0\n ? do_trap+0x15a/0x3a0\n ? ocfs2_set_new_buffer_uptodate+0x145/0x160\n ? do_error_trap+0x1dc/0x2c0\n ? ocfs2_set_new_buffer_uptodate+0x145/0x160\n ? __pfx_do_error_trap+0x10/0x10\n ? handle_invalid_op+0x34/0x40\n ? ocfs2_set_new_buffer_uptodate+0x145/0x160\n ? exc_invalid_op+0x38/0x50\n ? asm_exc_invalid_op+0x1a/0x20\n ? ocfs2_set_new_buffer_uptodate+0x2e/0x160\n ? ocfs2_set_new_buffer_uptodate+0x144/0x160\n ? ocfs2_set_new_buffer_uptodate+0x145/0x160\n ocfs2_group_add+0x39f/0x15a0\n ? __pfx_ocfs2_group_add+0x10/0x10\n ? __pfx_lock_acquire+0x10/0x10\n ? mnt_get_write_access+0x68/0x2b0\n ? __pfx_lock_release+0x10/0x10\n ? rcu_read_lock_any_held+0xb7/0x160\n ? __pfx_rcu_read_lock_any_held+0x10/0x10\n ? smack_log+0x123/0x540\n ? mnt_get_write_access+0x68/0x2b0\n ? mnt_get_write_access+0x68/0x2b0\n ? mnt_get_write_access+0x226/0x2b0\n ocfs2_ioctl+0x65e/0x7d0\n ? __pfx_ocfs2_ioctl+0x10/0x10\n ? smack_file_ioctl+0x29e/0x3a0\n ? __pfx_smack_file_ioctl+0x10/0x10\n ? lockdep_hardirqs_on_prepare+0x43d/0x780\n ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10\n ? __pfx_ocfs2_ioctl+0x10/0x10\n __se_sys_ioctl+0xfb/0x170\n do_syscall_64+0xf3/0x230\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n \u003c/TASK\u003e\n\nWhen \u0027ioctl(OCFS2_IOC_GROUP_ADD, ...)\u0027 has failed for the particular\ninode in \u0027ocfs2_verify_group_and_input()\u0027, corresponding buffer head\nremains cached and subsequent call to the same \u0027ioctl()\u0027 for the same\ninode issues the BUG() in \u0027ocfs2_set_new_buffer_uptodate()\u0027 (trying\nto cache the same buffer head of that inode). Fix this by uncaching\nthe buffer head with \u0027ocfs2_remove_from_cache()\u0027 on error path in\n\u0027ocfs2_group_add()\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53112",
"url": "https://www.suse.com/security/cve/CVE-2024-53112"
},
{
"category": "external",
"summary": "SUSE Bug 1234087 for CVE-2024-53112",
"url": "https://bugzilla.suse.com/1234087"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-53112"
},
{
"cve": "CVE-2024-53114",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53114"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client\n\nA number of Zen4 client SoCs advertise the ability to use virtualized\nVMLOAD/VMSAVE, but using these instructions is reported to be a cause\nof a random host reboot.\n\nThese instructions aren\u0027t intended to be advertised on Zen4 client\nso clear the capability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53114",
"url": "https://www.suse.com/security/cve/CVE-2024-53114"
},
{
"category": "external",
"summary": "SUSE Bug 1234072 for CVE-2024-53114",
"url": "https://bugzilla.suse.com/1234072"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-53114"
},
{
"cve": "CVE-2024-53121",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53121"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: fs, lock FTE when checking if active\n\nThe referenced commits introduced a two-step process for deleting FTEs:\n\n- Lock the FTE, delete it from hardware, set the hardware deletion function\n to NULL and unlock the FTE.\n- Lock the parent flow group, delete the software copy of the FTE, and\n remove it from the xarray.\n\nHowever, this approach encounters a race condition if a rule with the same\nmatch value is added simultaneously. In this scenario, fs_core may set the\nhardware deletion function to NULL prematurely, causing a panic during\nsubsequent rule deletions.\n\nTo prevent this, ensure the active flag of the FTE is checked under a lock,\nwhich will prevent the fs_core layer from attaching a new steering rule to\nan FTE that is in the process of deletion.\n\n[ 438.967589] MOSHE: 2496 mlx5_del_flow_rules del_hw_func\n[ 438.968205] ------------[ cut here ]------------\n[ 438.968654] refcount_t: decrement hit 0; leaking memory.\n[ 438.969249] WARNING: CPU: 0 PID: 8957 at lib/refcount.c:31 refcount_warn_saturate+0xfb/0x110\n[ 438.970054] Modules linked in: act_mirred cls_flower act_gact sch_ingress openvswitch nsh mlx5_vdpa vringh vhost_iotlb vdpa mlx5_ib mlx5_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm ib_uverbs ib_core zram zsmalloc fuse [last unloaded: cls_flower]\n[ 438.973288] CPU: 0 UID: 0 PID: 8957 Comm: tc Not tainted 6.12.0-rc1+ #8\n[ 438.973888] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n[ 438.974874] RIP: 0010:refcount_warn_saturate+0xfb/0x110\n[ 438.975363] Code: 40 66 3b 82 c6 05 16 e9 4d 01 01 e8 1f 7c a0 ff 0f 0b c3 cc cc cc cc 48 c7 c7 10 66 3b 82 c6 05 fd e8 4d 01 01 e8 05 7c a0 ff \u003c0f\u003e 0b c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 90\n[ 438.976947] RSP: 0018:ffff888124a53610 EFLAGS: 00010286\n[ 438.977446] RAX: 0000000000000000 RBX: ffff888119d56de0 RCX: 0000000000000000\n[ 438.978090] RDX: ffff88852c828700 RSI: ffff88852c81b3c0 RDI: ffff88852c81b3c0\n[ 438.978721] RBP: ffff888120fa0e88 R08: 0000000000000000 R09: ffff888124a534b0\n[ 438.979353] R10: 0000000000000001 R11: 0000000000000001 R12: ffff888119d56de0\n[ 438.979979] R13: ffff888120fa0ec0 R14: ffff888120fa0ee8 R15: ffff888119d56de0\n[ 438.980607] FS: 00007fe6dcc0f800(0000) GS:ffff88852c800000(0000) knlGS:0000000000000000\n[ 438.983984] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 438.984544] CR2: 00000000004275e0 CR3: 0000000186982001 CR4: 0000000000372eb0\n[ 438.985205] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 438.985842] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 438.986507] Call Trace:\n[ 438.986799] \u003cTASK\u003e\n[ 438.987070] ? __warn+0x7d/0x110\n[ 438.987426] ? refcount_warn_saturate+0xfb/0x110\n[ 438.987877] ? report_bug+0x17d/0x190\n[ 438.988261] ? prb_read_valid+0x17/0x20\n[ 438.988659] ? handle_bug+0x53/0x90\n[ 438.989054] ? exc_invalid_op+0x14/0x70\n[ 438.989458] ? asm_exc_invalid_op+0x16/0x20\n[ 438.989883] ? refcount_warn_saturate+0xfb/0x110\n[ 438.990348] mlx5_del_flow_rules+0x2f7/0x340 [mlx5_core]\n[ 438.990932] __mlx5_eswitch_del_rule+0x49/0x170 [mlx5_core]\n[ 438.991519] ? mlx5_lag_is_sriov+0x3c/0x50 [mlx5_core]\n[ 438.992054] ? xas_load+0x9/0xb0\n[ 438.992407] mlx5e_tc_rule_unoffload+0x45/0xe0 [mlx5_core]\n[ 438.993037] mlx5e_tc_del_fdb_flow+0x2a6/0x2e0 [mlx5_core]\n[ 438.993623] mlx5e_flow_put+0x29/0x60 [mlx5_core]\n[ 438.994161] mlx5e_delete_flower+0x261/0x390 [mlx5_core]\n[ 438.994728] tc_setup_cb_destroy+0xb9/0x190\n[ 438.995150] fl_hw_destroy_filter+0x94/0xc0 [cls_flower]\n[ 438.995650] fl_change+0x11a4/0x13c0 [cls_flower]\n[ 438.996105] tc_new_tfilter+0x347/0xbc0\n[ 438.996503] ? __\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53121",
"url": "https://www.suse.com/security/cve/CVE-2024-53121"
},
{
"category": "external",
"summary": "SUSE Bug 1234078 for CVE-2024-53121",
"url": "https://bugzilla.suse.com/1234078"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-53121"
},
{
"cve": "CVE-2024-53138",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53138"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: kTLS, Fix incorrect page refcounting\n\nThe kTLS tx handling code is using a mix of get_page() and\npage_ref_inc() APIs to increment the page reference. But on the release\npath (mlx5e_ktls_tx_handle_resync_dump_comp()), only put_page() is used.\n\nThis is an issue when using pages from large folios: the get_page()\nreferences are stored on the folio page while the page_ref_inc()\nreferences are stored directly in the given page. On release the folio\npage will be dereferenced too many times.\n\nThis was found while doing kTLS testing with sendfile() + ZC when the\nserved file was read from NFS on a kernel with NFS large folios support\n(commit 49b29a573da8 (\"nfs: add support for large folios\")).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53138",
"url": "https://www.suse.com/security/cve/CVE-2024-53138"
},
{
"category": "external",
"summary": "SUSE Bug 1234223 for CVE-2024-53138",
"url": "https://bugzilla.suse.com/1234223"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-22.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-22-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-22.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-22.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T12:56:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-53138"
}
]
}
SUSE-SU-2025:20247-1
Vulnerability from csaf_suse - Published: 2025-03-27 14:05 - Updated: 2025-03-27 14:05Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-52778: mptcp: deal with large GSO size (bsc#1224948).
- CVE-2023-52920: bpf: support non-r10 register spill/fill to/from stack in precision tracking (bsc#1232823).
- CVE-2024-26596: net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events (bsc#1220355).
- CVE-2024-26741: dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished() (bsc#1222587).
- CVE-2024-26782: mptcp: fix double-free on socket dismantle (bsc#1222590).
- CVE-2024-26953: net: esp: fix bad handling of pages from page_pool (bsc#1223656).
- CVE-2024-27017: netfilter: nft_set_pipapo: walk over current view on netlink dump (bsc#1223733).
- CVE-2024-35888: erspan: make sure erspan_base_hdr is present in skb->head (bsc#1224518).
- CVE-2024-36000: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (bsc#1224548).
- CVE-2024-36244: net/sched: taprio: extend minimum interval restriction to entire cycle too (bsc#1226797).
- CVE-2024-36883: net: fix out-of-bounds access in ops_init (bsc#1225725).
- CVE-2024-36886: tipc: fix UAF in error path (bsc#1225730).
- CVE-2024-36905: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (bsc#1225742).
- CVE-2024-36927: ipv4: Fix uninit-value access in __ip_make_skb() (bsc#1225813).
- CVE-2024-36954: tipc: fix a possible memleak in tipc_buf_append (bsc#1225764).
- CVE-2024-36968: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() (bsc#1226130).
- CVE-2024-38589: netrom: fix possible dead-lock in nr_rt_ioctl() (bsc#1226748).
- CVE-2024-40914: mm/huge_memory: do not unpoison huge_zero_folio (bsc#1227842).
- CVE-2024-41023: sched/deadline: Fix task_struct reference leak (bsc#1228430).
- CVE-2024-41031: mm/filemap: skip to create PMD-sized page cache if needed (bsc#1228454).
- CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620).
- CVE-2024-42102: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" (bsc#1233132).
- CVE-2024-44958: sched/smt: Fix unbalance sched_smt_present dec/inc (bsc#1230179).
- CVE-2024-44995: net: hns3: fix a deadlock problem when config TC during resetting (bsc#1230231).
- CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429).
- CVE-2024-45025: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (bsc#1230456).
- CVE-2024-46678: bonding: change ipsec_lock from spin lock to mutex (bsc#1230550).
- CVE-2024-46680: Bluetooth: btnxpuart: Fix random crash seen while removing driver (bsc#1230557).
- CVE-2024-46681: pktgen: use cpus_read_lock() in pg_net_init() (bsc#1230558).
- CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710)
- CVE-2024-46754: bpf: Remove tst_run from lwt_seg6local_prog_ops (bsc#1230801).
- CVE-2024-46765: ice: protect XDP configuration with a mutex (bsc#1230807).
- CVE-2024-46766: ice: move netif_queue_set_napi to rtnl-protected sections (bsc#1230762).
- CVE-2024-46770: ice: Add netif_device_attach/detach into PF reset flow (bsc#1230763).
- CVE-2024-46775: drm/amd/display: Validate function returns (bsc#1230774).
- CVE-2024-46777: udf: Avoid excessive partition lengths (bsc#1230773).
- CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827).
- CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191).
- CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197).
- CVE-2024-46826: ELF: fix kernel.randomize_va_space double read (bsc#1231115).
- CVE-2024-46831: net: microchip: vcap: Fix use-after-free error in kunit test (bsc#1231117).
- CVE-2024-46834: ethtool: fail closed if we can't get max channel used in indirection tables (bsc#1231096).
- CVE-2024-46840: btrfs: clean up our handling of refs == 0 in snapshot delete (bsc#1231105).
- CVE-2024-46841: btrfs: do not BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() (bsc#1231094).
- CVE-2024-46843: scsi: ufs: core: Remove SCSI host only if added (bsc#1231100).
- CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084).
- CVE-2024-46855: netfilter: nft_socket: fix sk refcount leaks (bsc#1231085).
- CVE-2024-46857: net/mlx5: Fix bridge mode operations when there are no VFs (bsc#1231087).
- CVE-2024-46870: drm/amd/display: Disable DMCUB timeout for DCN35 (bsc#1231435).
- CVE-2024-47658: crypto: stm32/cryp - call finalize with bh disabled (bsc#1231436).
- CVE-2024-47660: fsnotify: clear PARENT_WATCHED flags lazily (bsc#1231439).
- CVE-2024-47664: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware (bsc#1231442).
- CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673).
- CVE-2024-47679: vfs: fix race between evice_inodes() and find_inode() and iput() (bsc#1231930).
- CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987).
- CVE-2024-47685: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (bsc#1231998).
- CVE-2024-47687: vdpa/mlx5: Fix invalid mr resource destroy (bsc#1232003).
- CVE-2024-47692: nfsd: return -EINVAL when namelen is 0 (bsc#1231857).
- CVE-2024-47701: ext4: avoid OOB when system.data xattr changes underneath the filesystem (bsc#1231920).
- CVE-2024-47703: bpf, lsm: add check for BPF LSM return value (bsc#1231946).
- CVE-2024-47704: drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944).
- CVE-2024-47705: block: fix potential invalid pointer dereference in blk_add_partition (bsc#1231872).
- CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942).
- CVE-2024-47707: ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (bsc#1231935).
- CVE-2024-47710: sock_map: Add a cond_resched() in sock_hash_free() (bsc#1232049).
- CVE-2024-47727: x86/tdx: Fix "in-kernel MMIO" check (bsc#1232116).
- CVE-2024-47730: crypto: hisilicon/qm - inject error before stopping queue (bsc#1232075).
- CVE-2024-47731: drivers/perf: Fix ali_drw_pmu driver interrupt status clearing (bsc#1232117).
- CVE-2024-47739: padata: use integer wrap around to prevent deadlock on seq_nr overflow (bsc#1232124).
- CVE-2024-47741: btrfs: fix race setting file private on concurrent lseek using same fd (bsc#1231869).
- CVE-2024-47745: mm: call the security_mmap_file() LSM hook in remap_file_pages() (bsc#1232135).
- CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145).
- CVE-2024-47752: media: mediatek: vcodec: Fix H264 stateless decoder smatch warning (bsc#1232130).
- CVE-2024-47753: media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning (bsc#1231868).
- CVE-2024-47754: media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning (bsc#1232131).
- CVE-2024-49852: scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() (bsc#1232819).
- CVE-2024-49864: rxrpc: Fix a race between socket set up and I/O thread creation (bsc#1232256).
- CVE-2024-49867: btrfs: wait for fixup workers before stopping cleaner kthread during umount (bsc#1232262).
- CVE-2024-49868: btrfs: fix a NULL pointer dereference when failed to start a new trasacntion (bsc#1232272).
- CVE-2024-49881: ext4: update orig_path in ext4_find_extent() (bsc#1232201).
- CVE-2024-49882: ext4: fix double brelse() the buffer of the extents path (bsc#1232200).
- CVE-2024-49883: ext4: aovid use-after-free in ext4_ext_insert_extent() (bsc#1232199).
- CVE-2024-49888: bpf: Fix a sdiv overflow issue (bsc#1232208).
- CVE-2024-49890: drm/amd/pm: ensure the fw_info is not null before using it (bsc#1232217).
- CVE-2024-49892: drm/amd/display: Initialize get_bytes_per_element's default to 1 (bsc#1232220).
- CVE-2024-49894: drm/amd/display: Fix index out of bounds in degamma hardware format translation (bsc#1232354).
- CVE-2024-49895: drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation (bsc#1232352).
- CVE-2024-49896: drm/amd/display: Check stream before comparing them (bsc#1232221).
- CVE-2024-49897: drm/amd/display: Check phantom_stream before it is used (bsc#1232355).
- CVE-2024-49898: drm/amd/display: Check null-initialized variables (bsc#1232222).
- CVE-2024-49899: drm/amd/display: Initialize denominators' default to 1 (bsc#1232358).
- CVE-2024-49901: drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs (bsc#1232305).
- CVE-2024-49906: drm/amd/display: Check null pointer before try to access it (bsc#1232332).
- CVE-2024-49907: drm/amd/display: Check null pointers before using dc->clk_mgr (bsc#1232334).
- CVE-2024-49909: drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func (bsc#1232337).
- CVE-2024-49911: drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func (bsc#1232366).
- CVE-2024-49912: drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream' (bsc#1232367).
- CVE-2024-49913: drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream (bsc#1232307).
- CVE-2024-49914: drm/amd/display: Add null check for pipe_ctx->plane_state in (bsc#1232369).
- CVE-2024-49917: drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn30_init_hw (bsc#1231965).
- CVE-2024-49918: drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer (bsc#1231967).
- CVE-2024-49919: drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer (bsc#1231968).
- CVE-2024-49920: drm/amd/display: Check null pointers before multiple uses (bsc#1232313).
- CVE-2024-49921: drm/amd/display: Check null pointers before used (bsc#1232371).
- CVE-2024-49922: drm/amd/display: Check null pointers before using them (bsc#1232374).
- CVE-2024-49923: drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags (bsc#1232361).
- CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224)
- CVE-2024-49933: blk_iocost: fix more out of bound shifts (bsc#1232368).
- CVE-2024-49934: fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name (bsc#1232387).
- CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424).
- CVE-2024-49944: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start (bsc#1232166).
- CVE-2024-49945: net/ncsi: Disable the ncsi work before freeing the associated structure (bsc#1232165).
- CVE-2024-49946: ppp: do not assume bh is held in ppp_channel_bridge_input() (bsc#1232164).
- CVE-2024-49949: net: avoid potential underflow in qdisc_pkt_len_init() with UFO (bsc#1232160).
- CVE-2024-49950: Bluetooth: L2CAP: Fix uaf in l2cap_connect (bsc#1232159).
- CVE-2024-49952: netfilter: nf_tables: prevent nf_skb_duplicated corruption (bsc#1232157).
- CVE-2024-49953: net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice (bsc#1232156).
- CVE-2024-49954: static_call: Replace pointless WARN_ON() in static_call_module_notify() (bsc#1232155).
- CVE-2024-49958: ocfs2: reserve space for inline xattr before attaching reflink tree (bsc#1232151).
- CVE-2024-49959: jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (bsc#1232149).
- CVE-2024-49960: ext4: fix timer use-after-free on failed mount (bsc#1232395).
- CVE-2024-49967: ext4: no need to continue when the number of entries is 1 (bsc#1232140).
- CVE-2024-49968: ext4: filesystems without casefold feature cannot be mounted with siphash (bsc#1232264).
- CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519).
- CVE-2024-49972: drm/amd/display: Deallocate DML memory if allocation fails (bsc#1232315).
- CVE-2024-49973: r8169: add tally counter fields added with RTL8125 (bsc#1232105).
- CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383).
- CVE-2024-49983: ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free (bsc#1232096).
- CVE-2024-49986: platform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors (bsc#1232093).
- CVE-2024-49987: bpftool: Fix undefined behavior in qsort(NULL, 0, ...) (bsc#1232258).
- CVE-2024-49989: drm/amd/display: fix double free issue during amdgpu module unload (bsc#1232483).
- CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282).
- CVE-2024-49993: iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count (bsc#1232316).
- CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432).
- CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points (bsc#1232089).
- CVE-2024-50000: net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (bsc#1232085).
- CVE-2024-50001: net/mlx5: Fix error path in multi-packet WQE transmit (bsc#1232084).
- CVE-2024-50002: static_call: Handle module init failure correctly in static_call_del_module() (bsc#1232083).
- CVE-2024-50003: drm/amd/display: Fix system hang while resume with TBT monitor (bsc#1232385).
- CVE-2024-50004: drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35 (bsc#1232396).
- CVE-2024-50006: ext4: fix i_data_sem unlock order in ext4_ind_migrate() (bsc#1232442).
- CVE-2024-50009: cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value (bsc#1232318).
- CVE-2024-50012: cpufreq: Avoid a bad reference count on CPU node (bsc#1232386).
- CVE-2024-50014: ext4: fix access to uninitialised lock in fc replay path (bsc#1232446).
- CVE-2024-50015: ext4: dax: fix overflowing extents beyond inode size when partially writing (bsc#1232079).
- CVE-2024-50020: ice: Fix improper handling of refcount in ice_sriov_set_msix_vec_count() (bsc#1231989).
- CVE-2024-50021: ice: Fix improper handling of refcount in ice_dpll_init_rclk_pins() (bsc#1231957).
- CVE-2024-50022: device-dax: correct pgoff align in dax_set_mapping() (bsc#1231956).
- CVE-2024-50024: net: Fix an unsafe loop on the list (bsc#1231954).
- CVE-2024-50027: thermal: core: Free tzp copy along with the thermal zone (bsc#1231951).
- CVE-2024-50028: thermal: core: Reference count the zone in thermal_zone_get_by_id() (bsc#1231950).
- CVE-2024-50033: slip: make slhc_remember() more robust against malicious packets (bsc#1231914).
- CVE-2024-50035: ppp: fix ppp_async_encode() illegal access (bsc#1232392).
- CVE-2024-50040: igb: Do not bring the device up after non-fatal error (bsc#1231908).
- CVE-2024-50041: i40e: Fix macvlan leak by synchronizing access to mac_filter_hash (bsc#1231907).
- CVE-2024-50042: ice: Fix increasing MSI-X on VF (bsc#1231906).
- CVE-2024-50045: netfilter: br_netfilter: fix panic with metadata_dst skb (bsc#1231903).
- CVE-2024-50046: NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() (bsc#1231902).
- CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418).
- CVE-2024-50059: ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition (bsc#1232345).
- CVE-2024-50060: io_uring: check if we need to reschedule during overflow flush (bsc#1232417).
- CVE-2024-50063: bpf: Prevent tail call between progs attached to different hooks (bsc#1232435).
- CVE-2024-50064: zram: free secondary algorithms names (bsc#1231901).
- CVE-2024-50080: ublk: do not allow user copy for unprivileged device (bsc#1232502).
- CVE-2024-50081: blk-mq: setup queue ->tag_set before initializing hctx (bsc#1232501).
- CVE-2024-50082: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (bsc#1232500).
- CVE-2024-50084: net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test() (bsc#1232494).
- CVE-2024-50087: btrfs: fix uninitialized pointer free on read_alloc_one_name() error (bsc#1232499).
- CVE-2024-50088: btrfs: fix uninitialized pointer free in add_inode_ref() (bsc#1232498).
- CVE-2024-50098: scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down (bsc#1232881).
- CVE-2024-50110: xfrm: fix one more kernel-infoleak in algo dumping (bsc#1232885).
- CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919).
- CVE-2024-50124: Bluetooth: ISO: Fix UAF on iso_sock_timeout (bsc#1232926).
- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928).
- CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907).
- CVE-2024-50128: net: wwan: fix global oob in wwan_rtnl_policy (bsc#1232905).
- CVE-2024-50130: netfilter: bpf: must hold reference on net namespace (bsc#1232894).
- CVE-2024-50138: bpf: Use raw_spinlock_t in ringbuf (bsc#1232935).
- CVE-2024-50139: KVM: arm64: Fix shift-out-of-bounds bug (bsc#1233062).
- CVE-2024-50145: octeon_ep: add SKB allocation failures handling in __octep_oq_process_rx() (bsc#1233044).
- CVE-2024-50153: scsi: target: core: Fix null-ptr-deref in target_alloc_device() (bsc#1233061).
- CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233070).
- CVE-2024-50166: fsl/fman: Fix refcount handling of fman-related devices (bsc#1233050).
- CVE-2024-50167: be2net: fix potential memory leak in be_xmit() (bsc#1233049).
- CVE-2024-50169: vsock: Update rx_bytes on read_skb() (bsc#1233320).
- CVE-2024-50171: net: systemport: fix potential memory leak in bcm_sysport_xmit() (bsc#1233057).
- CVE-2024-50177: drm/amd/display: fix a UBSAN warning in DML2.1 (bsc#1233115).
- CVE-2024-50182: secretmem: disable memfd_secret() if arch cannot set direct map (bsc#1233129).
- CVE-2024-50184: virtio_pmem: Check device status before requesting flush (bsc#1233135).
- CVE-2024-50186: net: explicitly clear the sk pointer, when pf->create fails (bsc#1233110).
- CVE-2024-50192: irqchip/gic-v4: Do not allow a VMOVP on a dying VPE (bsc#1233106).
- CVE-2024-50225: btrfs: fix error propagation of split bios (bsc#1233193).
- CVE-2024-50228: mm: shmem: fix data-race in shmem_getattr() (bsc#1233204).
- CVE-2024-50230: nilfs2: fix kernel bug due to missing clearing of checked flag (bsc#1233206).
- CVE-2024-50245: fs/ntfs3: Fix possible deadlock in mi_read (bsc#1233203).
- CVE-2024-50246: fs/ntfs3: Add rough attr alloc_size check (bsc#1233207).
- CVE-2024-50250: fsdax: dax_unshare_iter needs to copy entire blocks (bsc#1233226).
- CVE-2024-50252: mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address (bsc#1233201).
- CVE-2024-50257: netfilter: Fix use-after-free in get_info() (bsc#1233244).
- CVE-2024-50261: macsec: Fix use-after-free while sending the offloading packet (bsc#1233253).
- CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453).
- CVE-2024-50271: signal: restore the override_rlimit logic (bsc#1233460).
- CVE-2024-50273: btrfs: reinitialize delayed ref list after deleting it from the list (bsc#1233462).
- CVE-2024-50274: idpf: avoid vport access in idpf_get_link_ksettings (bsc#1233463).
- CVE-2024-50275: arm64/sve: Discard stale CPU state when handling SVE traps (bsc#1233464).
- CVE-2024-50276: net: vertexcom: mse102x: Fix possible double free of TX skb (bsc#1233465).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
- CVE-2024-50289: media: av7110: fix a spectre vulnerability (bsc#1233478).
- CVE-2024-50295: net: arc: fix the device for dma_map_single/dma_unmap_single (bsc#1233484).
- CVE-2024-50296: net: hns3: fix kernel crash when uninstalling driver (bsc#1233485).
- CVE-2024-50298: net: enetc: allocate vf_state during PF probes (bsc#1233487).
- CVE-2024-53042: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() (bsc#1233540).
- CVE-2024-53043: mctp i2c: handle NULL header address (bsc#1233523).
- CVE-2024-53048: ice: fix crash on probe for DPLL enabled E810 LOM (bsc#1233721).
- CVE-2024-53051: drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability (bsc#1233547).
- CVE-2024-53055: wifi: iwlwifi: mvm: fix 6 GHz scan construction (bsc#1233550).
- CVE-2024-53056: drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy() (bsc#1233568).
- CVE-2024-53058: net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data (bsc#1233552).
- CVE-2024-53079: mm/thp: fix deferred split unqueue naming and locking (bsc#1233570).
- CVE-2024-53082: virtio_net: Add hash_key_length check (bsc#1233573).
- CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642).
- CVE-2024-53110: vp_vdpa: fix id_table array not null terminated error (bsc#1234085).
- CVE-2024-53121: net/mlx5: fs, lock FTE when checking if active (bsc#1234078).
- CVE-2024-53138: net/mlx5e: kTLS, Fix incorrect page refcounting (bsc#1234223).
The following non-security bugs were fixed:
- 9p: explicitly deny setlease attempts (git-fixes).
- ACPI: CPPC: Add support for setting EPP register in FFH (stable-fixes).
- ACPI: CPPC: Fix _CPC register setting issue (git-fixes).
- ACPI: CPPC: Make rmw_lock a raw_spin_lock (git-fixes).
- ACPI: EC: Do not release locks during operation region accesses (stable-fixes).
- ACPI: PAD: fix crash in exit_round_robin() (stable-fixes).
- ACPI: PRM: Clean up guid type in struct prm_handler_info (git-fixes).
- ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context (git-fixes).
- ACPI: battery: Fix possible crash when unregistering a battery hook (git-fixes).
- ACPI: battery: Simplify battery hook locking (stable-fixes).
- ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue (stable-fixes).
- ACPI: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[] (stable-fixes).
- ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[] (stable-fixes).
- ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[] (stable-fixes).
- ACPI: resource: Add another DMI match for the TongFang GMxXGxx (stable-fixes).
- ACPI: video: Add force_vendor quirk for Panasonic Toughbook CF-18 (stable-fixes).
- ACPICA: Fix memory leak if acpi_ps_get_next_field() fails (stable-fixes).
- ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails (stable-fixes).
- ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() (stable-fixes).
- ACPICA: iasl: handle empty connection_node (stable-fixes).
- ALSA/hda: intel-sdw-acpi: cleanup sdw_intel_scan_controller (stable-fixes).
- ALSA/hda: intel-sdw-acpi: fetch fwnode once in sdw_intel_scan_controller() (stable-fixes).
- ALSA/hda: intel-sdw-acpi: simplify sdw-master-count property read (stable-fixes).
- ALSA: 6fire: Release resources at card release (git-fixes).
- ALSA: Reorganize kerneldoc parameter names (stable-fixes).
- ALSA: ac97: bus: Fix the mistake in the comment (git-fixes).
- ALSA: asihpi: Fix potential OOB array access (stable-fixes).
- ALSA: caiaq: Use snd_card_free_when_closed() at disconnection (git-fixes).
- ALSA: core: add isascii() check to card ID generator (stable-fixes).
- ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (git-fixes).
- ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init() (git-fixes).
- ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2 (stable-fixes).
- ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne 1000 G2 (git-fixes).
- ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin (git-fixes).
- ALSA: hda/conexant: fix Z60MR100 startup pop issue (stable-fixes).
- ALSA: hda/conexant: fix some typos (stable-fixes).
- ALSA: hda/cs8409: Fix possible NULL dereference (git-fixes).
- ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs (bsc#1219803).
- ALSA: hda/realtek - Fixed Clevo platform headset Mic issue (stable-fixes).
- ALSA: hda/realtek - update set GPIO3 to default for Thinkpad with ALC1318 (git-fixes).
- ALSA: hda/realtek: Add a quirk for HP Pavilion 15z-ec200 (stable-fixes).
- ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9 (stable-fixes).
- ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593 (stable-fixes).
- ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13 (stable-fixes).
- ALSA: hda/realtek: Add support for Samsung Galaxy Book3 360 (NP730QFG) (stable-fixes).
- ALSA: hda/realtek: Apply quirk for Medion E15433 (bsc#1233298).
- ALSA: hda/realtek: Enable mic on Vaio VJFH52 (stable-fixes).
- ALSA: hda/realtek: Enable mute and micmute LED on HP ProBook 430 G8 (stable-fixes).
- ALSA: hda/realtek: Enable speaker pins for Medion E15443 platform (bsc#1233298).
- ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max (bsc#1233298).
- ALSA: hda/realtek: Fix headset mic on TUXEDO Gemini 17 Gen3 (stable-fixes).
- ALSA: hda/realtek: Fix headset mic on TUXEDO Stellaris 16 Gen6 mb1 (stable-fixes).
- ALSA: hda/realtek: Fix the push button function for the ALC257 (git-fixes).
- ALSA: hda/realtek: Limit internal Mic boost on Dell platform (stable-fixes).
- ALSA: hda/realtek: Refactor and simplify Samsung Galaxy Book init (stable-fixes).
- ALSA: hda/realtek: Set PCBeep to default value for ALC274 (stable-fixes).
- ALSA: hda/realtek: Update ALC225 depop procedure (git-fixes).
- ALSA: hda/realtek: Update ALC256 depop procedure (git-fixes).
- ALSA: hda/realtek: Update default depop procedure (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LED for HP mt645 G8 (stable-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP EliteBook 645 G10 (stable-fixes).
- ALSA: hda/realtek: tas2781: Fix ROG ALLY X audio (stable-fixes).
- ALSA: hda/tas2781: Add new quirk for Lenovo Y990 Laptop (stable-fixes).
- ALSA: hda/tas2781: Add new quirk for Lenovo, ASUS, Dell projects (stable-fixes).
- ALSA: hda/tas2781: select CRC32 instead of CRC32_SARWATE (git-fixes).
- ALSA: hda: Poll jack events for LS7A HD-Audio (stable-fixes).
- ALSA: hda: Show the codec quirk info at probing (stable-fixes).
- ALSA: hda: Sound support for HP Spectre x360 16 inch model 2024 (stable-fixes).
- ALSA: hda: tas2781: Fix missing setup at runtime PM (bsc#1230132).
- ALSA: hdsp: Break infinite MIDI input flush loop (stable-fixes).
- ALSA: ice1712: Remove redundant code in stac9460_dac_vol_put (stable-fixes).
- ALSA: line6: add hw monitor volume control to POD HD500X (stable-fixes).
- ALSA: line6: update contact information (stable-fixes).
- ALSA: mixer_oss: Remove some incorrect kfree_const() usages (git-fixes).
- ALSA: pcm: Add sanity NULL check for the default mmap fault handler (stable-fixes).
- ALSA: silence integer wrapping warning (stable-fixes).
- ALSA: ump: Fix evaluation of MIDI 1.0 FB info (git-fixes).
- ALSA: us122l: Use snd_card_free_when_closed() at disconnection (git-fixes).
- ALSA: usb-audio: Add Pioneer DJ/AlphaTheta DJM-A9 Mixer (stable-fixes).
- ALSA: usb-audio: Add delay quirk for VIVO USB-C HEADSET (stable-fixes).
- ALSA: usb-audio: Add input value sanity checks for standard types (stable-fixes).
- ALSA: usb-audio: Add logitech Audio profile quirk (stable-fixes).
- ALSA: usb-audio: Add native DSD support for Luxman D-08u (stable-fixes).
- ALSA: usb-audio: Add quirk for HP 320 FHD Webcam (bsc#1232768).
- ALSA: usb-audio: Add quirks for Dell WD19 dock (stable-fixes).
- ALSA: usb-audio: Define macros for quirk table entries (stable-fixes).
- ALSA: usb-audio: Fix Yamaha P-125 Quirk Entry (stable-fixes).
- ALSA: usb-audio: Fix a DMA to stack memory bug (git-fixes).
- ALSA: usb-audio: Fix out of bounds reads when finding clock sources (stable-fixes).
- ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices (git-fixes).
- ALSA: usb-audio: Make mic volume workarounds globally applicable (stable-fixes).
- ALSA: usb-audio: Replace complex quirk lines with macros (stable-fixes).
- ALSA: usb-audio: Use snprintf instead of sprintf in build_mixer_unit_ctl (stable-fixes).
- ALSA: usb-audio: add mixer mapping for Corsair HS80 (stable-fixes).
- ALSA: usx2y: Use snd_card_free_when_closed() at disconnection (git-fixes).
- ASoC: Intel: avs: da7219: Remove suspend_pre() and resume_post() (stable-fixes).
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet (stable-fixes).
- ASoC: Intel: bytcr_rt5640: Add support for non ACPI instantiated codec (stable-fixes).
- ASoC: Intel: sst: Fix used of uninitialized ctx to log an error (git-fixes).
- ASoC: Intel: sst: Support LPE0F28 ACPI HID (stable-fixes).
- ASoC: SOF: Add i2s bt dai configuration support for AMD platforms (bsc#1233305).
- ASoC: SOF: Add support for configuring PDM interface from topology (bsc#1233305).
- ASoC: SOF: Deprecate invalid enums in IPC3 (bsc#1233305).
- ASoC: SOF: IPC4: get pipeline priority from topology (bsc#1233305).
- ASoC: SOF: IPC4: synchronize fw_config_params with fw definitions (bsc#1233305).
- ASoC: SOF: Refactor sof_i2s_tokens reading to update acpbt dai (bsc#1233305).
- ASoC: SOF: Rename amd_bt sof_dai_type (bsc#1233305).
- ASoC: SOF: Wire up buffer flags (bsc#1233305).
- ASoC: SOF: add alignment for topology header file struct definition (bsc#1233305).
- ASoC: SOF: align topology header file with sof topology header (bsc#1233305).
- ASoC: SOF: ipc3-topology: Convert the topology pin index to ALH dai index (git-fixes).
- ASoC: SOF: ipc3-topology: fix resource leaks in sof_ipc3_widget_setup_comp_dai() (git-fixes).
- ASoC: SOF: ipc4-control: Add support for ALSA enum control (bsc#1233305).
- ASoC: SOF: ipc4-control: Add support for ALSA switch control (bsc#1233305).
- ASoC: SOF: ipc4-mtrace: move debug slot related definitions to header.h (bsc#1233305).
- ASoC: SOF: ipc4-topology: Add deep buffer size to debug prints (bsc#1233305).
- ASoC: SOF: ipc4-topology: Add definition for generic switch/enum control (bsc#1233305).
- ASoC: SOF: ipc4-topology: Add module ID print during module set up (bsc#1233305).
- ASoC: SOF: ipc4-topology: Helper to find an swidget by module/instance id (bsc#1233305).
- ASoC: SOF: ipc4-topology: Only handle dai_config with HW_PARAMS for ChainDMA (bsc#1233305).
- ASoC: SOF: ipc4-topology: change chain_dma handling in dai_config (bsc#1233305).
- ASoC: SOF: ipc4-topology: export sof_ipc4_copier_is_single_format (bsc#1233305).
- ASoC: SOF: ipc4-topology: set config_length based on device_count (bsc#1233305).
- ASoC: SOF: ipc4: Add data struct for module notification message from firmware (bsc#1233305).
- ASoC: SOF: ipc4: Add new message type: SOF_IPC4_GLB_LOAD_LIBRARY_PREPARE (bsc#1233305).
- ASoC: SOF: sof-client-probes-ipc4: Set param_size extension bits (git-fixes).
- ASoC: SOF: topology: Parse DAI type token for dspless mode (bsc#1233305).
- ASoC: SOF: topology: dynamically allocate and store DAI widget->private (bsc#1233305).
- ASoC: amd: yc: Add quirk for ASUS Vivobook S15 M3502RA (stable-fixes).
- ASoC: amd: yc: Add quirk for HP Dragonfly pro one (stable-fixes).
- ASoC: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry (git-fixes).
- ASoC: amd: yc: Fix non-functional mic on ASUS E1404FA (stable-fixes).
- ASoC: amd: yc: Support dmic on another model of Lenovo Thinkpad E14 Gen 6 (stable-fixes).
- ASoC: amd: yc: fix internal mic on Xiaomi Book Pro 14 2022 (stable-fixes).
- ASoC: atmel: mchp-pdmc: Skip ALSA restoration if substream runtime is uninitialized (git-fixes).
- ASoC: audio-graph-card2: Purge absent supplies for device tree nodes (stable-fixes).
- ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() (git-fixes).
- ASoC: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to default regs values (stable-fixes).
- ASoC: codecs: rt5640: Always disable IRQs from rt5640_cancel_work() (stable-fixes).
- ASoC: codecs: wsa883x: Handle reading version failure (stable-fixes).
- ASoC: cs42l51: Fix some error handling paths in cs42l51_probe() (git-fixes).
- ASoC: dapm: fix bounds checker error in dapm_widget_list_create (git-fixes).
- ASoC: fsl_micfil: Add sample rate constraint (stable-fixes).
- ASoC: fsl_micfil: fix regmap_write_bits usage (git-fixes).
- ASoC: fsl_sai: Enable 'FIFO continue on error' FCONT bit (stable-fixes).
- ASoC: imx-card: Set card.owner to avoid a warning calltrace if SND=m (git-fixes).
- ASoC: max98388: Fix missing increment of variable slot_found (git-fixes).
- ASoC: mediatek: mt8188-mt6359: Remove hardcoded dmic codec (git-fixes).
- ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() (git-fixes).
- ASoC: qcom: sm8250: add qrb4210-rb2-sndcard compatible string (stable-fixes).
- ASoC: rt722-sdca: Remove logically deadcode in rt722-sdca.c (git-fixes).
- ASoC: rt722-sdca: increase clk_stop_timeout to fix clock stop issue (stable-fixes).
- ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove (git-fixes).
- ASoC: stm: Prevent potential division by zero in stm32_sai_get_clk_div() (stable-fixes).
- ASoC: stm: Prevent potential division by zero in stm32_sai_mclk_round_rate() (stable-fixes).
- ASoC: tas2781: Add new driver version for tas2563 & tas2781 qfn chip (stable-fixes).
- ASoC: tas2781: Use of_property_read_reg() (stable-fixes).
- Bluetooth: Call iso_exit() on module unload (git-fixes).
- Bluetooth: ISO: Fix multiple init when debugfs is disabled (git-fixes).
- Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync (git-fixes).
- Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change (git-fixes).
- Bluetooth: Remove debugfs directory on module init failure (git-fixes).
- Bluetooth: bnep: fix wild-memory-access in proto_unregister (git-fixes).
- Bluetooth: btintel: Direct exception event to bluetooth stack (git-fixes).
- Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test (bsc#1230557)
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0489:0xe122 (stable-fixes).
- Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 (git-fixes).
- Bluetooth: fix use-after-free in device_for_each_child() (git-fixes).
- Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs (git-fixes).
- Bluetooth: hci_core: Fix calling mgmt_device_connected (git-fixes).
- Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (git-fixes).
- Documentation: kgdb: Correct parameter error (git-fixes).
- HID: Ignore battery for all ELAN I2C-HID devices (stable-fixes).
- HID: amd_sfh: Switch to device-managed dmam_alloc_coherent() (git-fixes).
- HID: core: zero-initialize the report buffer (git-fixes).
- HID: i2c-hid: Remove I2C_HID_QUIRK_SET_PWR_WAKEUP_DEV quirk (stable-fixes).
- HID: lenovo: Add support for Thinkpad X1 Tablet Gen 3 keyboard (stable-fixes).
- HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad (stable-fixes).
- HID: multitouch: Add quirk for Logitech Bolt receiver w/ Casa touchpad (stable-fixes).
- HID: multitouch: Add support for B2402FVA track point (stable-fixes).
- HID: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio (stable-fixes).
- HID: multitouch: Add support for lenovo Y9000P Touchpad (stable-fixes).
- HID: plantronics: Workaround for an unexcepted opposite volume key (stable-fixes).
- HID: wacom: Interpret tilt data from Intuos Pro BT as signed values (git-fixes).
- HID: wacom: fix when get product name maybe null pointer (git-fixes).
- Input: adp5589-keys - fix NULL pointer dereference (git-fixes).
- Input: adp5589-keys - fix adp5589_gpio_get_value() (git-fixes).
- Input: edt-ft5x06 - fix regmap leak when probe fails (git-fixes).
- Input: hideep - add missing dependency on REGMAP_I2C (git-fixes).
- Input: hycon-hy46xx - add missing dependency on REGMAP_I2C (git-fixes).
- Input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk table (stable-fixes).
- Input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk table (stable-fixes).
- Input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD line (stable-fixes).
- Input: xpad - add GameSir T4 Kaleid Controller support (git-fixes).
- Input: xpad - add GameSir VID for Xbox One controllers (git-fixes).
- Input: xpad - add support for 8BitDo Ultimate 2C Wireless Controller (git-fixes).
- Input: xpad - add support for MSI Claw A1M (git-fixes).
- Input: xpad - add support for Machenike G5 Pro Controller (git-fixes).
- Input: xpad - fix support for some third-party controllers (git-fixes).
- Input: xpad - sort xpad_device by vendor and product ID (git-fixes).
- Input: xpad - spelling fixes for "Xbox" (git-fixes).
- KVM: Fix coalesced_mmio_has_room() to avoid premature userspace exit (git-fixes).
- KVM: PPC: Book3S HV: Avoid returning to nested hypervisor on pending doorbells (bsc#1215199).
- KVM: PPC: Book3S HV: Stop using vc->dpdes for nested KVM guests (bsc#1215199).
- KVM: PPC: Book3S HV: remove unused varible (bsc#1194869).
- KVM: SEV-ES: Fix svm_get_msr()/svm_set_msr() for KVM_SEV_ES_INIT guests (bsc#1232207).
- KVM: SEV-ES: Prevent MSR access post VMSA encryption (bsc#1232207).
- KVM: SVM: Disallow guest from changing userspace's MSR_AMD64_DE_CFG value (git-fixes).
- KVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock (git-fixes).
- KVM: VMX: Also clear SGX EDECCSSA in KVM CPU caps when SGX is disabled (git-fixes).
- KVM: VMX: Set PFERR_GUEST_{FINAL,PAGE}_MASK if and only if the GVA is valid (git-fixes).
- KVM: Write the per-page "segment" when clearing (part of) a guest page (git-fixes).
- KVM: s390: Change virtual to physical address access in diag 0x258 handler (git-fixes bsc#1232626).
- KVM: s390: Fix SORTL and DFLTCC instruction format error in __insn32_query (git-fixes bsc#1231276).
- KVM: s390: gaccess: Check if guest address is in memslot (git-fixes bsc#1232623).
- KVM: x86/mmu: Skip emulation on page fault iff 1+ SPs were unprotected (git-fixes).
- KVM: x86/mmu: Trigger unprotect logic only on write-protection page faults (git-fixes).
- KVM: x86: Dedup fastpath MSR post-handling logic (git-fixes).
- KVM: x86: Enforce x2APIC's must-be-zero reserved ICR bits (git-fixes).
- KVM: x86: Exit to userspace if fastpath triggers one on instruction skip (git-fixes).
- KVM: x86: Move x2APIC ICR helper above kvm_apic_write_nodecode() (git-fixes).
- KVM: x86: Re-enter guest if WRMSR(X2APIC_ICR) fastpath is successful (git-fixes).
- KVM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC) (git-fixes).
- NFS: Avoid unnecessary rescanning of the per-server delegation list (git-fixes).
- NFS: remove revoked delegation from server's delegation list (git-fixes).
- NFSD: Fix NFSv4's PUTPUBFH operation (git-fixes).
- NFSD: Mark filecache "down" if init fails (git-fixes).
- NFSv3: only use NFS timeout for MOUNT when protocols are compatible (bsc#1231016).
- NFSv4: Fix clearing of layout segments in layoutreturn (git-fixes).
- PCI: Add ACS quirk for Qualcomm SA8775P (stable-fixes).
- PCI: Add T_PVPERL macro (git-fixes).
- PCI: Add function 0 DMA alias quirk for Glenfly Arise chip (stable-fixes).
- PCI: Fix pci_enable_acs() support for the ACS quirks (bsc#1229019).
- PCI: Fix reset_method_store() memory leak (git-fixes).
- PCI: Mark Creative Labs EMU20k2 INTx masking as broken (stable-fixes).
- PCI: endpoint: Clear secondary (not primary) EPC in pci_epc_remove_epf() (git-fixes).
- PCI: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds (git-fixes).
- PCI: keystone: Add link up check to ks_pcie_other_map_bus() (git-fixes).
- PCI: keystone: Set mode as Root Complex for "ti,keystone-pcie" compatible (git-fixes).
- PCI: rockchip-ep: Fix address translation unit programming (git-fixes).
- RAS/AMD/ATL: Add amd_atl pr_fmt() prefix (jsc#PED-10559).
- RAS/AMD/ATL: Expand helpers for adding and removing base and hole (jsc#PED-10559).
- RAS/AMD/ATL: Implement DF 4.5 NP2 denormalization (jsc#PED-10559).
- RAS/AMD/ATL: Read DRAM hole base early (jsc#PED-10559).
- RAS/AMD/ATL: Validate address map when information is gathered (jsc#PED-10559).
- RDMA/bnxt_re: Add a check for memory allocation (git-fixes)
- RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop (git-fixes)
- RDMA/bnxt_re: Change the sequence of updating the CQ toggle value (git-fixes)
- RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey (git-fixes)
- RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (git-fixes)
- RDMA/bnxt_re: Fix a possible memory leak (git-fixes)
- RDMA/bnxt_re: Fix incorrect AVID type in WQE structure (git-fixes)
- RDMA/bnxt_re: Fix incorrect dereference of srq in async event (git-fixes)
- RDMA/bnxt_re: Fix out of bound check (git-fixes)
- RDMA/bnxt_re: Fix the GID table length (git-fixes)
- RDMA/bnxt_re: Fix the max CQ WQEs for older adapters (git-fixes)
- RDMA/bnxt_re: Fix the usage of control path spin locks (git-fixes)
- RDMA/bnxt_re: Return more meaningful error (git-fixes)
- RDMA/bnxt_re: synchronize the qp-handle table array (git-fixes)
- RDMA/core: Fix ENODEV error for iWARP test over vlan (git-fixes)
- RDMA/cxgb4: Dump vendor specific QP details (git-fixes)
- RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP (git-fixes)
- RDMA/hns: Add mutex_destroy() (git-fixes)
- RDMA/hns: Disassociate mmap pages for all uctx when HW is being reset (git-fixes)
- RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (git-fixes)
- RDMA/hns: Fix an AEQE overflow error caused by untimely update of eq_db_ci (git-fixes)
- RDMA/hns: Fix cpu stuck caused by printings during reset (git-fixes)
- RDMA/hns: Fix different dgids mapping to the same dip_idx (git-fixes)
- RDMA/hns: Fix flush cqe error when racing with destroy qp (git-fixes)
- RDMA/hns: Fix out-of-order issue of requester when setting FENCE (git-fixes)
- RDMA/hns: Use dev_* printings in hem code instead of ibdev_* (git-fixes)
- RDMA/hns: Use macro instead of magic number (git-fixes)
- RDMA/irdma: Fix misspelling of "accept*" (git-fixes)
- RDMA/mad: Improve handling of timed out WRs of mad agent (git-fixes)
- RDMA/mana_ib: use the correct page size for mapping user-mode doorbell page (git-fixes).
- RDMA/mana_ib: use the correct page table index based on hardware page size (git-fixes).
- RDMA/mlx5: Enforce umem boundaries for explicit ODP page faults (git-fixes)
- RDMA/mlx5: Move events notifier registration to be after device registration (git-fixes)
- RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down (git-fixes)
- RDMA/mlx5: Use sq timestamp as QP timestamp when RoCE is disabled (git-fixes).
- RDMA/rtrs-srv: Avoid null pointer deref during path establishment (git-fixes)
- RDMA/rxe: Fix the qp flush warnings in req (git-fixes)
- RDMA/rxe: Set queue pair cur_qp_state when being queried (git-fixes)
- RDMA/siw: Add sendpage_ok() check to disable MSG_SPLICE_PAGES (git-fixes)
- RDMA/srpt: Make slab cache names unique (git-fixes)
- SUNRPC: Fix integer overflow in decode_rc_list() (git-fixes).
- SUNRPC: Fixup gss_status tracepoint error output (git-fixes).
- SUNRPC: Remove BUG_ON call sites (git-fixes).
- SUNRPC: clnt.c: Remove misleading comment (git-fixes).
- USB: appledisplay: close race between probe and completion handler (git-fixes).
- USB: chaoskey: Fix possible deadlock chaoskey_list_lock (git-fixes).
- USB: chaoskey: fail open after removal (git-fixes).
- USB: gadget: dummy-hcd: Fix "task hung" problem (git-fixes).
- USB: misc: cypress_cy7c63: check for short transfer (git-fixes).
- USB: misc: yurex: fix race between read and write (git-fixes).
- USB: serial: ftdi_sio: Fix atomicity violation in get_serial_info() (git-fixes).
- USB: serial: io_edgeport: fix use after free in debug printk (git-fixes).
- USB: serial: option: add Fibocom FG132 0x0112 composition (stable-fixes).
- USB: serial: option: add Quectel RG650V (stable-fixes).
- USB: serial: option: add Telit FN920C04 MBIM compositions (stable-fixes).
- USB: serial: option: add support for Quectel EG916Q-GL (stable-fixes).
- USB: serial: qcserial: add support for Sierra Wireless EM86xx (stable-fixes).
- Use pahole -j1 option for reproducible builds (bsc#1230414 bsc#1229450).
- accel/qaic: Fix the for loop used to walk SG table (git-fixes).
- accel: Use XArray instead of IDR for minors (jsc#PED-11580).
- acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() (git-fixes).
- ad7780: fix division by zero in ad7780_write_raw() (git-fixes).
- aes-gcm-p10: Use the correct bit to test for P10 (bsc#1232704).
- amd-pstate: Set min_perf to nominal_perf for active mode performance gov (git-fixes).
- apparmor: fix 'Do simple duplicate message elimination' (git-fixes).
- apparmor: test: Fix memory leak for aa_unpack_strdup() (git-fixes).
- apparmor: use kvfree_sensitive to free data->data (git-fixes).
- arm64: Subscribe Microsoft Azure Cobalt 100 to erratum 3194386 (git-fixes)
- arm64: cputype: Add Neoverse-N3 definitions (git-fixes)
- arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer (git-fixes)
- arm64: dts: freescale: imx8mm-verdin: Fix SD regulator startup delay (git-fixes)
- arm64: dts: freescale: imx8mp-verdin: Fix SD regulator startup delay (git-fixes)
- arm64: dts: imx8-ss-vpu: Fix imx8qm VPU IRQs (git-fixes)
- arm64: dts: imx8qxp: Add VPU subsystem file (git-fixes)
- arm64: dts: imx93: add nvmem property for eqos (git-fixes)
- arm64: dts: imx93: add nvmem property for fec1 (git-fixes)
- arm64: dts: imx93: add ocotp node (git-fixes)
- arm64: dts: rockchip: Add DTS for FriendlyARM NanoPi R2S Plus (git-fixes)
- arm64: dts: rockchip: Correct GPIO polarity on brcm BT nodes (git-fixes)
- arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc (git-fixes)
- arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards (git-fixes)
- arm64: dts: rockchip: Fix bluetooth properties on rk3566 box demo (git-fixes)
- arm64: dts: rockchip: Fix reset-gpios property on brcm BT nodes (git-fixes)
- arm64: dts: rockchip: Fix rt5651 compatible value on (git-fixes)
- arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-eaidk-610 (git-fixes)
- arm64: dts: rockchip: Fix wakeup prop names on PineNote BT node (git-fixes)
- arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma (git-fixes)
- arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328 (git-fixes)
- arm64: dts: rockchip: Remove undocumented supports-emmc property (git-fixes)
- arm64: dts: rockchip: fix i2c2 pinctrl-names property on (git-fixes)
- arm64: dts: rockchip: remove num-slots property from (git-fixes)
- arm64: dts: rockchip: remove orphaned pinctrl-names from pinephone (git-fixes)
- arm64: errata: Enable the AC03_CPU_38 workaround for ampere1a (git-fixes).
- arm64: errata: Expand speculative SSBS workaround once more (git-fixes)
- arm64: esr: Define ESR_ELx_EC_* constants as UL (git-fixes)
- arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG (git-fixes)
- arm64: fix selection of HAVE_DYNAMIC_FTRACE_WITH_ARGS (git-fixes).
- arm64: probes: Fix simulate_ldr*_literal() (git-fixes)
- arm64: probes: Fix uprobes for big-endian kernels (git-fixes)
- arm64: probes: Remove broken LDR (literal) uprobe support (git-fixes)
- arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint (git-fixes)
- arm64: smccc: replace custom COUNT_ARGS() & CONCATENATE() (git-fixes)
- arm64: tegra: Move AGX Orin nodes to correct location (git-fixes)
- arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled (git-fixes)
- ata: libata: Set DID_TIME_OUT for commands that actually timed out (git-fixes).
- ata: libata: avoid superfluous disk spin down + spin up during hibernation (git-fixes).
- audit: do not WARN_ON_ONCE(!current->mm) in audit_exe_compare() (git-fixes).
- audit: do not take task_lock() in audit_exe_compare() code path (git-fixes).
- block: print symbolic error name instead of error code (bsc#1231872).
- block: sed-opal: add ioctl IOC_OPAL_SET_SID_PW (bsc#1229677).
- bnxt_en: Cap the size of HWRM_PORT_PHY_QCFG forwarded response (git-fixes).
- bnxt_en: Fix error recovery for 5760X (P7) chips (git-fixes).
- bnxt_en: Fix the PCI-AER routines (git-fixes).
- bnxt_en: Restore PTP tx_avail count in case of skb_pad() error (git-fixes).
- bnxt_en: refactor reset close code (git-fixes).
- bpf, arm64: Fix address emission with tag-based KASAN enabled (git-fixes)
- bpf, arm64: Remove garbage frame for struct_ops trampoline (git-fixes)
- bpf, lsm: Add disabled BPF LSM hook list (git-fixes).
- bpf, net: Fix a potential race in do_sock_getsockopt() (git-fixes).
- bpf, sockmap: SK_DROP on attempted redirects of unsupported af_vsock (git-fixes).
- bpf, verifier: Correct tail_call_reachable for bpf prog (git-fixes).
- bpf, vsock: Drop static vsock_bpf_prot initialization (git-fixes).
- bpf, x64: Remove tail call detection (git-fixes).
- bpf,perf: Fix perf_event_detach_bpf_prog error handling (git-fixes).
- bpf: Fail verification for sign-extension of packet data/data_end/data_meta (git-fixes).
- bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit (git-fixes).
- bpf: Fix error message on kfunc arg type mismatch (git-fixes).
- bpf: Fix helper writes to read-only maps (git-fixes).
- bpf: Fix tailcall cases in test_bpf (git-fixes).
- bpf: Fix truncation bug in coerce_reg_to_size_sx() (git-fixes).
- bpf: Improve check_raw_mode_ok test for MEM_UNINIT-tagged types (git-fixes).
- bpf: Remove truncation test in bpf_strtol and bpf_strtoul helpers (git-fixes).
- bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error (git-fixes).
- bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos (git-fixes).
- btf, scripts: rust: drop is_rust_module.sh (bsc#1230414 bsc#1229450).
- btrfs: merge btrfs_orig_bbio_end_io() into btrfs_bio_end_io() (bsc#1233193)
- btrfs: send: fix invalid clone operation for file that got its size decreased (git-fixes).
- can: c_can: c_can_handle_bus_err(): update statistics if skb allocation fails (git-fixes).
- can: c_can: fix {rx,tx}_errors statistics (git-fixes).
- can: dev: can_set_termination(): allow sleeping GPIOs (git-fixes).
- can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: hi311x: hi3110_can_ist(): fix potential use-after-free (git-fixes).
- can: hi311x: hi3110_can_ist(): fix {rx,tx}_errors statistics (git-fixes).
- can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: j1939: j1939_session_new(): fix skb reference counting (git-fixes).
- can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: mcp251xfd: mcp251xfd_get_tef_len(): fix length calculation (git-fixes).
- can: mcp251xfd: mcp251xfd_get_tef_len(): work around erratum DS80000789E 6 (git-fixes).
- can: mcp251xfd: mcp251xfd_ring_alloc(): fix coalescing configuration when switching CAN modes (git-fixes).
- can: netlink: avoid call to do_set_data_bittiming callback with stale can_priv::ctrlmode (stable-fixes).
- can: sja1000: sja1000_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL (git-fixes).
- can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics (git-fixes).
- ceph: fix cap ref leak via netfs init_request (bsc#1231384).
- cgroup/bpf: only cgroup v2 can be attached by bpf programs (bsc#1234108).
- clk: bcm: bcm53573: fix OF node leak in init (stable-fixes).
- clk: clk-apple-nco: Add NULL check in applnco_probe (git-fixes).
- clk: clk-axi-clkgen: make sure to enable the AXI bus clock (git-fixes).
- clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D (stable-fixes).
- clk: imx: clk-scu: fix clk enable state save and restore (git-fixes).
- clk: imx: fracn-gppll: correct PLL initialization flow (git-fixes).
- clk: imx: fracn-gppll: fix pll power up (git-fixes).
- clk: imx: lpcg-scu: SW workaround for errata (e10858) (git-fixes).
- clk: qcom: clk-alpha-pll: drop lucid-evo pll enabled warning (git-fixes).
- clk: qcom: clk-alpha-pll: fix lucid 5lpe pll enabled check (git-fixes).
- clk: qcom: gcc-qcs404: fix initial rate of GPLL3 (git-fixes).
- clk: renesas: rzg2l: Fix FOUTPOSTDIV clk (git-fixes).
- clk: sunxi-ng: d1: Fix PLL_AUDIO0 preset (git-fixes).
- comedi: Flush partial mappings in error case (git-fixes).
- comedi: ni_routing: tools: Check when the file could not be opened (stable-fixes).
- config s390x: build ultravisor userspace access into the kernel (bsc#1232090)
- config.sh: Remove Arm build project, we do not build armv7 configs
- config: Disable LAM on x86 (bsc#1217845)
- cpufreq/amd-pstate: Fix amd_pstate mode switch on shared memory systems (git-fixes).
- cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost() (git-fixes).
- cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw() (git-fixes).
- cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_cost() (git-fixes).
- cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_power() (git-fixes).
- cpufreq: loongson2: Unregister platform_driver on failure (git-fixes).
- cpufreq: mediatek-hw: Fix wrong return value in mtk_cpufreq_get_cpu_power() (git-fixes).
- crypto: aes-gcm-p10 - Use the correct bit to test for P10 (bsc#1232704).
- crypto: api - Fix liveliness check in crypto_alg_tested (stable-fixes).
- crypto: bcm - add error check in the ahash_hmac_init function (git-fixes).
- crypto: caam - Fix the pointer passed to caam_qi_shutdown() (git-fixes).
- crypto: caam - add error check to caam_rsa_set_priv_key_form (git-fixes).
- crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() (git-fixes).
- crypto: cavium - Fix the if condition to exit loop after timeout (git-fixes).
- crypto: hisilicon/qm - flush all work before driver removed (bsc#1232075)
- crypto: inside-secure - Fix the return value of safexcel_xcbcmac_cra_init() (git-fixes).
- crypto: octeontx - Fix authenc setkey (stable-fixes).
- crypto: octeontx* - Select CRYPTO_AUTHENC (git-fixes).
- crypto: octeontx2 - Fix authenc setkey (stable-fixes).
- crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY (git-fixes).
- crypto: powerpc/p10-aes-gcm - Add dependency on CRYPTO_SIMD and re-enable CRYPTO_AES_GCM_P10 (bsc#1230501 ltc#208632).
- crypto: powerpc/p10-aes-gcm - Disable CRYPTO_AES_GCM_P10 (bsc#1230501 ltc#208632).
- crypto: powerpc/p10-aes-gcm - Re-write AES/GCM stitched implementation (bsc#1230501 ltc#208632).
- crypto: powerpc/p10-aes-gcm - Register modules as SIMD (bsc#1230501 ltc#208632).
- crypto: qat - remove check after debugfs_create_dir() (git-fixes).
- crypto: qat - remove faulty arbiter config reset (git-fixes).
- crypto: qat/qat_4xxx - fix off by one in uof_get_name() (git-fixes).
- crypto: x86/aegis128 - access 32-bit arguments as 32-bit (git-fixes).
- cxgb4: Properly lock TX queue for the selftest (git-fixes).
- cxgb4: add forgotten u64 ivlan cast before shift (git-fixes).
- cxgb4: unnecessary check for 0 in the free_sge_txq_uld() function (git-fixes).
- cxl: downgrade a warning message to debug level in cxl_probe_component_regs() (bsc#1229165).
- dcache: keep dentry_hashtable or d_hash_shift even when not used (git-fixes).
- debugfs: fix automount d_fsdata usage (git-fixes).
- devlink: Fix command annotation documentation (git-fixes).
- dma-fence: Fix reference leak on fence merge failure path (git-fixes).
- dma-fence: Use kernel's sort for merging fences (git-fixes).
- dmaengine: sh: rz-dmac: handle configs where one address is zero (git-fixes).
- dmaengine: ti: k3-udma: Set EOP for all TRs in cyclic BCDMA transfer (git-fixes).
- doc: rcu: update printed dynticks counter bits (git-fixes).
- driver core: bus: Fix double free in driver API bus_register() (stable-fixes).
- driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute (stable-fixes).
- drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend() (git-fixes).
- drm/amd/amdgpu: Fix double unlock in amdgpu_mes_add_ring (git-fixes).
- drm/amd/display: Add HDMI DSC native YCbCr422 support (stable-fixes).
- drm/amd/display: Add disable timeout option (bsc#1231435)
- drm/amd/display: Adjust VSDB parser for replay feature (stable-fixes).
- drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944)
- drm/amd/display: Check null pointer before dereferencing se (stable-fixes).
- drm/amd/display: Clean up dsc blocks in accelerated mode (stable-fixes).
- drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too (stable-fixes).
- drm/amd/display: Fix brightness level not retained over reboot (git-fixes).
- drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe (git-fixes).
- drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp (git-fixes).
- drm/amd/display: Remove a redundant check in authenticated_dp (stable-fixes).
- drm/amd/display: Revert "Check HDCP returned status" (stable-fixes).
- drm/amd/display: Round calculated vtotal (stable-fixes).
- drm/amd/display: Skip to enable dsc if it has been off (stable-fixes).
- drm/amd/display: Validate backlight caps are sane (stable-fixes).
- drm/amd/pm: Vangogh: Fix kernel memory out of bounds write (git-fixes).
- drm/amd: Add some missing straps from NBIO 7.11.0 (git-fixes).
- drm/amd: Fix initialization mistake for NBIO 7.7.0 (stable-fixes).
- drm/amd: Guard against bad data for ATIF ACPI method (git-fixes).
- drm/amdgpu/swsmu: Only force workload setup on init (git-fixes).
- drm/amdgpu/vcn: enable AV1 on both instances (stable-fixes).
- drm/amdgpu: Adjust debugfs eviction and IB access permissions (stable-fixes).
- drm/amdgpu: Adjust debugfs register access permissions (stable-fixes).
- drm/amdgpu: Fix DPX valid mode check on GC 9.4.3 (git-fixes).
- drm/amdgpu: Fix JPEG v4.0.3 register write (git-fixes).
- drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() (stable-fixes).
- drm/amdgpu: fix check in gmc_v9_0_get_vm_pte() (git-fixes).
- drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported (git-fixes).
- drm/amdkfd: Accounting pdd vram_usage for svm (stable-fixes).
- drm/amdkfd: Fix wrong usage of INIT_WORK() (git-fixes).
- drm/bridge: anx7625: Drop EDID cache on bridge power off (git-fixes).
- drm/bridge: it6505: Drop EDID cache on bridge power off (git-fixes).
- drm/bridge: tc358767: Fix link properties discovery (git-fixes).
- drm/bridge: tc358768: Fix DSI command tx (git-fixes).
- drm/etnaviv: Request pages from DMA32 zone on addressing_limited (git-fixes).
- drm/etnaviv: hold GPU lock across perfmon sampling (git-fixes).
- drm/i915/gem: fix bitwise and logical AND mixup (git-fixes).
- drm/i915/hdcp: fix connector refcounting (git-fixes).
- drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- drm/mediatek: Fix child node refcount handling in early exit (git-fixes).
- drm/mediatek: Fix get efuse issue for MT8188 DPTX (git-fixes).
- drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused (git-fixes).
- drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk() (git-fixes).
- drm/msm/dpu: check for overflow in _dpu_crtc_setup_lm_bounds() (git-fixes).
- drm/msm/dpu: do not always program merge_3d block (git-fixes).
- drm/msm/dpu: drop LM_3 / LM_4 on MSM8998 (git-fixes).
- drm/msm/dpu: drop LM_3 / LM_4 on SDM845 (git-fixes).
- drm/msm/dpu: make sure phys resources are properly initialized (git-fixes).
- drm/msm/dpu: move CRTC resource assignment to dpu_encoder_virt_atomic_check (git-fixes).
- drm/msm/dpu: on SDM845 move DSPP_3 to LM_5 block (git-fixes).
- drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation (git-fixes).
- drm/msm/dsi: improve/fix dsc pclk calculation (git-fixes).
- drm/msm/gpu: Check the status of registration to PM QoS (git-fixes).
- drm/msm: Allocate memory for disp snapshot with kvzalloc() (git-fixes).
- drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() (git-fixes).
- drm/msm: Fix some typos in comment (git-fixes).
- drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new() (git-fixes).
- drm/omap: Fix locking in omap_gem_new_dmabuf() (git-fixes).
- drm/omap: Fix possible NULL dereference (git-fixes).
- drm/panfrost: Add missing OPP table refcnt decremental (git-fixes).
- drm/panfrost: Remove unused id_mask from struct panfrost_model (git-fixes).
- drm/radeon: Fix encoder->possible_clones (git-fixes).
- drm/rockchip: vop: Fix a dereferenced before check warning (git-fixes).
- drm/sched: Add locking to drm_sched_entity_modify_sched (git-fixes).
- drm/sched: Always wake up correct scheduler in drm_sched_entity_push_job (git-fixes).
- drm/sti: Add __iomem for mixer_dbg_mxn's parameter (git-fixes).
- drm/sti: avoid potential dereference of error pointers (git-fixes).
- drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check (git-fixes).
- drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check (git-fixes).
- drm/v3d: Address race-condition in MMU flush (git-fixes).
- drm/v3d: Enable Performance Counters before clearing them (git-fixes).
- drm/v3d: Stop the active perfmon before being destroyed (git-fixes).
- drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA (stable-fixes).
- drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_atomic_flush (git-fixes).
- drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_lut_load (git-fixes).
- drm/vc4: Stop the active perfmon before being destroyed (git-fixes).
- drm/vc4: hdmi: Avoid hang with debug registers when suspended (git-fixes).
- drm/vc4: hvs: Correct logic on stopping an HVS channel (git-fixes).
- drm/vc4: hvs: Do not write gamma luts on 2711 (git-fixes).
- drm/vc4: hvs: Fix dlist debug not resetting the next entry pointer (git-fixes).
- drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs function (git-fixes).
- drm/vkms: Drop unnecessary call to drm_crtc_cleanup() (git-fixes).
- drm/vmwgfx: Handle surface check failure correctly (git-fixes).
- drm/vmwgfx: Limit display layout ioctl array size to VMWGFX_NUM_DISPLAY_UNITS (stable-fixes).
- drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS (git-fixes).
- drm: Expand max DRM device number to full MINORBITS (jsc#PED-11580).
- drm: Use XArray instead of IDR for minors (jsc#PED-11580).
- drm: use ATOMIC64_INIT() for atomic64_t (git-fixes).
- drm: xlnx: zynqmp_dpsub: fix hotplug detection (git-fixes).
- drm: zynqmp_kms: Unplug DRM device before removal (git-fixes).
- e1000e: Fix S0ix residency on corporate systems (git-fixes).
- e1000e: Remove Meteor Lake SMBUS workarounds (git-fixes).
- e1000e: change I219 (19) devices to ADP (git-fixes).
- e1000e: fix force smbus during suspend flow (git-fixes).
- e1000e: move force SMBUS near the end of enable_ulp function (git-fixes).
- efi/libstub: Free correct pointer on failure (git-fixes).
- efi/libstub: fix efi_parse_options() ignoring the default command line (git-fixes).
- efi/libstub: zboot.lds: Discard .discard sections (stable-fixes).
- efi/memattr: Ignore table if the size is clearly bogus (bsc#1231465).
- efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption (stable-fixes).
- eth: bnxt: fix counting packets discarded due to OOM and netpoll (git-fixes).
- ext4: do not track ranges in fast_commit if inode has inlined data (bsc#1231635).
- ext4: fix fast commit inode enqueueing during a full journal commit (bsc#1231636).
- ext4: fix incorrect tid assumption in ext4_fc_mark_ineligible() (bsc#1231637).
- ext4: fix possible tid_t sequence overflows (bsc#1231634).
- ext4: fix slab-use-after-free in ext4_split_extent_at() (bsc#1232201)
- ext4: fix unttached inode after power cut with orphan file feature enabled (bsc#1234009).
- ext4: mark fc as ineligible using an handle in ext4_xattr_set() (bsc#1231640).
- ext4: use handle to mark fc as ineligible in __track_dentry_update() (bsc#1231639).
- f2fs: get out of a repeat loop when getting a locked data page (bsc#1234011).
- fat: fix uninitialized variable (git-fixes).
- fbcon: Fix a NULL pointer dereference issue in fbcon_putcs (stable-fixes).
- fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() (git-fixes).
- fbdev: sisfb: Fix strbuf array overflow (stable-fixes).
- fgraph: Change the name of cpuhp state to "fgraph:online" (git-fixes).
- fgraph: Fix missing unlock in register_ftrace_graph() (git-fixes).
- fgraph: Use CPU hotplug mechanism to initialize idle shadow stacks (git-fixes).
- filemap: remove use of wait bookmarks (bsc#1224088).
- firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() (git-fixes).
- firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup() (git-fixes).
- firmware: arm_scpi: Check the DVFS OPP count returned by the firmware (git-fixes).
- firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state() (git-fixes).
- firmware: google: Unregister driver_info on failure (git-fixes).
- firmware_loader: Fix possible resource leak in fw_log_firmware_info() (git-fixes).
- fs/9p: drop inodes immediately on non-.L too (git-fixes).
- fs/9p: fix the cache always being enabled on files with qid flags (git-fixes).
- fs/ntfs3: Add more attributes checks in mi_enum_attr() (bsc#1233207)
- fs/ntfs3: Fixed overflow check in mi_enum_attr() (bsc#1233207)
- fs/ntfs3: Sequential field availability check in mi_enum_attr() (bsc#1233207)
- fs: Fix uninitialized value issue in from_kuid and from_kgid (git-fixes).
- genirq/msi: Fix off-by-one error in msi_domain_alloc() (git-fixes).
- goldfish: Fix unused const variable 'goldfish_pipe_acpi_match' (git-fixes).
- gpio: aspeed: Add the flush write to ensure the write complete (git-fixes).
- gpio: aspeed: Use devm_clk api to manage clock source (git-fixes).
- gpio: davinci: fix lazy disable (git-fixes).
- gpio: exar: set value when external pull-up or pull-down is present (git-fixes).
- gpio: zevio: Add missed label initialisation (git-fixes).
- gve: Fix XDP TX completion handling when counters overflow (git-fixes).
- gve: Fix an edge case for TSO skb validity check (git-fixes).
- gve: ignore nonrelevant GSO type bits when processing TSO headers (git-fixes).
- hid: intel-ish-hid: Fix uninitialized variable 'rv' in ish_fw_xfer_direct_dma (git-fixes).
- hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event (git-fixes).
- hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer (git-fixes).
- hwmon: (adm9240) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (adt7470) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (max16065) Fix alarm attributes (git-fixes).
- hwmon: (max16065) Remove use of i2c_match_id() (stable-fixes).
- hwmon: (mc34vr500) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (nct6775) add G15CF to ASUS WMI monitoring list (stable-fixes).
- hwmon: (nct6775-core) Fix overflows seen when writing limit attributes (git-fixes).
- hwmon: (tmp513) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (tps23861) Fix reporting of negative temperatures (git-fixes).
- hwmon: intel-m10-bmc-hwmon: relabel Columbiaville to CVL Die Temperature (git-fixes).
- i2c: core: Setup i2c_adapter runtime-pm before calling device_add() (git-fixes).
- i2c: core: fix lockdep warning for sparsely nested adapter chain (git-fixes).
- i2c: cpm: Remove linux,i2c-index conversion from be32 (git-fixes).
- i2c: designware: do not hold SCL low when I2C_DYNAMIC_TAR_UPDATE is not set (git-fixes).
- i2c: exynos5: Calculate t_scl_l, t_scl_h according to i2c spec (git-fixes).
- i2c: i801: Add lis3lv02d for Dell Precision 3540 (git-fixes).
- i2c: i801: Add lis3lv02d for Dell XPS 15 7590 (git-fixes).
- i2c: i801: Use a different adapter-name for IDF adapters (stable-fixes).
- i2c: i801: add helper i801_restore_regs (git-fixes).
- i2c: ismt: kill transaction in hardware on timeout (git-fixes).
- i2c: ocores: Move system PM hooks to the NOIRQ phase (git-fixes).
- i2c: ocores: Remove #ifdef guards for PM related functions (git-fixes).
- i2c: omap: switch to NOIRQ_SYSTEM_SLEEP_PM_OPS() and RUNTIME_PM_OPS() (git-fixes).
- i2c: omap: wakeup the controller during suspend() callback (git-fixes).
- i2c: rcar: properly format a debug output (git-fixes).
- i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume (git-fixes).
- i2c: stm32f7: perform most of irq job in threaded handler (git-fixes).
- i2c: synquacer: Deal with optional PCLK correctly (git-fixes).
- i2c: synquacer: Remove a clk reference from struct synquacer_i2c (stable-fixes).
- i2c: xiic: Try re-initialization on bus busy timeout (git-fixes).
- i2c: xiic: improve error message when transfer fails to start (stable-fixes).
- i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() (git-fixes).
- i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition (stable-fixes).
- i3c: master: svc: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- i40e: Fix XDP program unloading while removing the driver (git-fixes).
- i40e: Report MFS in decimal base instead of hex (git-fixes).
- i40e: fix race condition by adding filter's intermediate sync state (git-fixes).
- iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call (git-fixes).
- iavf: Fix TC config comparison with existing adapter TC config (git-fixes).
- ice: Fix VSI list rule with ICE_SW_LKUP_LAST type (git-fixes).
- ice: Fix checking for unsupported keys on non-tunnel device (git-fixes).
- ice: Fix lldp packets dropping after changing the number of channels (git-fixes).
- ice: Fix netif_is_ice() in Safe Mode (git-fixes).
- ice: Fix package download algorithm (git-fixes).
- ice: Fix recipe read procedure (git-fixes).
- ice: Fix reset handler (git-fixes).
- ice: Flush FDB entries before reset (git-fixes).
- ice: Interpret .set_channels() input differently (git-fixes).
- ice: Rebuild TC queues on VSI queue reconfiguration (git-fixes).
- ice: Reject pin requests with unsupported flags (git-fixes).
- ice: add flag to distinguish reset from .ndo_bpf in XDP rings config (git-fixes).
- ice: add missing WRITE_ONCE when clearing ice_rx_ring::xdp_prog (git-fixes).
- ice: avoid IRQ collision to fix init failure on ACPI S3 resume (git-fixes).
- ice: clear port vlan config during reset (git-fixes).
- ice: disallow DPLL_PIN_STATE_SELECTABLE for dpll output pins (git-fixes).
- ice: do not bring the VSI up, if it was down before the XDP setup (git-fixes).
- ice: do not busy wait for Rx queue disable in ice_qp_dis() (git-fixes).
- ice: fix 200G PHY types to link speed mapping (git-fixes).
- ice: fix 200G link speed message log (git-fixes).
- ice: fix ICE_LAST_OFFSET formula (git-fixes).
- ice: fix VLAN replay after reset (git-fixes).
- ice: fix VSI lists confusion when adding VLANs (git-fixes).
- ice: fix accounting for filters shared by multiple VSIs (git-fixes).
- ice: fix accounting if a VLAN already exists (git-fixes).
- ice: fix iteration of TLVs in Preserved Fields Area (git-fixes).
- ice: fix page reuse when PAGE_SIZE is over 8k (git-fixes).
- ice: fix reads from NVM Shadow RAM on E830 and E825-C devices (git-fixes).
- ice: fix truesize operations for PAGE_SIZE >= 8192 (git-fixes).
- ice: implement AQ download pkg retry (git-fixes).
- ice: map XDP queues to vectors in ice_vsi_map_rings_to_vectors() (git-fixes).
- ice: remove af_xdp_zc_qps bitmap (git-fixes).
- ice: replace synchronize_rcu with synchronize_net (git-fixes).
- ice: respect netif readiness in AF_XDP ZC related ndo's (git-fixes).
- ice: set correct dst VSI in only LAN filters (git-fixes).
- ice: tc: allow zero flags in parsing tc flower (git-fixes).
- ice: tc: check src_vsi in case of traffic from VF (git-fixes).
- ice: use proper macro for testing bit (git-fixes).
- idpf: Interpret .set_channels() input differently (git-fixes).
- idpf: avoid bloating &idpf_q_vector with big %NR_CPUS (git-fixes).
- idpf: do not enable NAPI and interrupts prior to allocating Rx buffers (git-fixes).
- idpf: do not skip over ethtool tcp-data-split setting (git-fixes).
- idpf: fix UAFs when destroying the queues (git-fixes).
- idpf: fix memleak in vport interrupt configuration (git-fixes).
- idpf: fix memory leaks and crashes while performing a soft reset (git-fixes).
- ieee802154: Fix build error (git-fixes).
- igb: Always call igb_xdp_ring_update_tail() under Tx lock (git-fixes).
- igb: Disable threaded IRQ for igb_msix_other (git-fixes).
- igb: Fix not clearing TimeSync interrupts for 82580 (git-fixes).
- igc: Fix double reset adapter triggered from a single taprio cmd (git-fixes).
- igc: Fix packet still tx after gate close by reducing i226 MAC retry buffer (git-fixes).
- igc: Fix qbv tx latency by setting gtxoffset (git-fixes).
- igc: Fix qbv_config_change_errors logics (git-fixes).
- igc: Fix reset adapter logics when tx mode change (git-fixes).
- igc: Unlock on error in igc_io_resume() (git-fixes).
- iio: Fix fwnode_handle in __fwnode_iio_channel_get_by_name() (git-fixes).
- iio: accel: bma400: Fix uninitialized variable field_value in tap event handling (git-fixes).
- iio: accel: kx022a: Fix raw read format (git-fixes).
- iio: accel: kx022a: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() (git-fixes).
- iio: adc: ad7606: Fix typo in the driver name (git-fixes).
- iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer (git-fixes).
- iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- iio: adc: ti-lmp92064: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: amplifiers: ada4250: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: dac: ad3552r: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- iio: dac: ad5766: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig (git-fixes).
- iio: frequency: adf4377: add missing select REMAP_SPI in Kconfig (git-fixes).
- iio: frequency: admv4420: fix missing select REMAP_SPI in Kconfig (git-fixes).
- iio: gts-helper: Fix memory leaks for the error path of iio_gts_build_avail_scale_table() (git-fixes).
- iio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table() (git-fixes).
- iio: gts: Fix uninitialized symbol 'ret' (git-fixes).
- iio: gts: fix infinite loop for gain_to_scaletables() (git-fixes).
- iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() (git-fixes).
- iio: light: al3010: Fix an error handling path in al3010_probe() (git-fixes).
- iio: light: opt3001: add missing full-scale range value (git-fixes).
- iio: light: veml6030: fix ALS sensor resolution (git-fixes).
- iio: light: veml6030: fix IIO device retrieval from embedded device (git-fixes).
- iio: light: veml6030: fix microlux value calculation (git-fixes).
- iio: magnetometer: ak8975: Convert enum->pointer for data in the match tables (stable-fixes).
- iio: magnetometer: ak8975: Fix 'Unexpected device' error (git-fixes).
- iio: magnetometer: ak8975: drop incorrect AK09116 compatible (git-fixes).
- iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- ima: fix buffer overrun in ima_eventdigest_init_common (git-fixes).
- initramfs: avoid filename buffer overrun (bsc#1232436).
- intel_idle: add Granite Rapids Xeon support (bsc#1231630).
- intel_idle: fix ACPI _CST matching for newer Xeon platforms (bsc#1231630).
- io_uring/eventfd: move to more idiomatic RCU free usage (git-fixes).
- io_uring/io-wq: do not allow pinning outside of cpuset (git-fixes).
- io_uring/io-wq: inherit cpuset of cgroup in io worker (git-fixes).
- io_uring/net: harden multishot termination case for recv (git-fixes).
- io_uring/rw: fix cflags posting for single issue multishot read (git-fixes).
- io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (git-fixes).
- io_uring/rw: treat -EOPNOTSUPP for IOCB_NOWAIT like -EAGAIN (git-fixes).
- io_uring/sqpoll: close race on waiting for sqring entries (git-fixes).
- io_uring/sqpoll: do not allow pinning outside of cpuset (git-fixes).
- io_uring/sqpoll: do not put cpumask on stack (git-fixes).
- io_uring/sqpoll: retain test for whether the CPU is valid (git-fixes).
- io_uring: check for presence of task_work rather than TIF_NOTIFY_SIGNAL (git-fixes).
- iommu/amd: Allocate the page table root using GFP_KERNEL (git-fixes).
- iommu/amd: Do not set the D bit on AMD v2 table entries (git-fixes).
- iommu/amd: Fix typo of , instead of ; (git-fixes).
- iommu/vt-d: Always reserve a domain ID for identity setup (git-fixes).
- iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices (git-fixes).
- iommufd: Check the domain owner of the parent before creating a nesting domain (git-fixes).
- iommufd: Protect against overflow of ALIGN() during iova allocation (git-fixes).
- irqchip/gic-v3-its: Avoid explicit cpumask allocation on stack (git-fixes).
- jbd2: Move j_transaction_overhead_buffers into a hole (bsc#1234042).
- jbd2: avoid infinite transaction commit loop (bsc#1234039).
- jbd2: avoid memleak in jbd2_journal_write_metadata_buffer (bsc#1234043).
- jbd2: avoid mount failed when commit block is partial submitted (bsc#1234040).
- jbd2: correct the printing of write_flags in jbd2_write_superblock() (bsc#1234045).
- jbd2: correctly compare tids with tid_geq function in jbd2_fc_begin_commit (bsc#1231638).
- jbd2: fix kernel-doc for j_transaction_overhead_buffers (bsc#1234042).
- jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev (bsc#1234044).
- jbd2: fix soft lockup in journal_finish_inode_data_buffers() (bsc#1234046).
- jbd2: make jbd2_journal_get_max_txn_bufs() internal (bsc#1234041).
- jbd2: precompute number of transaction descriptor blocks (bsc#1234042).
- jfs: Fix sanity check in dbMount (git-fixes).
- jfs: Fix uaf in dbFreeBits (git-fixes).
- jfs: Fix uninit-value access of new_ea in ea_buffer (git-fixes).
- jfs: UBSAN: shift-out-of-bounds in dbFindBits (git-fixes).
- jfs: check if leafidx greater than num leaves per dmap tree (git-fixes).
- jump_label: Fix static_key_slow_dec() yet again (git-fixes).
- kABI fix of VM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC) (git-fixes).
- kABI workaround for ASoC SOF (bsc#1233305).
- kABI: Restore exported __arm_smccc_sve_check (git-fixes)
- kABI: bpf: enum bpf_{type_flag,arg_type} kABI workaround (git-fixes).
- kABI: bpf: struct bpf_insn_acces_aux kABI workaround (git-fixes).
- kabi, mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling (git-fixes kabi).
- kasan: Fix Software Tag-Based KASAN with GCC (git-fixes).
- kasan: move checks to do_strncpy_from_user (git-fixes).
- kbuild, bpf: Use test-ge check for v1.25-only pahole (bsc#1230414 bsc#1229450).
- kbuild,bpf: Add module-specific pahole flags for distilled base BTF (bsc#1230414 bsc#1229450).
- kbuild,bpf: Switch to using --btf_features for pahole v1.26 and later (bsc#1230414 bsc#1229450).
- kbuild: avoid too many execution of scripts/pahole-flags.sh (bsc#1230414 bsc#1229450).
- kbuild: bpf: Tell pahole to DECL_TAG kfuncs (bsc#1230414 bsc#1229450).
- kconfig: qconf: fix buffer overflow in debug links (git-fixes).
- kernel-binary: Enable livepatch package only when livepatch is enabled Otherwise the filelist may be empty failing the build (bsc#1218644).
- kexec_file: fix elfcorehdr digest exclusion when CONFIG_CRASH_HOTPLUG=y (git-fixes).
- keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry (git-fixes).
- keys: Fix overwrite of key expiration on instantiation (git-fixes).
- kthread: unpark only parked kthread (git-fixes).
- leds: lp55xx: Remove redundant test for invalid channel number (git-fixes).
- lib/xarray: introduce a new helper xas_get_order (bsc#1231617).
- lib: string_helpers: silence snprintf() output truncation warning (git-fixes).
- mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING (git-fixes).
- macsec: do not increment counters for an unrelated SA (git-fixes).
- mailbox: arm_mhuv2: clean up loop in get_irq_chan_comb() (git-fixes).
- maple_tree: correct tree corruption on spanning store (git-fixes).
- maple_tree: fix alloc node fail issue (git-fixes).
- maple_tree: refine mas_store_root() on storing NULL (git-fixes).
- media: adv7604: prevent underflow condition when reporting colorspace (git-fixes).
- media: amphion: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- media: amphion: Set video drvdata before register video device (git-fixes).
- media: ar0521: do not overflow when checking PLL values (git-fixes).
- media: atomisp: Add check for rgby_data memory allocation failure (git-fixes).
- media: bttv: use audio defaults for winfast2000 (git-fixes).
- media: core: v4l2-ioctl: check if ioctl is known to avoid NULL name (git-fixes).
- media: cx24116: prevent overflows on SNR calculus (git-fixes).
- media: dvb_frontend: do not play tricks with underflow values (git-fixes).
- media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set (stable-fixes).
- media: dvbdev: prevent the risk of out of memory access (git-fixes).
- media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate() (git-fixes).
- media: i2c: dw9768: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- media: i2c: imx335: Enable regulator supplies (stable-fixes).
- media: i2c: tc358743: Fix crash in the probe error path when using polling (git-fixes).
- media: imx-jpeg: Ensure power suppliers be suspended before detach them (git-fixes).
- media: imx-jpeg: Set video drvdata before register video device (git-fixes).
- media: imx335: Fix reset-gpio handling (git-fixes).
- media: mantis: remove orphan mantis_core.h (git-fixes).
- media: mtk-jpeg: Fix null-ptr-deref during unload module (git-fixes).
- media: pci: ipu3-cio2: Initialise timing struct to avoid a compiler warning (git-fixes).
- media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() (git-fixes).
- media: platform: exynos4-is: Fix an OF node reference leak in fimc_md_is_isp_available (git-fixes).
- media: pulse8-cec: fix data timestamp at pulse8_setup() (git-fixes).
- media: s5p-jpeg: prevent buffer overflows (git-fixes).
- media: stb0899_algo: initialize cfr before using it (git-fixes).
- media: ts2020: fix null-ptr-deref in ts2020_probe() (git-fixes).
- media: uvcvideo: Require entities to have a non-zero unique ID (git-fixes).
- media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (git-fixes).
- media: uvcvideo: Stop stream during unregister (git-fixes).
- media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl() (git-fixes).
- media: v4l2-tpg: prevent the risk of a division by zero (git-fixes).
- media: vb2: Fix comment (git-fixes).
- media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() (stable-fixes).
- media: videobuf2: fix typo: vb2_dbuf -> vb2_qbuf (git-fixes).
- media: wl128x: Fix atomicity violation in fmc_send_cmd() (git-fixes).
- mei: use kvmalloc for read buffer (git-fixes).
- mfd: intel_soc_pmic_chtwc: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes).
- mfd: rt5033: Fix missing regmap_del_irq_chip() (git-fixes).
- mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race (git-fixes).
- minmax: avoid overly complex min()/max() macro arguments in xen (git-fixes).
- minmax: scsi: fix mis-use of 'clamp()' in sr.c (git-fixes).
- misc: apds990x: Fix missing pm_runtime_disable() (git-fixes).
- mlx5: avoid truncating error message (git-fixes).
- mlx5: stop warning for 64KB pages (git-fixes).
- mlxbf_gige: disable RX filters until RX path initialized (git-fixes).
- mm/filemap: optimize filemap folio adding (bsc#1231617).
- mm/filemap: return early if failed to allocate memory for split (bsc#1231617).
- mm/hugetlb: fix nodes huge page allocation when there are surplus pages (bsc#1234012).
- mm: avoid unsafe VMA hook invocation when error arises on mmap hook (git-fixes).
- mm: khugepaged: fix the arguments order in khugepaged_collapse_file trace point (git-fixes).
- mm: mmap: no need to call khugepaged_enter_vma() for stack (jsc#PED-10978).
- mm: move dummy_vm_ops out of a header (git-fixes prerequisity).
- mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling (git-fixes).
- mm: refactor map_deny_write_exec() (git-fixes).
- mm: resolve faulty mmap_region() error path behaviour (git-fixes).
- mm: unconditionally close VMAs on error (git-fixes).
- mmc: core: Further prevent card detect during shutdown (git-fixes).
- mmc: mmc_spi: drop buggy snprintf() (git-fixes).
- mmc: sunxi-mmc: Fix A100 compatible description (git-fixes).
- modpost: fix acpi MODULE_DEVICE_TABLE built with mismatched endianness (git-fixes).
- modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host (git-fixes).
- modpost: remove incorrect code in do_eisa_entry() (git-fixes).
- module: abort module loading when sysfs setup suffer errors (git-fixes).
- mtd: rawnand: atmel: Fix possible memory leak (git-fixes).
- mtd: spi-nor: core: replace dummy buswidth from addr to data (git-fixes).
- nbd: fix race between timeout and normal completion (bsc#1230918).
- net/mlx5: Add missing masks and QoS bit masks for scheduling elements (git-fixes).
- net/mlx5: Added cond_resched() to crdump collection (git-fixes).
- net/mlx5: Check capability for fw_reset (git-fixes).
- net/mlx5: Check for invalid vector index on EQ creation (git-fixes).
- net/mlx5: Explicitly set scheduling element and TSAR type (git-fixes).
- net/mlx5: Fix command bitmask initialization (git-fixes).
- net/mlx5: Fix error handling in irq_pool_request_irq (git-fixes).
- net/mlx5: Lag, do bond only if slaves agree on roce state (git-fixes).
- net/mlx5: Lag, do not use the hardcoded value of the first port (git-fixes).
- net/mlx5: Stop waiting for PCI if pci channel is offline (git-fixes).
- net/mlx5: Unregister notifier on eswitch init failure (git-fixes).
- net/mlx5: Update the list of the PCI supported devices (git-fixes).
- net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys (git-fixes).
- net/mlx5e: Add missing link mode to ptys2ext_ethtool_map (git-fixes).
- net/mlx5e: Add missing link modes to ptys2ethtool_map (git-fixes).
- net/mlx5e: Add mqprio_rl cleanup and free in mlx5e_priv_cleanup() (git-fixes).
- net/mlx5e: Correctly report errors for ethtool rx flows (git-fixes).
- net/mlx5e: Do not call cleanup on profile rollback failure (git-fixes).
- net/mlx5e: Fix IPsec tunnel mode offload feature check (git-fixes).
- net/mlx5e: Fix UDP GSO for encapsulated packets (git-fixes).
- net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets (git-fixes).
- net/mlx5e: Require mlx5 tc classifier action support for IPsec prio capability (git-fixes).
- net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion (git-fixes).
- net: mana: Implement get_ringparam/set_ringparam for mana (bsc#1229891).
- net: mana: Improve mana_set_channels() in low mem conditions (bsc#1230289).
- net: mdio-ipq4019: add missing error check (git-fixes).
- net: phy: Remove LED entry from LEDs list on unregister (git-fixes).
- net: phy: bcm84881: Fix some error handling paths (git-fixes).
- net: phy: dp83822: Fix reset pin definitions (git-fixes).
- net: phy: dp83869: fix memory corruption when enabling fiber (git-fixes).
- net: phy: ti: add PHY_RST_AFTER_CLK_EN flag (git-fixes).
- net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() (git-fixes).
- net: qede: use return from qede_parse_actions() (git-fixes).
- net: qede: use return from qede_parse_flow_attr() for flow_spec (git-fixes).
- net: qede: use return from qede_parse_flow_attr() for flower (git-fixes).
- net: relax socket state check at accept time (git-fixes).
- net: stmmac: dwmac-tegra: Fix link bring-up sequence (git-fixes)
- net: sysfs: Fix /sys/class/net/<iface> path for statistics (git-fixes).
- net: test for not too small csum_start in virtio_net_hdr_to_skb() (git-fixes).
- net: usb: lan78xx: Fix double free issue with interrupt buffer allocation (git-fixes).
- net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device (git-fixes).
- net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration (git-fixes).
- net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition (stable-fixes).
- net: usb: usbnet: fix name regression (get-fixes).
- net: usb: usbnet: fix race in probe failure (git-fixes).
- net: wwan: fix global oob in wwan_rtnl_policy (git-fixes).
- net: wwan: t7xx: Fix off-by-one error in t7xx_dpmaif_rx_buf_alloc() (git-fixes).
- net: xfrm: preserve kabi for xfrm_state (bsc#1233754).
- netdevsim: copy addresses for both in and out paths (git-fixes).
- netdevsim: use cond_resched() in nsim_dev_trap_report_work() (git-fixes).
- netfilter: nf_tables: missing iterator type in lookup walk (git-fixes).
- nfs: Fix KMSAN warning in decode_getfattr_attrs() (git-fixes).
- nfs: avoid i_lock contention in nfs_clear_invalid_mapping (git-fixes).
- nfs: fix memory leak in error path of nfs4_do_reclaim (git-fixes).
- nfsd: call cache_put if xdr_reserve_space returns NULL (git-fixes).
- nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net (git-fixes).
- nfsd: fix delegation_blocked() to block correctly for at least 30 seconds (git-fixes).
- nfsd: fix refcount leak when file is unhashed after being found (git-fixes).
- nfsd: map the EBADMSG to nfserr_io to avoid warning (git-fixes).
- nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire (git-fixes).
- nfsd: remove unsafe BUG_ON from set_change_info (bsc#1234121).
- nfsd: return -EINVAL when namelen is 0 (git-fixes).
- nilfs2: fix kernel bug due to missing clearing of buffer delay flag (git-fixes).
- nilfs2: fix potential deadlock with newly created symlinks (git-fixes).
- nouveau/dmem: Fix privileged error in copy engine channel (git-fixes).
- nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error (git-fixes).
- nouveau/dp: handle retries for AUX CH transfers with GSP (git-fixes).
- nouveau/gsp: Avoid addressing beyond end of rpc->entries (stable-fixes).
- nouveau: fw: sync dma after setup is called (git-fixes).
- nouveau: handle EBUSY and EAGAIN for GSP aux errors (git-fixes).
- ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).
- ntfs3: Add bounds checking to mi_enum_attr() (bsc#1233207)
- nvme-fabrics: fix kernel crash while shutting down controller (git-fixes).
- nvme-loop: flush off pending I/O while shutting down loop controller (git-fixes).
- nvme-multipath: suppress partition scan until the disk is ready (bsc#1228244).
- nvme-pci: fix freeing of the HMB descriptor table (git-fixes).
- nvme-pci: fix race condition between reset and nvme_dev_disable() (git-fixes).
- nvme-pci: qdepth 1 quirk (git-fixes).
- nvme-pci: reverse request order in nvme_queue_rqs (git-fixes).
- nvme-pci: set doorbell config before unquiescing (git-fixes).
- nvme/host: Fix RCU list traversal to use SRCU primitive (git-fixes).
- nvme: disable CC.CRIME (NVME_CC_CRIME) (jsc#PED-9901).
- nvme: null terminate nvme_tls_attrs (git-fixes).
- nvme: re-fix error-handling for io_uring nvme-passthrough (git-fixes).
- nvme: tcp: avoid race between queue_lock lock and destroy (git-fixes).
- nvmet-auth: assign dh_key to NULL after kfree_sensitive (git-fixes).
- ocfs2: fix UBSAN warning in ocfs2_verify_volume() (git-fixes).
- ocfs2: fix the la space leak when unmounting an ocfs2 volume (git-fixes).
- ocfs2: fix uninit-value in ocfs2_get_block() (git-fixes).
- ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow (git-fixes).
- ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() (git-fixes).
- ocfs2: uncache inode which has failed entering the group (git-fixes).
- of: Add cleanup.h based auto release via __free(device_node) markings (bsc#1232386)
- parport: Proper fix for array out-of-bounds access (git-fixes).
- phy: freescale: imx8m-pcie: Do CMN_RST just before PHY PLL lock check (git-fixes).
- phy: qcom: qmp-combo: move driver data initialisation earlier (git-fixes).
- phy: qcom: qmp-usb: fix NULL-deref on runtime suspend (git-fixes).
- phy: tegra: xusb: Add error pointer check in xusb.c (git-fixes).
- phy: ti: phy-j721e-wiz: fix usxgmii configuration (git-fixes).
- pinctrl: apple: check devm_kasprintf() returned value (git-fixes).
- pinctrl: k210: Undef K210_PC_DEFAULT (git-fixes).
- pinctrl: ocelot: fix system hang on level based interrupts (stable-fixes).
- pinctrl: qcom: spmi: fix debugfs drive strength (git-fixes).
- pinctrl: zynqmp: drop excess struct member description (git-fixes).
- platform/chrome: cros_ec_typec: fix missing fwnode reference decrement (git-fixes).
- platform/x86/amd/pmc: Detect when STB is not available (git-fixes).
- platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug (git-fixes).
- platform/x86: dell-sysman: add support for alienware products (stable-fixes).
- platform/x86: dell-wmi: Ignore suspend notifications (stable-fixes).
- platform/x86: lenovo-ymc: Ignore the 0x0 state (stable-fixes).
- platform/x86: panasonic-laptop: Return errno correctly in show callback (git-fixes).
- platform/x86: touchscreen_dmi: add nanote-next quirk (stable-fixes).
- posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone (bsc#1234098).
- power: reset: brcmstb: Do not go into infinite loop if reset fails (stable-fixes).
- power: supply: bq27xxx: Fix registers of bq27426 (git-fixes).
- power: supply: core: Remove might_sleep() from power_supply_put() (git-fixes).
- power: supply: rt9471: Fix wrong WDT function regfield declaration (git-fixes).
- power: supply: rt9471: Use IC status regfield to report real charger status (git-fixes).
- powercap: intel_rapl: Fix off by one in get_rpi() (git-fixes).
- powerpc/64: Convert patch_instruction() to patch_u32() (bsc#1194869).
- powerpc/64s: Fix unnecessary copy to 0 when kernel is booted at address 0 (bsc#1215199).
- powerpc/atomic: Use YZ constraints for DS-form instructions (bsc#1194869).
- powerpc/boot: Handle allocation failure in simple_realloc() (bsc#1194869).
- powerpc/boot: Only free if realloc() succeeds (bsc#1194869).
- powerpc/code-patching: Add generic memory patching (bsc#1194869).
- powerpc/code-patching: Perform hwsync in __patch_instruction() in case of failure (bsc#1194869).
- powerpc/crypto: do not build aes-gcm-p10 by default (bsc#1230501 ltc#208632).
- powerpc/crypto: fix missing skcipher dependency for aes-gcm-p10 (bsc#1230501 ltc#208632).
- powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init() (bsc#1215199).
- powerpc/fadump: Refactor and prepare fadump_cma_init for late init (bsc#1215199).
- powerpc/kexec: Fix return of uninitialized variable (bsc#1194869).
- powerpc/mm/fault: Fix kfence page fault reporting (bsc#1194869).
- powerpc/mm: Fix boot crash with FLATMEM (bsc#1194869).
- powerpc/mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL (bsc#1194869).
- powerpc/powernv: Free name on error in opal_event_init() (bsc#1194869).
- powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector (bsc#1194869).
- powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore (bsc#1194869).
- powerpc/pseries: Use correct data types from pseries_hp_errorlog struct (bsc#1215199).
- powerpc/vdso: Fix VDSO data access when running in a non-root time namespace (bsc#1194869).
- powerpc/vdso: Inconditionally use CFUNC macro (bsc#1215199).
- powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu (bsc#1194869).
- powerpc/xmon: Fix disassembly CPU feature checks (bsc#1065729).
- printk: Add notation to console_srcu locking (bsc#1232183).
- pwm: imx-tpm: Use correct MODULO value for EPWM mode (git-fixes).
- qed: avoid truncating work queue length (git-fixes).
- rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow (bsc#1226631).
- rcu: Fix buffer overflow in print_cpu_stall_info() (bsc#1226623).
- regmap: detach regmap from dev on regmap_exit (git-fixes).
- regmap: irq: Set lockdep class for hierarchical IRQ domains (git-fixes).
- rpm/check-for-config-changes: add HAVE_RUST and RUSTC_SUPPORTS_ to IGNORED_CONFIGS_RE They depend on SHADOW_CALL_STACK.
- rpm/release-projects: Add SLFO projects (bsc#1231293).
- rpm/scripts: Remove obsolete Symbols.list Symbols.list is not longer needed by the new klp-convert implementation. (bsc#1218644)
- rpmsg: glink: Handle rejected intent request better (git-fixes).
- rtc: ab-eoz9: do not fail temperature reads on undervoltage notification (git-fixes).
- rtc: abx80x: Fix WDT bit position of the status register (git-fixes).
- rtc: bbnsm: add remove hook (git-fixes).
- rtc: check if __rtc_read_time was successful in rtc_timer_do_work() (git-fixes).
- rtc: rzn1: fix BCD to rtc_time conversion errors (git-fixes).
- rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- runtime constants: add default dummy infrastructure (git-fixes).
- runtime constants: add x86 architecture support (git-fixes).
- s390/mm: Add cond_resched() to cmm_alloc/free_pages() (bsc#1228747).
- s390/pci: Handle PCI error codes other than 0x3a (git-fixes bsc#1232629).
- s390/sclp: Deactivate sclp after all its users (git-fixes bsc#1232628).
- s390/sclp_vt220: Convert newlines to CRLF instead of LFCR (git-fixes bsc#1232627).
- scsi: NCR5380: Check for phase match during PDMA fixup (git-fixes).
- scsi: NCR5380: Initialize buffer for MSG IN and STATUS transfers (git-fixes).
- scsi: Remove scsi device no_start_on_resume flag (git-fixes).
- scsi: aacraid: Rearrange order of struct aac_srb_unit (git-fixes).
- scsi: cdrom: kABI: fix cdrom_dev_ops change (git-fixes).
- scsi: core: Disable CDL by default (git-fixes).
- scsi: core: Fix handling of SCMD_FAIL_IF_RECOVERING (git-fixes).
- scsi: core: Fix the return value of scsi_logical_block_count() (git-fixes).
- scsi: core: Handle devices which return an unusually large VPD page count (git-fixes).
- scsi: core: alua: I/O errors for ALUA state transitions (git-fixes).
- scsi: fnic: Move flush_work initialization out of if block (bsc#1230055).
- scsi: hisi_sas: Handle the NCQ error returned by D2H frame (git-fixes).
- scsi: hpsa: Fix allocation size for Scsi_Host private data (git-fixes).
- scsi: kABI: restore no_start_on_resume to scsi_device (git-fixes).
- scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed (git-fixes).
- scsi: libsas: Fix the failure of adding phy with zero-address to port (git-fixes).
- scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in lpfc_els_flush_cmd() (bsc#1232757).
- scsi: lpfc: Add cleanup of nvmels_wq after HBA reset (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Call lpfc_sli4_queue_unset() in restart and rmmod paths (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Change lpfc_nodelist nlp_flag member into a bitmask (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Check SLI_ACTIVE flag in FDMI cmpl before submitting follow up FDMI (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Check devloss callbk done flag for potential stale NDLP ptrs (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Copyright updates for 14.4.0.6 patches (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance (bsc#1232757).
- scsi: lpfc: Fix kref imbalance on fabric ndlps from dev_loss_tmo handler (bsc#1232757).
- scsi: lpfc: Modify CGN warning signal calculation based on EDC response (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Prevent NDLP reference count underflow in dev_loss_tmo callback (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Remove NLP_RELEASE_RPI flag from nodelist structure (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Remove trailing space after \n newline (bsc#1232757).
- scsi: lpfc: Restrict support for 32 byte CDBs to specific HBAs (bsc#1232757 bsc#1228119).
- scsi: lpfc: Revise TRACE_EVENT log flag severities from KERN_ERR to KERN_WARNING (bsc#1232757).
- scsi: lpfc: Support loopback tests with VMID enabled (bsc#1232757).
- scsi: lpfc: Update lpfc version to 14.4.0.5 (bsc#1232757).
- scsi: lpfc: Update lpfc version to 14.4.0.6 (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Update lpfc_els_flush_cmd() to check for SLI_ACTIVE before BSG flag (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Update phba link state conditional before sending CMF_SYNC_WQE (bsc#1232757).
- scsi: mac_scsi: Disallow bus errors during PDMA send (git-fixes).
- scsi: mac_scsi: Refactor polling loop (git-fixes).
- scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages (git-fixes).
- scsi: mpi3mr: Avoid IOMMU page faults on REPORT ZONES (git-fixes).
- scsi: mpi3mr: Avoid memcpy field-spanning write WARNING (git-fixes).
- scsi: mpi3mr: Avoid possible run-time warning with long manufacturer strings (git-fixes).
- scsi: mpi3mr: Fix ATA NCQ priority support (git-fixes).
- scsi: mpi3mr: Validate SAS port assignments (git-fixes).
- scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES (git-fixes).
- scsi: pm8001: Do not overwrite PCI queue mapping (git-fixes).
- scsi: pm80xx: Set phy->enable_completion only when we wait for it (git-fixes).
- scsi: qedf: Set qed_slowpath_params to zero before use (git-fixes).
- scsi: scsi_transport_fc: Allow setting rport state to current state (git-fixes).
- scsi: sd: Ignore command SYNCHRONIZE CACHE error if format in progress (git-fixes).
- scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer (git-fixes).
- scsi: smartpqi: correct stream detection (git-fixes).
- scsi: smartpqi: revert propagate-the-multipath-failure-to-SML-quickly (git-fixes).
- scsi: spi: Fix sshdr use (git-fixes).
- scsi: sr: Fix unintentional arithmetic wraparound (git-fixes).
- scsi: wd33c93: Do not use stale scsi_pointer value (git-fixes).
- security/keys: fix slab-out-of-bounds in key_task_permission (git-fixes).
- selftests/bpf: Add a test case to write mtu result into .rodata (git-fixes).
- selftests/bpf: Add a test case to write strtol result into .rodata (git-fixes).
- selftests/bpf: Add test for sign extension in coerce_subreg_to_size_sx() (git-fixes).
- selftests/bpf: Add test for truncation after sign extension in coerce_reg_to_size_sx() (git-fixes).
- selftests/bpf: Add tests for ldsx of pkt data/data_end/data_meta accesses (git-fixes).
- selftests/bpf: Fix ARG_PTR_TO_LONG {half-,}uninitialized test (git-fixes).
- selftests/bpf: Rename ARG_PTR_TO_LONG test description (git-fixes).
- selftests/bpf: test for malformed BPF_CORE_TYPE_ID_LOCAL relocation (git-fixes).
- serial: 8250: omap: Move pm_runtime_get_sync (git-fixes).
- serial: imx: Update mctrl old_status on RTSD interrupt (git-fixes).
- serial: protect uart_port_dtr_rts() in uart_shutdown() too (stable-fixes).
- signal: Replace BUG_ON()s (bsc#1234093).
- soc: fsl: rcpm: fix missing of_node_put() in copy_ippdexpcr1_setting() (git-fixes).
- soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() (git-fixes).
- soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- soundwire: intel_bus_common: enable interrupts before exiting reset (stable-fixes).
- spi: Fix acpi deferred irq probe (git-fixes).
- spi: atmel-quadspi: Fix register name in verbose logging function (git-fixes).
- spi: atmel-quadspi: Fix wrong register value written to MR (git-fixes).
- spi: mpc52xx: Add cancel_work_sync before module remove (git-fixes).
- spi: mtk-snfi: fix kerneldoc for mtk_snand_is_page_ops() (git-fixes).
- spi: s3c64xx: fix timeout counters in flush_fifo (git-fixes).
- spi: spi-fsl-dspi: Fix crash when not using GPIO chip select (git-fixes).
- spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- spi: tegra210-quad: Avoid shift-out-of-bounds (git-fixes).
- splice: always fsnotify_access(in), fsnotify_modify(out) on success (git-fixes).
- splice: fsnotify_access(fd)/fsnotify_modify(fd) in vmsplice (git-fixes).
- splice: fsnotify_access(in), fsnotify_modify(out) on success in tee (git-fixes).
- srcu: Fix callbacks acceleration mishandling (git-fixes).
- staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() (git-fixes).
- sumversion: Fix a memory leak in get_src_version() (git-fixes).
- supported.conf: mark nhpoly1305 module as supported (bsc#1231035)
- supported.conf: mark ultravisor userspace access as supported (bsc#1232090)
- task_work: add kerneldoc annotation for 'data' argument (git-fixes).
- tcp: Fix refcnt handling in __inet_hash_connect() (git-fixes).
- thermal: core: Initialize thermal zones before registering them (git-fixes).
- thermal: int3400: Fix reading of current_uuid for active policy (git-fixes).
- thermal: intel: int340x: processor: Fix warning during module unload (git-fixes).
- thunderbolt: Honor TMU requirements in the domain when setting TMU mode (stable-fixes).
- thunderbolt: Improve DisplayPort tunnel setup process to be more robust (stable-fixes).
- tools/lib/thermal: Fix sampling handler context ptr (git-fixes).
- tools/power turbostat: Fix trailing '\n' parsing (git-fixes).
- tools/power turbostat: Increase the limit for fd opened (bsc#1233119).
- tools: hv: rm .*.cmd when make clean (git-fixes).
- tpm: Lock TPM chip in tpm_pm_suspend() first (bsc#1082555 git-fixes).
- tpm: fix signed/unsigned bug when checking event logs (git-fixes).
- tracing/hwlat: Fix a race during cpuhp processing (git-fixes).
- tracing/osnoise: Fix build when timerlat is not enabled (git-fixes).
- tracing/osnoise: Skip running osnoise if all instances are off (git-fixes).
- tracing/osnoise: Switch from PF_NO_SETAFFINITY to migrate_disable (git-fixes).
- tracing/osnoise: Use a cpumask to know what threads are kthreads (git-fixes).
- tracing/timerlat: Add interface_lock around clearing of kthread in stop_kthread() (git-fixes).
- tracing/timerlat: Add user-space interface (git-fixes).
- tracing/timerlat: Drop interface_lock in stop_kthread() (git-fixes).
- tracing/timerlat: Fix a race during cpuhp processing (git-fixes).
- tracing/timerlat: Fix duplicated kthread creation due to CPU online/offline (git-fixes).
- tracing/timerlat: Move hrtimer_init to timerlat_fd open() (git-fixes).
- tracing/timerlat: Only clear timer if a kthread exists (git-fixes).
- tracing: Consider the NULL character when validating the event length (git-fixes).
- tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler (git-fixes).
- tty: n_gsm: Fix use-after-free in gsm_cleanup_mux (stable-fixes).
- u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file (git-fixes).
- ubifs: Fix adding orphan entry twice for the same inode (git-fixes).
- ubifs: Fix unattached xattr inode if powercut happens after deleting (git-fixes).
- ubifs: add check for crypto_shash_tfm_digest (git-fixes).
- ubifs: dbg_orphan_check: Fix missed key type checking (git-fixes).
- ucounts: fix counter leak in inc_rlimit_get_ucounts() (bsc#1233460).
- unicode: Do not special case ignorable code points (stable-fixes).
- unicode: Fix utf8_load() error path (git-fixes).
- uprobe: avoid out-of-bounds memory access of fetching args (git-fixes).
- uprobes: encapsulate preparation of uprobe args buffer (git-fixes).
- uprobes: introduce the global struct vm_special_mapping xol_mapping (bsc#1231114).
- uprobes: turn xol_area->pages into xol_area->page (bsc#1231114).
- usb: chipidea: udc: enable suspend interrupt after usb reset (stable-fixes).
- usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the Crashkernel Scenario (stable-fixes).
- usb: dwc3: Wait for EndXfer completion before restoring GUSB2PHYCFG (git-fixes).
- usb: dwc3: core: Stop processing of pending events if controller is halted (git-fixes).
- usb: dwc3: gadget: Add missing check for single port RAM in TxFIFO resizing logic (git-fixes).
- usb: dwc3: gadget: Fix checking for number of TRBs left (git-fixes).
- usb: dwc3: gadget: Fix looping of queued SG entries (git-fixes).
- usb: ehci-spear: fix call balance of sehci clk handling routines (git-fixes).
- usb: gadget: core: force synchronous registration (git-fixes).
- usb: gadget: dummy_hcd: Set transfer interval to 1 microframe (stable-fixes).
- usb: gadget: dummy_hcd: Switch to hrtimer transfer scheduler (stable-fixes).
- usb: gadget: dummy_hcd: execute hrtimer callback in softirq context (git-fixes).
- usb: gadget: f_uac2: Replace snprintf() with the safer scnprintf() variant (stable-fixes).
- usb: gadget: f_uac2: fix non-newline-terminated function name (stable-fixes).
- usb: gadget: f_uac2: fix return value for UAC2_ATTRIBUTE_STRING store (git-fixes).
- usb: musb: Fix hardware lockup on first Rx endpoint request (git-fixes).
- usb: musb: sunxi: Fix accessing an released usb phy (git-fixes).
- usb: phy: Fix API devm_usb_put_phy() can not release the phy (git-fixes).
- usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip (stable-fixes).
- usb: typec: altmode should keep reference to parent (git-fixes).
- usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() (git-fixes).
- usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes() (git-fixes).
- usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() (git-fixes).
- usb: xhci: Fix TD invalidation under pending Set TR Dequeue (git-fixes).
- usb: xhci: Fix problem with xhci resume from suspend (stable-fixes).
- usb: xhci: fix loss of data on Cadence xHC (git-fixes).
- usb: yurex: make waiting on yurex_write interruptible (git-fixes).
- usbip: tools: Fix detach_port() invalid port error path (git-fixes).
- usbnet: fix cyclical race on disconnect with work queue (git-fixes).
- vdpa: Fix an error handling path in eni_vdpa_probe() (git-fixes).
- vdpa_sim_blk: Fix the potential leak of mgmt_dev (git-fixes).
- vdpa_sim_blk: allocate the buffer zeroed (git-fixes).
- vduse: avoid using __GFP_NOFAIL (git-fixes).
- vfs: dcache: move hashlen_hash() from callers into d_hash() (git-fixes).
- vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (git-fixes).
- vhost_vdpa: assign irq bypass producer token correctly (git-fixes).
- virtio_console: fix misc probe bugs (git-fixes).
- vmalloc: modify the alloc_vmap_area() error message for better diagnostics (jsc#PED-10978).
- vmxnet3: Add XDP support (bsc#1226498).
- vmxnet3: Fix missing reserved tailroom (bsc#1226498).
- vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame (bsc#1226498).
- vmxnet3: add command to allow disabling of offloads (bsc#1226498).
- vmxnet3: add latency measurement support in vmxnet3 (bsc#1226498).
- vmxnet3: prepare for version 9 changes (bsc#1226498).
- vmxnet3: update to version 9 (bsc#1226498).
- vsock: Update msg_count on read_skb() (git-fixes).
- vt: prevent kernel-infoleak in con_font_get() (git-fixes).
- watchdog: apple: Actually flush writes after requesting watchdog restart (git-fixes).
- watchdog: mediatek: Make sure system reset gets asserted in mtk_wdt_restart() (git-fixes).
- watchdog: rti: of: honor timeout-sec property (git-fixes).
- wifi: ath10k: Fix memory leak in management tx (git-fixes).
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1 (git-fixes).
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2 (git-fixes).
- wifi: ath11k: Fix CE offset address calculation for WCN6750 in SSR (git-fixes).
- wifi: ath11k: Fix invalid ring usage in full monitor mode (git-fixes).
- wifi: ath11k: fix array out-of-bound access in SoC stats (stable-fixes).
- wifi: ath12k: Skip Rx TID cleanup for self peer (git-fixes).
- wifi: ath12k: fix array out-of-bound access in SoC stats (stable-fixes).
- wifi: ath12k: fix crash when unbinding (git-fixes).
- wifi: ath12k: fix warning when unbinding (git-fixes).
- wifi: ath12k: remove msdu_end structure for WCN7850 (git-fixes).
- wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (git-fixes).
- wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() (stable-fixes).
- wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit (stable-fixes).
- wifi: brcm80211: BRCM_TRACING should depend on TRACING (git-fixes).
- wifi: brcmfmac: release 'root' node in all execution paths (git-fixes).
- wifi: cfg80211: Set correct chandef when starting CAC (stable-fixes).
- wifi: cfg80211: clear wdev->cqm_config pointer on free (git-fixes).
- wifi: cw1200: Fix potential NULL dereference (git-fixes).
- wifi: iwlegacy: Clear stale interrupts before resuming device (stable-fixes).
- wifi: iwlegacy: Fix "field-spanning write" warning in il_enqueue_hcmd() (git-fixes).
- wifi: iwlwifi: allow only CN mcc from WRDD (stable-fixes).
- wifi: iwlwifi: config: label 'gl' devices as discrete (git-fixes).
- wifi: iwlwifi: mvm: Fix a race in scan abort flow (stable-fixes).
- wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() (git-fixes).
- wifi: iwlwifi: mvm: avoid NULL pointer dereference (stable-fixes).
- wifi: iwlwifi: mvm: do not add default link in fw restart flow (git-fixes).
- wifi: iwlwifi: mvm: do not leak a link on AP removal (git-fixes).
- wifi: iwlwifi: mvm: drop wrong STA selection in TX (stable-fixes).
- wifi: iwlwifi: mvm: use correct key iteration (stable-fixes).
- wifi: iwlwifi: remove AX101, AX201 and AX203 support from LNL (stable-fixes).
- wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower (git-fixes).
- wifi: mac80211: fix RCU list iterations (stable-fixes).
- wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys (git-fixes).
- wifi: mt76: mt7915: add dummy HW offload of IEEE 802.11 fragmentation (stable-fixes).
- wifi: mt76: mt7915: disable tx worker during tx BA session enable/disable (stable-fixes).
- wifi: mt76: mt7915: hold dev->mt76.mutex while disabling tx worker (stable-fixes).
- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() (stable-fixes).
- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (git-fixes).
- wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- wifi: rtw88: 8821cu: Remove VID/PID 0bda:c82c (stable-fixes).
- wifi: rtw88: Fix USB/SDIO devices not transmitting beacons (git-fixes).
- wifi: rtw88: select WANT_DEV_COREDUMP (stable-fixes).
- wifi: rtw89: avoid reading out of bounds when loading TX power FW elements (stable-fixes).
- wifi: rtw89: avoid to add interface to list twice when SER (stable-fixes).
- wifi: rtw89: correct base HT rate mask for firmware (stable-fixes).
- wifi: wfx: Fix error handling in wfx_core_init() (git-fixes).
- x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client (bsc#1233443).
- x86/CPU/AMD: Only apply Zenbleed fix for Zen2 during late microcode load (git-fixes).
- x86/Documentation: Indent 'note::' directive for protocol version number note (git-fixes).
- x86/PCI: Check pcie_find_root_port() return for NULL (git-fixes).
- x86/amd_nb: Add new PCI IDs for AMD family 1Ah model 60h (git-fixes).
- x86/apic: Always explicitly disarm TSC-deadline timer (git-fixes).
- x86/apic: Make x2apic_disable() work correctly (git-fixes).
- x86/bugs: Do not use UNTRAIN_RET with IBPB on entry (git-fixes).
- x86/bugs: Skip RSB fill at VMEXIT (git-fixes).
- x86/cpufeatures: Add a IBPB_NO_RET BUG flag (git-fixes).
- x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET (git-fixes).
- x86/entry: Have entry_ibpb() invalidate return predictions (git-fixes).
- x86/entry: Remove unwanted instrumentation in common_interrupt() (git-fixes).
- x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency (git-fixes).
- x86/microcode/intel: Remove unnecessary cache writeback and invalidation (git-fixes).
- x86/mm: Use IPIs to synchronize LAM enablement (git-fixes).
- x86/resctrl: Annotate get_mem_config() functions as __init (git-fixes).
- x86/resctrl: Avoid overflow in MB settings in bw_validate() (git-fixes).
- x86/resctrl: Remove hard-coded memory bandwidth limit (git-fixes).
- x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler (git-fixes).
- x86/syscall: Avoid memcpy() for ia32 syscall_get_arguments() (git-fixes).
- x86/tdx: Dynamically disable SEPT violations from causing #VEs (git-fixes).
- x86/tdx: Enable CPU topology enumeration (git-fixes).
- x86/tdx: Introduce wrappers to read and write TD metadata (git-fixes).
- x86/tdx: Rename tdx_parse_tdinfo() to tdx_setup() (git-fixes).
- x86/traps: move kmsan check after instrumentation_begin (git-fixes).
- x86: Increase brk randomness entropy for 64-bit systems (git-fixes).
- x86: do the user address masking outside the user access area (git-fixes).
- x86: fix off-by-one in access_ok() (git-fixes).
- x86: fix user address masking non-canonical speculation issue (git-fixes).
- x86: make the masked_user_access_begin() macro use its argument only once (git-fixes).
- x86: support user address masking instead of non-speculative conditional (git-fixes).
- xfrm: Export symbol xfrm_dev_state_delete (bsc#1233754).
- xfrm: Fix unregister netdevice hang on hardware offload (bsc#1233754).
- xfs: check opcode and iovec count match in xlog_recover_attri_commit_pass2 (git-fixes).
- xfs: check shortform attr entry flags specifically (git-fixes).
- xfs: convert delayed extents to unwritten when zeroing post eof blocks (git-fixes).
- xfs: fix finding a last resort AG in xfs_filestream_pick_ag (git-fixes).
- xfs: fix freeing speculative preallocations for preallocated files (git-fixes).
- xfs: make sure sb_fdblocks is non-negative (git-fixes).
- xfs: make the seq argument to xfs_bmapi_convert_delalloc() optional (git-fixes).
- xfs: make xfs_bmapi_convert_delalloc() to allocate the target offset (git-fixes).
- xfs: remove a racy if_bytes check in xfs_reflink_end_cow_extent (git-fixes).
- xfs: validate recovered name buffers when recovering xattr items (git-fixes).
- xhci: Add a quirk for writing ERST in high-low order (git-fixes).
- xhci: Fix Link TRB DMA in command ring stopped completion event (git-fixes).
- xhci: Fix incorrect stream context type macro (git-fixes).
- xhci: Mitigate failed set dequeue pointer commands (git-fixes).
- xhci: Use pm_runtime_get to prevent RPM on unsupported systems (git-fixes).
- xhci: tegra: fix checked USB2 port number (git-fixes).
- zonefs: Improve error handling (git-fixes).
Patchnames
SUSE-SLE-Micro-6.1-kernel-1
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2023-52778: mptcp: deal with large GSO size (bsc#1224948).\n- CVE-2023-52920: bpf: support non-r10 register spill/fill to/from stack in precision tracking (bsc#1232823).\n- CVE-2024-26596: net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events (bsc#1220355).\n- CVE-2024-26741: dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished() (bsc#1222587).\n- CVE-2024-26782: mptcp: fix double-free on socket dismantle (bsc#1222590).\n- CVE-2024-26953: net: esp: fix bad handling of pages from page_pool (bsc#1223656).\n- CVE-2024-27017: netfilter: nft_set_pipapo: walk over current view on netlink dump (bsc#1223733).\n- CVE-2024-35888: erspan: make sure erspan_base_hdr is present in skb-\u003ehead (bsc#1224518).\n- CVE-2024-36000: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (bsc#1224548).\n- CVE-2024-36244: net/sched: taprio: extend minimum interval restriction to entire cycle too (bsc#1226797).\n- CVE-2024-36883: net: fix out-of-bounds access in ops_init (bsc#1225725).\n- CVE-2024-36886: tipc: fix UAF in error path (bsc#1225730).\n- CVE-2024-36905: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (bsc#1225742).\n- CVE-2024-36927: ipv4: Fix uninit-value access in __ip_make_skb() (bsc#1225813).\n- CVE-2024-36954: tipc: fix a possible memleak in tipc_buf_append (bsc#1225764).\n- CVE-2024-36968: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() (bsc#1226130).\n- CVE-2024-38589: netrom: fix possible dead-lock in nr_rt_ioctl() (bsc#1226748).\n- CVE-2024-40914: mm/huge_memory: do not unpoison huge_zero_folio (bsc#1227842).\n- CVE-2024-41023: sched/deadline: Fix task_struct reference leak (bsc#1228430).\n- CVE-2024-41031: mm/filemap: skip to create PMD-sized page cache if needed (bsc#1228454).\n- CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620).\n- CVE-2024-42102: Revert \"mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again\" (bsc#1233132).\n- CVE-2024-44958: sched/smt: Fix unbalance sched_smt_present dec/inc (bsc#1230179).\n- CVE-2024-44995: net: hns3: fix a deadlock problem when config TC during resetting (bsc#1230231).\n- CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429).\n- CVE-2024-45025: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (bsc#1230456).\n- CVE-2024-46678: bonding: change ipsec_lock from spin lock to mutex (bsc#1230550).\n- CVE-2024-46680: Bluetooth: btnxpuart: Fix random crash seen while removing driver (bsc#1230557).\n- CVE-2024-46681: pktgen: use cpus_read_lock() in pg_net_init() (bsc#1230558).\n- CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710)\n- CVE-2024-46754: bpf: Remove tst_run from lwt_seg6local_prog_ops (bsc#1230801).\n- CVE-2024-46765: ice: protect XDP configuration with a mutex (bsc#1230807).\n- CVE-2024-46766: ice: move netif_queue_set_napi to rtnl-protected sections (bsc#1230762).\n- CVE-2024-46770: ice: Add netif_device_attach/detach into PF reset flow (bsc#1230763).\n- CVE-2024-46775: drm/amd/display: Validate function returns (bsc#1230774).\n- CVE-2024-46777: udf: Avoid excessive partition lengths (bsc#1230773).\n- CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827).\n- CVE-2024-46813: drm/amd/display: Check link_index before accessing dc-\u003elinks (bsc#1231191).\n- CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197).\n- CVE-2024-46826: ELF: fix kernel.randomize_va_space double read (bsc#1231115).\n- CVE-2024-46831: net: microchip: vcap: Fix use-after-free error in kunit test (bsc#1231117).\n- CVE-2024-46834: ethtool: fail closed if we can\u0027t get max channel used in indirection tables (bsc#1231096).\n- CVE-2024-46840: btrfs: clean up our handling of refs == 0 in snapshot delete (bsc#1231105).\n- CVE-2024-46841: btrfs: do not BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() (bsc#1231094).\n- CVE-2024-46843: scsi: ufs: core: Remove SCSI host only if added (bsc#1231100).\n- CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084).\n- CVE-2024-46855: netfilter: nft_socket: fix sk refcount leaks (bsc#1231085).\n- CVE-2024-46857: net/mlx5: Fix bridge mode operations when there are no VFs (bsc#1231087).\n- CVE-2024-46870: drm/amd/display: Disable DMCUB timeout for DCN35 (bsc#1231435).\n- CVE-2024-47658: crypto: stm32/cryp - call finalize with bh disabled (bsc#1231436).\n- CVE-2024-47660: fsnotify: clear PARENT_WATCHED flags lazily (bsc#1231439).\n- CVE-2024-47664: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware (bsc#1231442).\n- CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673).\n- CVE-2024-47679: vfs: fix race between evice_inodes() and find_inode() and iput() (bsc#1231930).\n- CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987).\n- CVE-2024-47685: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (bsc#1231998).\n- CVE-2024-47687: vdpa/mlx5: Fix invalid mr resource destroy (bsc#1232003).\n- CVE-2024-47692: nfsd: return -EINVAL when namelen is 0 (bsc#1231857).\n- CVE-2024-47701: ext4: avoid OOB when system.data xattr changes underneath the filesystem (bsc#1231920).\n- CVE-2024-47703: bpf, lsm: add check for BPF LSM return value (bsc#1231946).\n- CVE-2024-47704: drm/amd/display: Check link_res-\u003ehpo_dp_link_enc before using it (bsc#1231944).\n- CVE-2024-47705: block: fix potential invalid pointer dereference in blk_add_partition (bsc#1231872).\n- CVE-2024-47706: block, bfq: fix possible UAF for bfqq-\u003ebic with merge chain (bsc#1231942).\n- CVE-2024-47707: ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (bsc#1231935).\n- CVE-2024-47710: sock_map: Add a cond_resched() in sock_hash_free() (bsc#1232049).\n- CVE-2024-47727: x86/tdx: Fix \"in-kernel MMIO\" check (bsc#1232116).\n- CVE-2024-47730: crypto: hisilicon/qm - inject error before stopping queue (bsc#1232075).\n- CVE-2024-47731: drivers/perf: Fix ali_drw_pmu driver interrupt status clearing (bsc#1232117).\n- CVE-2024-47739: padata: use integer wrap around to prevent deadlock on seq_nr overflow (bsc#1232124).\n- CVE-2024-47741: btrfs: fix race setting file private on concurrent lseek using same fd (bsc#1231869).\n- CVE-2024-47745: mm: call the security_mmap_file() LSM hook in remap_file_pages() (bsc#1232135).\n- CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145).\n- CVE-2024-47752: media: mediatek: vcodec: Fix H264 stateless decoder smatch warning (bsc#1232130).\n- CVE-2024-47753: media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning (bsc#1231868).\n- CVE-2024-47754: media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning (bsc#1232131).\n- CVE-2024-49852: scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() (bsc#1232819).\n- CVE-2024-49864: rxrpc: Fix a race between socket set up and I/O thread creation (bsc#1232256).\n- CVE-2024-49867: btrfs: wait for fixup workers before stopping cleaner kthread during umount (bsc#1232262).\n- CVE-2024-49868: btrfs: fix a NULL pointer dereference when failed to start a new trasacntion (bsc#1232272).\n- CVE-2024-49881: ext4: update orig_path in ext4_find_extent() (bsc#1232201).\n- CVE-2024-49882: ext4: fix double brelse() the buffer of the extents path (bsc#1232200).\n- CVE-2024-49883: ext4: aovid use-after-free in ext4_ext_insert_extent() (bsc#1232199).\n- CVE-2024-49888: bpf: Fix a sdiv overflow issue (bsc#1232208).\n- CVE-2024-49890: drm/amd/pm: ensure the fw_info is not null before using it (bsc#1232217).\n- CVE-2024-49892: drm/amd/display: Initialize get_bytes_per_element\u0027s default to 1 (bsc#1232220).\n- CVE-2024-49894: drm/amd/display: Fix index out of bounds in degamma hardware format translation (bsc#1232354).\n- CVE-2024-49895: drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation (bsc#1232352).\n- CVE-2024-49896: drm/amd/display: Check stream before comparing them (bsc#1232221).\n- CVE-2024-49897: drm/amd/display: Check phantom_stream before it is used (bsc#1232355).\n- CVE-2024-49898: drm/amd/display: Check null-initialized variables (bsc#1232222).\n- CVE-2024-49899: drm/amd/display: Initialize denominators\u0027 default to 1 (bsc#1232358).\n- CVE-2024-49901: drm/msm/adreno: Assign msm_gpu-\u003epdev earlier to avoid nullptrs (bsc#1232305).\n- CVE-2024-49906: drm/amd/display: Check null pointer before try to access it (bsc#1232332).\n- CVE-2024-49907: drm/amd/display: Check null pointers before using dc-\u003eclk_mgr (bsc#1232334).\n- CVE-2024-49909: drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func (bsc#1232337).\n- CVE-2024-49911: drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func (bsc#1232366).\n- CVE-2024-49912: drm/amd/display: Handle null \u0027stream_status\u0027 in \u0027planes_changed_for_existing_stream\u0027 (bsc#1232367).\n- CVE-2024-49913: drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream (bsc#1232307).\n- CVE-2024-49914: drm/amd/display: Add null check for pipe_ctx-\u003eplane_state in (bsc#1232369).\n- CVE-2024-49917: drm/amd/display: Add NULL check for clk_mgr and clk_mgr-\u003efuncs in dcn30_init_hw (bsc#1231965).\n- CVE-2024-49918: drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer (bsc#1231967).\n- CVE-2024-49919: drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer (bsc#1231968).\n- CVE-2024-49920: drm/amd/display: Check null pointers before multiple uses (bsc#1232313).\n- CVE-2024-49921: drm/amd/display: Check null pointers before used (bsc#1232371).\n- CVE-2024-49922: drm/amd/display: Check null pointers before using them (bsc#1232374).\n- CVE-2024-49923: drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags (bsc#1232361).\n- CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224)\n- CVE-2024-49933: blk_iocost: fix more out of bound shifts (bsc#1232368).\n- CVE-2024-49934: fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name (bsc#1232387).\n- CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424).\n- CVE-2024-49944: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start (bsc#1232166).\n- CVE-2024-49945: net/ncsi: Disable the ncsi work before freeing the associated structure (bsc#1232165).\n- CVE-2024-49946: ppp: do not assume bh is held in ppp_channel_bridge_input() (bsc#1232164).\n- CVE-2024-49949: net: avoid potential underflow in qdisc_pkt_len_init() with UFO (bsc#1232160).\n- CVE-2024-49950: Bluetooth: L2CAP: Fix uaf in l2cap_connect (bsc#1232159).\n- CVE-2024-49952: netfilter: nf_tables: prevent nf_skb_duplicated corruption (bsc#1232157).\n- CVE-2024-49953: net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice (bsc#1232156).\n- CVE-2024-49954: static_call: Replace pointless WARN_ON() in static_call_module_notify() (bsc#1232155).\n- CVE-2024-49958: ocfs2: reserve space for inline xattr before attaching reflink tree (bsc#1232151).\n- CVE-2024-49959: jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (bsc#1232149).\n- CVE-2024-49960: ext4: fix timer use-after-free on failed mount (bsc#1232395).\n- CVE-2024-49967: ext4: no need to continue when the number of entries is 1 (bsc#1232140).\n- CVE-2024-49968: ext4: filesystems without casefold feature cannot be mounted with siphash (bsc#1232264).\n- CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519).\n- CVE-2024-49972: drm/amd/display: Deallocate DML memory if allocation fails (bsc#1232315).\n- CVE-2024-49973: r8169: add tally counter fields added with RTL8125 (bsc#1232105).\n- CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383).\n- CVE-2024-49983: ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free (bsc#1232096).\n- CVE-2024-49986: platform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors (bsc#1232093).\n- CVE-2024-49987: bpftool: Fix undefined behavior in qsort(NULL, 0, ...) (bsc#1232258).\n- CVE-2024-49989: drm/amd/display: fix double free issue during amdgpu module unload (bsc#1232483).\n- CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282).\n- CVE-2024-49993: iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count (bsc#1232316).\n- CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432).\n- CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points (bsc#1232089).\n- CVE-2024-50000: net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (bsc#1232085).\n- CVE-2024-50001: net/mlx5: Fix error path in multi-packet WQE transmit (bsc#1232084).\n- CVE-2024-50002: static_call: Handle module init failure correctly in static_call_del_module() (bsc#1232083).\n- CVE-2024-50003: drm/amd/display: Fix system hang while resume with TBT monitor (bsc#1232385).\n- CVE-2024-50004: drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35 (bsc#1232396).\n- CVE-2024-50006: ext4: fix i_data_sem unlock order in ext4_ind_migrate() (bsc#1232442).\n- CVE-2024-50009: cpufreq: amd-pstate: add check for cpufreq_cpu_get\u0027s return value (bsc#1232318).\n- CVE-2024-50012: cpufreq: Avoid a bad reference count on CPU node (bsc#1232386).\n- CVE-2024-50014: ext4: fix access to uninitialised lock in fc replay path (bsc#1232446).\n- CVE-2024-50015: ext4: dax: fix overflowing extents beyond inode size when partially writing (bsc#1232079).\n- CVE-2024-50020: ice: Fix improper handling of refcount in ice_sriov_set_msix_vec_count() (bsc#1231989).\n- CVE-2024-50021: ice: Fix improper handling of refcount in ice_dpll_init_rclk_pins() (bsc#1231957).\n- CVE-2024-50022: device-dax: correct pgoff align in dax_set_mapping() (bsc#1231956).\n- CVE-2024-50024: net: Fix an unsafe loop on the list (bsc#1231954).\n- CVE-2024-50027: thermal: core: Free tzp copy along with the thermal zone (bsc#1231951).\n- CVE-2024-50028: thermal: core: Reference count the zone in thermal_zone_get_by_id() (bsc#1231950).\n- CVE-2024-50033: slip: make slhc_remember() more robust against malicious packets (bsc#1231914).\n- CVE-2024-50035: ppp: fix ppp_async_encode() illegal access (bsc#1232392).\n- CVE-2024-50040: igb: Do not bring the device up after non-fatal error (bsc#1231908).\n- CVE-2024-50041: i40e: Fix macvlan leak by synchronizing access to mac_filter_hash (bsc#1231907).\n- CVE-2024-50042: ice: Fix increasing MSI-X on VF (bsc#1231906).\n- CVE-2024-50045: netfilter: br_netfilter: fix panic with metadata_dst skb (bsc#1231903).\n- CVE-2024-50046: NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() (bsc#1231902).\n- CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418).\n- CVE-2024-50059: ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition (bsc#1232345).\n- CVE-2024-50060: io_uring: check if we need to reschedule during overflow flush (bsc#1232417).\n- CVE-2024-50063: bpf: Prevent tail call between progs attached to different hooks (bsc#1232435).\n- CVE-2024-50064: zram: free secondary algorithms names (bsc#1231901).\n- CVE-2024-50080: ublk: do not allow user copy for unprivileged device (bsc#1232502).\n- CVE-2024-50081: blk-mq: setup queue -\u003etag_set before initializing hctx (bsc#1232501).\n- CVE-2024-50082: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (bsc#1232500).\n- CVE-2024-50084: net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test() (bsc#1232494).\n- CVE-2024-50087: btrfs: fix uninitialized pointer free on read_alloc_one_name() error (bsc#1232499).\n- CVE-2024-50088: btrfs: fix uninitialized pointer free in add_inode_ref() (bsc#1232498).\n- CVE-2024-50098: scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down (bsc#1232881).\n- CVE-2024-50110: xfrm: fix one more kernel-infoleak in algo dumping (bsc#1232885).\n- CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919).\n- CVE-2024-50124: Bluetooth: ISO: Fix UAF on iso_sock_timeout (bsc#1232926).\n- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928).\n- CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907).\n- CVE-2024-50128: net: wwan: fix global oob in wwan_rtnl_policy (bsc#1232905).\n- CVE-2024-50130: netfilter: bpf: must hold reference on net namespace (bsc#1232894).\n- CVE-2024-50138: bpf: Use raw_spinlock_t in ringbuf (bsc#1232935).\n- CVE-2024-50139: KVM: arm64: Fix shift-out-of-bounds bug (bsc#1233062).\n- CVE-2024-50145: octeon_ep: add SKB allocation failures handling in __octep_oq_process_rx() (bsc#1233044).\n- CVE-2024-50153: scsi: target: core: Fix null-ptr-deref in target_alloc_device() (bsc#1233061).\n- CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233070).\n- CVE-2024-50166: fsl/fman: Fix refcount handling of fman-related devices (bsc#1233050).\n- CVE-2024-50167: be2net: fix potential memory leak in be_xmit() (bsc#1233049).\n- CVE-2024-50169: vsock: Update rx_bytes on read_skb() (bsc#1233320).\n- CVE-2024-50171: net: systemport: fix potential memory leak in bcm_sysport_xmit() (bsc#1233057).\n- CVE-2024-50177: drm/amd/display: fix a UBSAN warning in DML2.1 (bsc#1233115).\n- CVE-2024-50182: secretmem: disable memfd_secret() if arch cannot set direct map (bsc#1233129).\n- CVE-2024-50184: virtio_pmem: Check device status before requesting flush (bsc#1233135).\n- CVE-2024-50186: net: explicitly clear the sk pointer, when pf-\u003ecreate fails (bsc#1233110).\n- CVE-2024-50192: irqchip/gic-v4: Do not allow a VMOVP on a dying VPE (bsc#1233106).\n- CVE-2024-50225: btrfs: fix error propagation of split bios (bsc#1233193).\n- CVE-2024-50228: mm: shmem: fix data-race in shmem_getattr() (bsc#1233204).\n- CVE-2024-50230: nilfs2: fix kernel bug due to missing clearing of checked flag (bsc#1233206).\n- CVE-2024-50245: fs/ntfs3: Fix possible deadlock in mi_read (bsc#1233203).\n- CVE-2024-50246: fs/ntfs3: Add rough attr alloc_size check (bsc#1233207).\n- CVE-2024-50250: fsdax: dax_unshare_iter needs to copy entire blocks (bsc#1233226).\n- CVE-2024-50252: mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address (bsc#1233201).\n- CVE-2024-50257: netfilter: Fix use-after-free in get_info() (bsc#1233244).\n- CVE-2024-50261: macsec: Fix use-after-free while sending the offloading packet (bsc#1233253).\n- CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-\u003etrans (bsc#1233453).\n- CVE-2024-50271: signal: restore the override_rlimit logic (bsc#1233460).\n- CVE-2024-50273: btrfs: reinitialize delayed ref list after deleting it from the list (bsc#1233462).\n- CVE-2024-50274: idpf: avoid vport access in idpf_get_link_ksettings (bsc#1233463).\n- CVE-2024-50275: arm64/sve: Discard stale CPU state when handling SVE traps (bsc#1233464).\n- CVE-2024-50276: net: vertexcom: mse102x: Fix possible double free of TX skb (bsc#1233465).\n- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).\n- CVE-2024-50289: media: av7110: fix a spectre vulnerability (bsc#1233478).\n- CVE-2024-50295: net: arc: fix the device for dma_map_single/dma_unmap_single (bsc#1233484).\n- CVE-2024-50296: net: hns3: fix kernel crash when uninstalling driver (bsc#1233485).\n- CVE-2024-50298: net: enetc: allocate vf_state during PF probes (bsc#1233487).\n- CVE-2024-53042: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() (bsc#1233540).\n- CVE-2024-53043: mctp i2c: handle NULL header address (bsc#1233523).\n- CVE-2024-53048: ice: fix crash on probe for DPLL enabled E810 LOM (bsc#1233721).\n- CVE-2024-53051: drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability (bsc#1233547).\n- CVE-2024-53055: wifi: iwlwifi: mvm: fix 6 GHz scan construction (bsc#1233550).\n- CVE-2024-53056: drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy() (bsc#1233568).\n- CVE-2024-53058: net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data (bsc#1233552).\n- CVE-2024-53079: mm/thp: fix deferred split unqueue naming and locking (bsc#1233570).\n- CVE-2024-53082: virtio_net: Add hash_key_length check (bsc#1233573).\n- CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642).\n- CVE-2024-53110: vp_vdpa: fix id_table array not null terminated error (bsc#1234085).\n- CVE-2024-53121: net/mlx5: fs, lock FTE when checking if active (bsc#1234078).\n- CVE-2024-53138: net/mlx5e: kTLS, Fix incorrect page refcounting (bsc#1234223).\n\nThe following non-security bugs were fixed:\n\n- 9p: explicitly deny setlease attempts (git-fixes).\n- ACPI: CPPC: Add support for setting EPP register in FFH (stable-fixes).\n- ACPI: CPPC: Fix _CPC register setting issue (git-fixes).\n- ACPI: CPPC: Make rmw_lock a raw_spin_lock (git-fixes).\n- ACPI: EC: Do not release locks during operation region accesses (stable-fixes).\n- ACPI: PAD: fix crash in exit_round_robin() (stable-fixes).\n- ACPI: PRM: Clean up guid type in struct prm_handler_info (git-fixes).\n- ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context (git-fixes).\n- ACPI: battery: Fix possible crash when unregistering a battery hook (git-fixes).\n- ACPI: battery: Simplify battery hook locking (stable-fixes).\n- ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue (stable-fixes).\n- ACPI: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[] (stable-fixes).\n- ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[] (stable-fixes).\n- ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[] (stable-fixes).\n- ACPI: resource: Add another DMI match for the TongFang GMxXGxx (stable-fixes).\n- ACPI: video: Add force_vendor quirk for Panasonic Toughbook CF-18 (stable-fixes).\n- ACPICA: Fix memory leak if acpi_ps_get_next_field() fails (stable-fixes).\n- ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails (stable-fixes).\n- ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() (stable-fixes).\n- ACPICA: iasl: handle empty connection_node (stable-fixes).\n- ALSA/hda: intel-sdw-acpi: cleanup sdw_intel_scan_controller (stable-fixes).\n- ALSA/hda: intel-sdw-acpi: fetch fwnode once in sdw_intel_scan_controller() (stable-fixes).\n- ALSA/hda: intel-sdw-acpi: simplify sdw-master-count property read (stable-fixes).\n- ALSA: 6fire: Release resources at card release (git-fixes).\n- ALSA: Reorganize kerneldoc parameter names (stable-fixes).\n- ALSA: ac97: bus: Fix the mistake in the comment (git-fixes).\n- ALSA: asihpi: Fix potential OOB array access (stable-fixes).\n- ALSA: caiaq: Use snd_card_free_when_closed() at disconnection (git-fixes).\n- ALSA: core: add isascii() check to card ID generator (stable-fixes).\n- ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (git-fixes).\n- ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init() (git-fixes).\n- ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2 (stable-fixes).\n- ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne 1000 G2 (git-fixes).\n- ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin (git-fixes).\n- ALSA: hda/conexant: fix Z60MR100 startup pop issue (stable-fixes).\n- ALSA: hda/conexant: fix some typos (stable-fixes).\n- ALSA: hda/cs8409: Fix possible NULL dereference (git-fixes).\n- ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs (bsc#1219803).\n- ALSA: hda/realtek - Fixed Clevo platform headset Mic issue (stable-fixes).\n- ALSA: hda/realtek - update set GPIO3 to default for Thinkpad with ALC1318 (git-fixes).\n- ALSA: hda/realtek: Add a quirk for HP Pavilion 15z-ec200 (stable-fixes).\n- ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9 (stable-fixes).\n- ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593 (stable-fixes).\n- ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13 (stable-fixes).\n- ALSA: hda/realtek: Add support for Samsung Galaxy Book3 360 (NP730QFG) (stable-fixes).\n- ALSA: hda/realtek: Apply quirk for Medion E15433 (bsc#1233298).\n- ALSA: hda/realtek: Enable mic on Vaio VJFH52 (stable-fixes).\n- ALSA: hda/realtek: Enable mute and micmute LED on HP ProBook 430 G8 (stable-fixes).\n- ALSA: hda/realtek: Enable speaker pins for Medion E15443 platform (bsc#1233298).\n- ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max (bsc#1233298).\n- ALSA: hda/realtek: Fix headset mic on TUXEDO Gemini 17 Gen3 (stable-fixes).\n- ALSA: hda/realtek: Fix headset mic on TUXEDO Stellaris 16 Gen6 mb1 (stable-fixes).\n- ALSA: hda/realtek: Fix the push button function for the ALC257 (git-fixes).\n- ALSA: hda/realtek: Limit internal Mic boost on Dell platform (stable-fixes).\n- ALSA: hda/realtek: Refactor and simplify Samsung Galaxy Book init (stable-fixes).\n- ALSA: hda/realtek: Set PCBeep to default value for ALC274 (stable-fixes).\n- ALSA: hda/realtek: Update ALC225 depop procedure (git-fixes).\n- ALSA: hda/realtek: Update ALC256 depop procedure (git-fixes).\n- ALSA: hda/realtek: Update default depop procedure (git-fixes).\n- ALSA: hda/realtek: fix mute/micmute LED for HP mt645 G8 (stable-fixes).\n- ALSA: hda/realtek: fix mute/micmute LEDs for a HP EliteBook 645 G10 (stable-fixes).\n- ALSA: hda/realtek: tas2781: Fix ROG ALLY X audio (stable-fixes).\n- ALSA: hda/tas2781: Add new quirk for Lenovo Y990 Laptop (stable-fixes).\n- ALSA: hda/tas2781: Add new quirk for Lenovo, ASUS, Dell projects (stable-fixes).\n- ALSA: hda/tas2781: select CRC32 instead of CRC32_SARWATE (git-fixes).\n- ALSA: hda: Poll jack events for LS7A HD-Audio (stable-fixes).\n- ALSA: hda: Show the codec quirk info at probing (stable-fixes).\n- ALSA: hda: Sound support for HP Spectre x360 16 inch model 2024 (stable-fixes).\n- ALSA: hda: tas2781: Fix missing setup at runtime PM (bsc#1230132).\n- ALSA: hdsp: Break infinite MIDI input flush loop (stable-fixes).\n- ALSA: ice1712: Remove redundant code in stac9460_dac_vol_put (stable-fixes).\n- ALSA: line6: add hw monitor volume control to POD HD500X (stable-fixes).\n- ALSA: line6: update contact information (stable-fixes).\n- ALSA: mixer_oss: Remove some incorrect kfree_const() usages (git-fixes).\n- ALSA: pcm: Add sanity NULL check for the default mmap fault handler (stable-fixes).\n- ALSA: silence integer wrapping warning (stable-fixes).\n- ALSA: ump: Fix evaluation of MIDI 1.0 FB info (git-fixes).\n- ALSA: us122l: Use snd_card_free_when_closed() at disconnection (git-fixes).\n- ALSA: usb-audio: Add Pioneer DJ/AlphaTheta DJM-A9 Mixer (stable-fixes).\n- ALSA: usb-audio: Add delay quirk for VIVO USB-C HEADSET (stable-fixes).\n- ALSA: usb-audio: Add input value sanity checks for standard types (stable-fixes).\n- ALSA: usb-audio: Add logitech Audio profile quirk (stable-fixes).\n- ALSA: usb-audio: Add native DSD support for Luxman D-08u (stable-fixes).\n- ALSA: usb-audio: Add quirk for HP 320 FHD Webcam (bsc#1232768).\n- ALSA: usb-audio: Add quirks for Dell WD19 dock (stable-fixes).\n- ALSA: usb-audio: Define macros for quirk table entries (stable-fixes).\n- ALSA: usb-audio: Fix Yamaha P-125 Quirk Entry (stable-fixes).\n- ALSA: usb-audio: Fix a DMA to stack memory bug (git-fixes).\n- ALSA: usb-audio: Fix out of bounds reads when finding clock sources (stable-fixes).\n- ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices (git-fixes).\n- ALSA: usb-audio: Make mic volume workarounds globally applicable (stable-fixes).\n- ALSA: usb-audio: Replace complex quirk lines with macros (stable-fixes).\n- ALSA: usb-audio: Use snprintf instead of sprintf in build_mixer_unit_ctl (stable-fixes).\n- ALSA: usb-audio: add mixer mapping for Corsair HS80 (stable-fixes).\n- ALSA: usx2y: Use snd_card_free_when_closed() at disconnection (git-fixes).\n- ASoC: Intel: avs: da7219: Remove suspend_pre() and resume_post() (stable-fixes).\n- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet (stable-fixes).\n- ASoC: Intel: bytcr_rt5640: Add support for non ACPI instantiated codec (stable-fixes).\n- ASoC: Intel: sst: Fix used of uninitialized ctx to log an error (git-fixes).\n- ASoC: Intel: sst: Support LPE0F28 ACPI HID (stable-fixes).\n- ASoC: SOF: Add i2s bt dai configuration support for AMD platforms (bsc#1233305).\n- ASoC: SOF: Add support for configuring PDM interface from topology (bsc#1233305).\n- ASoC: SOF: Deprecate invalid enums in IPC3 (bsc#1233305).\n- ASoC: SOF: IPC4: get pipeline priority from topology (bsc#1233305).\n- ASoC: SOF: IPC4: synchronize fw_config_params with fw definitions (bsc#1233305).\n- ASoC: SOF: Refactor sof_i2s_tokens reading to update acpbt dai (bsc#1233305).\n- ASoC: SOF: Rename amd_bt sof_dai_type (bsc#1233305).\n- ASoC: SOF: Wire up buffer flags (bsc#1233305).\n- ASoC: SOF: add alignment for topology header file struct definition (bsc#1233305).\n- ASoC: SOF: align topology header file with sof topology header (bsc#1233305).\n- ASoC: SOF: ipc3-topology: Convert the topology pin index to ALH dai index (git-fixes).\n- ASoC: SOF: ipc3-topology: fix resource leaks in sof_ipc3_widget_setup_comp_dai() (git-fixes).\n- ASoC: SOF: ipc4-control: Add support for ALSA enum control (bsc#1233305).\n- ASoC: SOF: ipc4-control: Add support for ALSA switch control (bsc#1233305).\n- ASoC: SOF: ipc4-mtrace: move debug slot related definitions to header.h (bsc#1233305).\n- ASoC: SOF: ipc4-topology: Add deep buffer size to debug prints (bsc#1233305).\n- ASoC: SOF: ipc4-topology: Add definition for generic switch/enum control (bsc#1233305).\n- ASoC: SOF: ipc4-topology: Add module ID print during module set up (bsc#1233305).\n- ASoC: SOF: ipc4-topology: Helper to find an swidget by module/instance id (bsc#1233305).\n- ASoC: SOF: ipc4-topology: Only handle dai_config with HW_PARAMS for ChainDMA (bsc#1233305).\n- ASoC: SOF: ipc4-topology: change chain_dma handling in dai_config (bsc#1233305).\n- ASoC: SOF: ipc4-topology: export sof_ipc4_copier_is_single_format (bsc#1233305).\n- ASoC: SOF: ipc4-topology: set config_length based on device_count (bsc#1233305).\n- ASoC: SOF: ipc4: Add data struct for module notification message from firmware (bsc#1233305).\n- ASoC: SOF: ipc4: Add new message type: SOF_IPC4_GLB_LOAD_LIBRARY_PREPARE (bsc#1233305).\n- ASoC: SOF: sof-client-probes-ipc4: Set param_size extension bits (git-fixes).\n- ASoC: SOF: topology: Parse DAI type token for dspless mode (bsc#1233305).\n- ASoC: SOF: topology: dynamically allocate and store DAI widget-\u003eprivate (bsc#1233305).\n- ASoC: amd: yc: Add quirk for ASUS Vivobook S15 M3502RA (stable-fixes).\n- ASoC: amd: yc: Add quirk for HP Dragonfly pro one (stable-fixes).\n- ASoC: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry (git-fixes).\n- ASoC: amd: yc: Fix non-functional mic on ASUS E1404FA (stable-fixes).\n- ASoC: amd: yc: Support dmic on another model of Lenovo Thinkpad E14 Gen 6 (stable-fixes).\n- ASoC: amd: yc: fix internal mic on Xiaomi Book Pro 14 2022 (stable-fixes).\n- ASoC: atmel: mchp-pdmc: Skip ALSA restoration if substream runtime is uninitialized (git-fixes).\n- ASoC: audio-graph-card2: Purge absent supplies for device tree nodes (stable-fixes).\n- ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() (git-fixes).\n- ASoC: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to default regs values (stable-fixes).\n- ASoC: codecs: rt5640: Always disable IRQs from rt5640_cancel_work() (stable-fixes).\n- ASoC: codecs: wsa883x: Handle reading version failure (stable-fixes).\n- ASoC: cs42l51: Fix some error handling paths in cs42l51_probe() (git-fixes).\n- ASoC: dapm: fix bounds checker error in dapm_widget_list_create (git-fixes).\n- ASoC: fsl_micfil: Add sample rate constraint (stable-fixes).\n- ASoC: fsl_micfil: fix regmap_write_bits usage (git-fixes).\n- ASoC: fsl_sai: Enable \u0027FIFO continue on error\u0027 FCONT bit (stable-fixes).\n- ASoC: imx-card: Set card.owner to avoid a warning calltrace if SND=m (git-fixes).\n- ASoC: max98388: Fix missing increment of variable slot_found (git-fixes).\n- ASoC: mediatek: mt8188-mt6359: Remove hardcoded dmic codec (git-fixes).\n- ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() (git-fixes).\n- ASoC: qcom: sm8250: add qrb4210-rb2-sndcard compatible string (stable-fixes).\n- ASoC: rt722-sdca: Remove logically deadcode in rt722-sdca.c (git-fixes).\n- ASoC: rt722-sdca: increase clk_stop_timeout to fix clock stop issue (stable-fixes).\n- ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove (git-fixes).\n- ASoC: stm: Prevent potential division by zero in stm32_sai_get_clk_div() (stable-fixes).\n- ASoC: stm: Prevent potential division by zero in stm32_sai_mclk_round_rate() (stable-fixes).\n- ASoC: tas2781: Add new driver version for tas2563 \u0026 tas2781 qfn chip (stable-fixes).\n- ASoC: tas2781: Use of_property_read_reg() (stable-fixes).\n- Bluetooth: Call iso_exit() on module unload (git-fixes).\n- Bluetooth: ISO: Fix multiple init when debugfs is disabled (git-fixes).\n- Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync (git-fixes).\n- Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change (git-fixes).\n- Bluetooth: Remove debugfs directory on module init failure (git-fixes).\n- Bluetooth: bnep: fix wild-memory-access in proto_unregister (git-fixes).\n- Bluetooth: btintel: Direct exception event to bluetooth stack (git-fixes).\n- Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).\n- Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test (bsc#1230557)\n- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0489:0xe122 (stable-fixes).\n- Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 (git-fixes).\n- Bluetooth: fix use-after-free in device_for_each_child() (git-fixes).\n- Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs (git-fixes).\n- Bluetooth: hci_core: Fix calling mgmt_device_connected (git-fixes).\n- Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (git-fixes).\n- Documentation: kgdb: Correct parameter error (git-fixes).\n- HID: Ignore battery for all ELAN I2C-HID devices (stable-fixes).\n- HID: amd_sfh: Switch to device-managed dmam_alloc_coherent() (git-fixes).\n- HID: core: zero-initialize the report buffer (git-fixes).\n- HID: i2c-hid: Remove I2C_HID_QUIRK_SET_PWR_WAKEUP_DEV quirk (stable-fixes).\n- HID: lenovo: Add support for Thinkpad X1 Tablet Gen 3 keyboard (stable-fixes).\n- HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad (stable-fixes).\n- HID: multitouch: Add quirk for Logitech Bolt receiver w/ Casa touchpad (stable-fixes).\n- HID: multitouch: Add support for B2402FVA track point (stable-fixes).\n- HID: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio (stable-fixes).\n- HID: multitouch: Add support for lenovo Y9000P Touchpad (stable-fixes).\n- HID: plantronics: Workaround for an unexcepted opposite volume key (stable-fixes).\n- HID: wacom: Interpret tilt data from Intuos Pro BT as signed values (git-fixes).\n- HID: wacom: fix when get product name maybe null pointer (git-fixes).\n- Input: adp5589-keys - fix NULL pointer dereference (git-fixes).\n- Input: adp5589-keys - fix adp5589_gpio_get_value() (git-fixes).\n- Input: edt-ft5x06 - fix regmap leak when probe fails (git-fixes).\n- Input: hideep - add missing dependency on REGMAP_I2C (git-fixes).\n- Input: hycon-hy46xx - add missing dependency on REGMAP_I2C (git-fixes).\n- Input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk table (stable-fixes).\n- Input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk table (stable-fixes).\n- Input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD line (stable-fixes).\n- Input: xpad - add GameSir T4 Kaleid Controller support (git-fixes).\n- Input: xpad - add GameSir VID for Xbox One controllers (git-fixes).\n- Input: xpad - add support for 8BitDo Ultimate 2C Wireless Controller (git-fixes).\n- Input: xpad - add support for MSI Claw A1M (git-fixes).\n- Input: xpad - add support for Machenike G5 Pro Controller (git-fixes).\n- Input: xpad - fix support for some third-party controllers (git-fixes).\n- Input: xpad - sort xpad_device by vendor and product ID (git-fixes).\n- Input: xpad - spelling fixes for \"Xbox\" (git-fixes).\n- KVM: Fix coalesced_mmio_has_room() to avoid premature userspace exit (git-fixes).\n- KVM: PPC: Book3S HV: Avoid returning to nested hypervisor on pending doorbells (bsc#1215199).\n- KVM: PPC: Book3S HV: Stop using vc-\u003edpdes for nested KVM guests (bsc#1215199).\n- KVM: PPC: Book3S HV: remove unused varible (bsc#1194869).\n- KVM: SEV-ES: Fix svm_get_msr()/svm_set_msr() for KVM_SEV_ES_INIT guests (bsc#1232207).\n- KVM: SEV-ES: Prevent MSR access post VMSA encryption (bsc#1232207).\n- KVM: SVM: Disallow guest from changing userspace\u0027s MSR_AMD64_DE_CFG value (git-fixes).\n- KVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock (git-fixes).\n- KVM: VMX: Also clear SGX EDECCSSA in KVM CPU caps when SGX is disabled (git-fixes).\n- KVM: VMX: Set PFERR_GUEST_{FINAL,PAGE}_MASK if and only if the GVA is valid (git-fixes).\n- KVM: Write the per-page \"segment\" when clearing (part of) a guest page (git-fixes).\n- KVM: s390: Change virtual to physical address access in diag 0x258 handler (git-fixes bsc#1232626).\n- KVM: s390: Fix SORTL and DFLTCC instruction format error in __insn32_query (git-fixes bsc#1231276).\n- KVM: s390: gaccess: Check if guest address is in memslot (git-fixes bsc#1232623).\n- KVM: x86/mmu: Skip emulation on page fault iff 1+ SPs were unprotected (git-fixes).\n- KVM: x86/mmu: Trigger unprotect logic only on write-protection page faults (git-fixes).\n- KVM: x86: Dedup fastpath MSR post-handling logic (git-fixes).\n- KVM: x86: Enforce x2APIC\u0027s must-be-zero reserved ICR bits (git-fixes).\n- KVM: x86: Exit to userspace if fastpath triggers one on instruction skip (git-fixes).\n- KVM: x86: Move x2APIC ICR helper above kvm_apic_write_nodecode() (git-fixes).\n- KVM: x86: Re-enter guest if WRMSR(X2APIC_ICR) fastpath is successful (git-fixes).\n- KVM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC) (git-fixes).\n- NFS: Avoid unnecessary rescanning of the per-server delegation list (git-fixes).\n- NFS: remove revoked delegation from server\u0027s delegation list (git-fixes).\n- NFSD: Fix NFSv4\u0027s PUTPUBFH operation (git-fixes).\n- NFSD: Mark filecache \"down\" if init fails (git-fixes).\n- NFSv3: only use NFS timeout for MOUNT when protocols are compatible (bsc#1231016).\n- NFSv4: Fix clearing of layout segments in layoutreturn (git-fixes).\n- PCI: Add ACS quirk for Qualcomm SA8775P (stable-fixes).\n- PCI: Add T_PVPERL macro (git-fixes).\n- PCI: Add function 0 DMA alias quirk for Glenfly Arise chip (stable-fixes).\n- PCI: Fix pci_enable_acs() support for the ACS quirks (bsc#1229019).\n- PCI: Fix reset_method_store() memory leak (git-fixes).\n- PCI: Mark Creative Labs EMU20k2 INTx masking as broken (stable-fixes).\n- PCI: endpoint: Clear secondary (not primary) EPC in pci_epc_remove_epf() (git-fixes).\n- PCI: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds (git-fixes).\n- PCI: keystone: Add link up check to ks_pcie_other_map_bus() (git-fixes).\n- PCI: keystone: Set mode as Root Complex for \"ti,keystone-pcie\" compatible (git-fixes).\n- PCI: rockchip-ep: Fix address translation unit programming (git-fixes).\n- RAS/AMD/ATL: Add amd_atl pr_fmt() prefix (jsc#PED-10559).\n- RAS/AMD/ATL: Expand helpers for adding and removing base and hole (jsc#PED-10559).\n- RAS/AMD/ATL: Implement DF 4.5 NP2 denormalization (jsc#PED-10559).\n- RAS/AMD/ATL: Read DRAM hole base early (jsc#PED-10559).\n- RAS/AMD/ATL: Validate address map when information is gathered (jsc#PED-10559).\n- RDMA/bnxt_re: Add a check for memory allocation (git-fixes)\n- RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop (git-fixes)\n- RDMA/bnxt_re: Change the sequence of updating the CQ toggle value (git-fixes)\n- RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey (git-fixes)\n- RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (git-fixes)\n- RDMA/bnxt_re: Fix a possible memory leak (git-fixes)\n- RDMA/bnxt_re: Fix incorrect AVID type in WQE structure (git-fixes)\n- RDMA/bnxt_re: Fix incorrect dereference of srq in async event (git-fixes)\n- RDMA/bnxt_re: Fix out of bound check (git-fixes)\n- RDMA/bnxt_re: Fix the GID table length (git-fixes)\n- RDMA/bnxt_re: Fix the max CQ WQEs for older adapters (git-fixes)\n- RDMA/bnxt_re: Fix the usage of control path spin locks (git-fixes)\n- RDMA/bnxt_re: Return more meaningful error (git-fixes)\n- RDMA/bnxt_re: synchronize the qp-handle table array (git-fixes)\n- RDMA/core: Fix ENODEV error for iWARP test over vlan (git-fixes)\n- RDMA/cxgb4: Dump vendor specific QP details (git-fixes)\n- RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP (git-fixes)\n- RDMA/hns: Add mutex_destroy() (git-fixes)\n- RDMA/hns: Disassociate mmap pages for all uctx when HW is being reset (git-fixes)\n- RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (git-fixes)\n- RDMA/hns: Fix an AEQE overflow error caused by untimely update of eq_db_ci (git-fixes)\n- RDMA/hns: Fix cpu stuck caused by printings during reset (git-fixes)\n- RDMA/hns: Fix different dgids mapping to the same dip_idx (git-fixes)\n- RDMA/hns: Fix flush cqe error when racing with destroy qp (git-fixes)\n- RDMA/hns: Fix out-of-order issue of requester when setting FENCE (git-fixes)\n- RDMA/hns: Use dev_* printings in hem code instead of ibdev_* (git-fixes)\n- RDMA/hns: Use macro instead of magic number (git-fixes)\n- RDMA/irdma: Fix misspelling of \"accept*\" (git-fixes)\n- RDMA/mad: Improve handling of timed out WRs of mad agent (git-fixes)\n- RDMA/mana_ib: use the correct page size for mapping user-mode doorbell page (git-fixes).\n- RDMA/mana_ib: use the correct page table index based on hardware page size (git-fixes).\n- RDMA/mlx5: Enforce umem boundaries for explicit ODP page faults (git-fixes)\n- RDMA/mlx5: Move events notifier registration to be after device registration (git-fixes)\n- RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down (git-fixes)\n- RDMA/mlx5: Use sq timestamp as QP timestamp when RoCE is disabled (git-fixes).\n- RDMA/rtrs-srv: Avoid null pointer deref during path establishment (git-fixes)\n- RDMA/rxe: Fix the qp flush warnings in req (git-fixes)\n- RDMA/rxe: Set queue pair cur_qp_state when being queried (git-fixes)\n- RDMA/siw: Add sendpage_ok() check to disable MSG_SPLICE_PAGES (git-fixes)\n- RDMA/srpt: Make slab cache names unique (git-fixes)\n- SUNRPC: Fix integer overflow in decode_rc_list() (git-fixes).\n- SUNRPC: Fixup gss_status tracepoint error output (git-fixes).\n- SUNRPC: Remove BUG_ON call sites (git-fixes).\n- SUNRPC: clnt.c: Remove misleading comment (git-fixes).\n- USB: appledisplay: close race between probe and completion handler (git-fixes).\n- USB: chaoskey: Fix possible deadlock chaoskey_list_lock (git-fixes).\n- USB: chaoskey: fail open after removal (git-fixes).\n- USB: gadget: dummy-hcd: Fix \"task hung\" problem (git-fixes).\n- USB: misc: cypress_cy7c63: check for short transfer (git-fixes).\n- USB: misc: yurex: fix race between read and write (git-fixes).\n- USB: serial: ftdi_sio: Fix atomicity violation in get_serial_info() (git-fixes).\n- USB: serial: io_edgeport: fix use after free in debug printk (git-fixes).\n- USB: serial: option: add Fibocom FG132 0x0112 composition (stable-fixes).\n- USB: serial: option: add Quectel RG650V (stable-fixes).\n- USB: serial: option: add Telit FN920C04 MBIM compositions (stable-fixes).\n- USB: serial: option: add support for Quectel EG916Q-GL (stable-fixes).\n- USB: serial: qcserial: add support for Sierra Wireless EM86xx (stable-fixes).\n- Use pahole -j1 option for reproducible builds (bsc#1230414 bsc#1229450).\n- accel/qaic: Fix the for loop used to walk SG table (git-fixes).\n- accel: Use XArray instead of IDR for minors (jsc#PED-11580).\n- acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() (git-fixes).\n- ad7780: fix division by zero in ad7780_write_raw() (git-fixes).\n- aes-gcm-p10: Use the correct bit to test for P10 (bsc#1232704).\n- amd-pstate: Set min_perf to nominal_perf for active mode performance gov (git-fixes).\n- apparmor: fix \u0027Do simple duplicate message elimination\u0027 (git-fixes).\n- apparmor: test: Fix memory leak for aa_unpack_strdup() (git-fixes).\n- apparmor: use kvfree_sensitive to free data-\u003edata (git-fixes).\n- arm64: Subscribe Microsoft Azure Cobalt 100 to erratum 3194386 (git-fixes)\n- arm64: cputype: Add Neoverse-N3 definitions (git-fixes)\n- arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer (git-fixes)\n- arm64: dts: freescale: imx8mm-verdin: Fix SD regulator startup delay (git-fixes)\n- arm64: dts: freescale: imx8mp-verdin: Fix SD regulator startup delay (git-fixes)\n- arm64: dts: imx8-ss-vpu: Fix imx8qm VPU IRQs (git-fixes)\n- arm64: dts: imx8qxp: Add VPU subsystem file (git-fixes)\n- arm64: dts: imx93: add nvmem property for eqos (git-fixes)\n- arm64: dts: imx93: add nvmem property for fec1 (git-fixes)\n- arm64: dts: imx93: add ocotp node (git-fixes)\n- arm64: dts: rockchip: Add DTS for FriendlyARM NanoPi R2S Plus (git-fixes)\n- arm64: dts: rockchip: Correct GPIO polarity on brcm BT nodes (git-fixes)\n- arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc (git-fixes)\n- arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards (git-fixes)\n- arm64: dts: rockchip: Fix bluetooth properties on rk3566 box demo (git-fixes)\n- arm64: dts: rockchip: Fix reset-gpios property on brcm BT nodes (git-fixes)\n- arm64: dts: rockchip: Fix rt5651 compatible value on (git-fixes)\n- arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-eaidk-610 (git-fixes)\n- arm64: dts: rockchip: Fix wakeup prop names on PineNote BT node (git-fixes)\n- arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma (git-fixes)\n- arm64: dts: rockchip: Remove hdmi\u0027s 2nd interrupt on rk3328 (git-fixes)\n- arm64: dts: rockchip: Remove undocumented supports-emmc property (git-fixes)\n- arm64: dts: rockchip: fix i2c2 pinctrl-names property on (git-fixes)\n- arm64: dts: rockchip: remove num-slots property from (git-fixes)\n- arm64: dts: rockchip: remove orphaned pinctrl-names from pinephone (git-fixes)\n- arm64: errata: Enable the AC03_CPU_38 workaround for ampere1a (git-fixes).\n- arm64: errata: Expand speculative SSBS workaround once more (git-fixes)\n- arm64: esr: Define ESR_ELx_EC_* constants as UL (git-fixes)\n- arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG (git-fixes)\n- arm64: fix selection of HAVE_DYNAMIC_FTRACE_WITH_ARGS (git-fixes).\n- arm64: probes: Fix simulate_ldr*_literal() (git-fixes)\n- arm64: probes: Fix uprobes for big-endian kernels (git-fixes)\n- arm64: probes: Remove broken LDR (literal) uprobe support (git-fixes)\n- arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint (git-fixes)\n- arm64: smccc: replace custom COUNT_ARGS() \u0026 CONCATENATE() (git-fixes)\n- arm64: tegra: Move AGX Orin nodes to correct location (git-fixes)\n- arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled (git-fixes)\n- ata: libata: Set DID_TIME_OUT for commands that actually timed out (git-fixes).\n- ata: libata: avoid superfluous disk spin down + spin up during hibernation (git-fixes).\n- audit: do not WARN_ON_ONCE(!current-\u003emm) in audit_exe_compare() (git-fixes).\n- audit: do not take task_lock() in audit_exe_compare() code path (git-fixes).\n- block: print symbolic error name instead of error code (bsc#1231872).\n- block: sed-opal: add ioctl IOC_OPAL_SET_SID_PW (bsc#1229677).\n- bnxt_en: Cap the size of HWRM_PORT_PHY_QCFG forwarded response (git-fixes).\n- bnxt_en: Fix error recovery for 5760X (P7) chips (git-fixes).\n- bnxt_en: Fix the PCI-AER routines (git-fixes).\n- bnxt_en: Restore PTP tx_avail count in case of skb_pad() error (git-fixes).\n- bnxt_en: refactor reset close code (git-fixes).\n- bpf, arm64: Fix address emission with tag-based KASAN enabled (git-fixes)\n- bpf, arm64: Remove garbage frame for struct_ops trampoline (git-fixes)\n- bpf, lsm: Add disabled BPF LSM hook list (git-fixes).\n- bpf, net: Fix a potential race in do_sock_getsockopt() (git-fixes).\n- bpf, sockmap: SK_DROP on attempted redirects of unsupported af_vsock (git-fixes).\n- bpf, verifier: Correct tail_call_reachable for bpf prog (git-fixes).\n- bpf, vsock: Drop static vsock_bpf_prot initialization (git-fixes).\n- bpf, x64: Remove tail call detection (git-fixes).\n- bpf,perf: Fix perf_event_detach_bpf_prog error handling (git-fixes).\n- bpf: Fail verification for sign-extension of packet data/data_end/data_meta (git-fixes).\n- bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit (git-fixes).\n- bpf: Fix error message on kfunc arg type mismatch (git-fixes).\n- bpf: Fix helper writes to read-only maps (git-fixes).\n- bpf: Fix tailcall cases in test_bpf (git-fixes).\n- bpf: Fix truncation bug in coerce_reg_to_size_sx() (git-fixes).\n- bpf: Improve check_raw_mode_ok test for MEM_UNINIT-tagged types (git-fixes).\n- bpf: Remove truncation test in bpf_strtol and bpf_strtoul helpers (git-fixes).\n- bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error (git-fixes).\n- bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos (git-fixes).\n- btf, scripts: rust: drop is_rust_module.sh (bsc#1230414 bsc#1229450).\n- btrfs: merge btrfs_orig_bbio_end_io() into btrfs_bio_end_io() (bsc#1233193)\n- btrfs: send: fix invalid clone operation for file that got its size decreased (git-fixes).\n- can: c_can: c_can_handle_bus_err(): update statistics if skb allocation fails (git-fixes).\n- can: c_can: fix {rx,tx}_errors statistics (git-fixes).\n- can: dev: can_set_termination(): allow sleeping GPIOs (git-fixes).\n- can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics (git-fixes).\n- can: hi311x: hi3110_can_ist(): fix potential use-after-free (git-fixes).\n- can: hi311x: hi3110_can_ist(): fix {rx,tx}_errors statistics (git-fixes).\n- can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes).\n- can: j1939: j1939_session_new(): fix skb reference counting (git-fixes).\n- can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes).\n- can: mcp251xfd: mcp251xfd_get_tef_len(): fix length calculation (git-fixes).\n- can: mcp251xfd: mcp251xfd_get_tef_len(): work around erratum DS80000789E 6 (git-fixes).\n- can: mcp251xfd: mcp251xfd_ring_alloc(): fix coalescing configuration when switching CAN modes (git-fixes).\n- can: netlink: avoid call to do_set_data_bittiming callback with stale can_priv::ctrlmode (stable-fixes).\n- can: sja1000: sja1000_err(): fix {rx,tx}_errors statistics (git-fixes).\n- can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL (git-fixes).\n- can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics (git-fixes).\n- ceph: fix cap ref leak via netfs init_request (bsc#1231384).\n- cgroup/bpf: only cgroup v2 can be attached by bpf programs (bsc#1234108).\n- clk: bcm: bcm53573: fix OF node leak in init (stable-fixes).\n- clk: clk-apple-nco: Add NULL check in applnco_probe (git-fixes).\n- clk: clk-axi-clkgen: make sure to enable the AXI bus clock (git-fixes).\n- clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D (stable-fixes).\n- clk: imx: clk-scu: fix clk enable state save and restore (git-fixes).\n- clk: imx: fracn-gppll: correct PLL initialization flow (git-fixes).\n- clk: imx: fracn-gppll: fix pll power up (git-fixes).\n- clk: imx: lpcg-scu: SW workaround for errata (e10858) (git-fixes).\n- clk: qcom: clk-alpha-pll: drop lucid-evo pll enabled warning (git-fixes).\n- clk: qcom: clk-alpha-pll: fix lucid 5lpe pll enabled check (git-fixes).\n- clk: qcom: gcc-qcs404: fix initial rate of GPLL3 (git-fixes).\n- clk: renesas: rzg2l: Fix FOUTPOSTDIV clk (git-fixes).\n- clk: sunxi-ng: d1: Fix PLL_AUDIO0 preset (git-fixes).\n- comedi: Flush partial mappings in error case (git-fixes).\n- comedi: ni_routing: tools: Check when the file could not be opened (stable-fixes).\n- config s390x: build ultravisor userspace access into the kernel (bsc#1232090)\n- config.sh: Remove Arm build project, we do not build armv7 configs\n- config: Disable LAM on x86 (bsc#1217845)\n- cpufreq/amd-pstate: Fix amd_pstate mode switch on shared memory systems (git-fixes).\n- cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost() (git-fixes).\n- cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw() (git-fixes).\n- cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_cost() (git-fixes).\n- cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_power() (git-fixes).\n- cpufreq: loongson2: Unregister platform_driver on failure (git-fixes).\n- cpufreq: mediatek-hw: Fix wrong return value in mtk_cpufreq_get_cpu_power() (git-fixes).\n- crypto: aes-gcm-p10 - Use the correct bit to test for P10 (bsc#1232704).\n- crypto: api - Fix liveliness check in crypto_alg_tested (stable-fixes).\n- crypto: bcm - add error check in the ahash_hmac_init function (git-fixes).\n- crypto: caam - Fix the pointer passed to caam_qi_shutdown() (git-fixes).\n- crypto: caam - add error check to caam_rsa_set_priv_key_form (git-fixes).\n- crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() (git-fixes).\n- crypto: cavium - Fix the if condition to exit loop after timeout (git-fixes).\n- crypto: hisilicon/qm - flush all work before driver removed (bsc#1232075)\n- crypto: inside-secure - Fix the return value of safexcel_xcbcmac_cra_init() (git-fixes).\n- crypto: octeontx - Fix authenc setkey (stable-fixes).\n- crypto: octeontx* - Select CRYPTO_AUTHENC (git-fixes).\n- crypto: octeontx2 - Fix authenc setkey (stable-fixes).\n- crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY (git-fixes).\n- crypto: powerpc/p10-aes-gcm - Add dependency on CRYPTO_SIMD and re-enable CRYPTO_AES_GCM_P10 (bsc#1230501 ltc#208632).\n- crypto: powerpc/p10-aes-gcm - Disable CRYPTO_AES_GCM_P10 (bsc#1230501 ltc#208632).\n- crypto: powerpc/p10-aes-gcm - Re-write AES/GCM stitched implementation (bsc#1230501 ltc#208632).\n- crypto: powerpc/p10-aes-gcm - Register modules as SIMD (bsc#1230501 ltc#208632).\n- crypto: qat - remove check after debugfs_create_dir() (git-fixes).\n- crypto: qat - remove faulty arbiter config reset (git-fixes).\n- crypto: qat/qat_4xxx - fix off by one in uof_get_name() (git-fixes).\n- crypto: x86/aegis128 - access 32-bit arguments as 32-bit (git-fixes).\n- cxgb4: Properly lock TX queue for the selftest (git-fixes).\n- cxgb4: add forgotten u64 ivlan cast before shift (git-fixes).\n- cxgb4: unnecessary check for 0 in the free_sge_txq_uld() function (git-fixes).\n- cxl: downgrade a warning message to debug level in cxl_probe_component_regs() (bsc#1229165).\n- dcache: keep dentry_hashtable or d_hash_shift even when not used (git-fixes).\n- debugfs: fix automount d_fsdata usage (git-fixes).\n- devlink: Fix command annotation documentation (git-fixes).\n- dma-fence: Fix reference leak on fence merge failure path (git-fixes).\n- dma-fence: Use kernel\u0027s sort for merging fences (git-fixes).\n- dmaengine: sh: rz-dmac: handle configs where one address is zero (git-fixes).\n- dmaengine: ti: k3-udma: Set EOP for all TRs in cyclic BCDMA transfer (git-fixes).\n- doc: rcu: update printed dynticks counter bits (git-fixes).\n- driver core: bus: Fix double free in driver API bus_register() (stable-fixes).\n- driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute (stable-fixes).\n- drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend() (git-fixes).\n- drm/amd/amdgpu: Fix double unlock in amdgpu_mes_add_ring (git-fixes).\n- drm/amd/display: Add HDMI DSC native YCbCr422 support (stable-fixes).\n- drm/amd/display: Add disable timeout option (bsc#1231435)\n- drm/amd/display: Adjust VSDB parser for replay feature (stable-fixes).\n- drm/amd/display: Check link_res-\u003ehpo_dp_link_enc before using it (bsc#1231944)\n- drm/amd/display: Check null pointer before dereferencing se (stable-fixes).\n- drm/amd/display: Clean up dsc blocks in accelerated mode (stable-fixes).\n- drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too (stable-fixes).\n- drm/amd/display: Fix brightness level not retained over reboot (git-fixes).\n- drm/amd/display: Fix null check for pipe_ctx-\u003eplane_state in dcn20_program_pipe (git-fixes).\n- drm/amd/display: Fix null check for pipe_ctx-\u003eplane_state in hwss_setup_dpp (git-fixes).\n- drm/amd/display: Remove a redundant check in authenticated_dp (stable-fixes).\n- drm/amd/display: Revert \"Check HDCP returned status\" (stable-fixes).\n- drm/amd/display: Round calculated vtotal (stable-fixes).\n- drm/amd/display: Skip to enable dsc if it has been off (stable-fixes).\n- drm/amd/display: Validate backlight caps are sane (stable-fixes).\n- drm/amd/pm: Vangogh: Fix kernel memory out of bounds write (git-fixes).\n- drm/amd: Add some missing straps from NBIO 7.11.0 (git-fixes).\n- drm/amd: Fix initialization mistake for NBIO 7.7.0 (stable-fixes).\n- drm/amd: Guard against bad data for ATIF ACPI method (git-fixes).\n- drm/amdgpu/swsmu: Only force workload setup on init (git-fixes).\n- drm/amdgpu/vcn: enable AV1 on both instances (stable-fixes).\n- drm/amdgpu: Adjust debugfs eviction and IB access permissions (stable-fixes).\n- drm/amdgpu: Adjust debugfs register access permissions (stable-fixes).\n- drm/amdgpu: Fix DPX valid mode check on GC 9.4.3 (git-fixes).\n- drm/amdgpu: Fix JPEG v4.0.3 register write (git-fixes).\n- drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() (stable-fixes).\n- drm/amdgpu: fix check in gmc_v9_0_get_vm_pte() (git-fixes).\n- drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported (git-fixes).\n- drm/amdkfd: Accounting pdd vram_usage for svm (stable-fixes).\n- drm/amdkfd: Fix wrong usage of INIT_WORK() (git-fixes).\n- drm/bridge: anx7625: Drop EDID cache on bridge power off (git-fixes).\n- drm/bridge: it6505: Drop EDID cache on bridge power off (git-fixes).\n- drm/bridge: tc358767: Fix link properties discovery (git-fixes).\n- drm/bridge: tc358768: Fix DSI command tx (git-fixes).\n- drm/etnaviv: Request pages from DMA32 zone on addressing_limited (git-fixes).\n- drm/etnaviv: hold GPU lock across perfmon sampling (git-fixes).\n- drm/i915/gem: fix bitwise and logical AND mixup (git-fixes).\n- drm/i915/hdcp: fix connector refcounting (git-fixes).\n- drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).\n- drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).\n- drm/mediatek: Fix child node refcount handling in early exit (git-fixes).\n- drm/mediatek: Fix get efuse issue for MT8188 DPTX (git-fixes).\n- drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused (git-fixes).\n- drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).\n- drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk() (git-fixes).\n- drm/msm/dpu: check for overflow in _dpu_crtc_setup_lm_bounds() (git-fixes).\n- drm/msm/dpu: do not always program merge_3d block (git-fixes).\n- drm/msm/dpu: drop LM_3 / LM_4 on MSM8998 (git-fixes).\n- drm/msm/dpu: drop LM_3 / LM_4 on SDM845 (git-fixes).\n- drm/msm/dpu: make sure phys resources are properly initialized (git-fixes).\n- drm/msm/dpu: move CRTC resource assignment to dpu_encoder_virt_atomic_check (git-fixes).\n- drm/msm/dpu: on SDM845 move DSPP_3 to LM_5 block (git-fixes).\n- drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation (git-fixes).\n- drm/msm/dsi: improve/fix dsc pclk calculation (git-fixes).\n- drm/msm/gpu: Check the status of registration to PM QoS (git-fixes).\n- drm/msm: Allocate memory for disp snapshot with kvzalloc() (git-fixes).\n- drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() (git-fixes).\n- drm/msm: Fix some typos in comment (git-fixes).\n- drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new() (git-fixes).\n- drm/omap: Fix locking in omap_gem_new_dmabuf() (git-fixes).\n- drm/omap: Fix possible NULL dereference (git-fixes).\n- drm/panfrost: Add missing OPP table refcnt decremental (git-fixes).\n- drm/panfrost: Remove unused id_mask from struct panfrost_model (git-fixes).\n- drm/radeon: Fix encoder-\u003epossible_clones (git-fixes).\n- drm/rockchip: vop: Fix a dereferenced before check warning (git-fixes).\n- drm/sched: Add locking to drm_sched_entity_modify_sched (git-fixes).\n- drm/sched: Always wake up correct scheduler in drm_sched_entity_push_job (git-fixes).\n- drm/sti: Add __iomem for mixer_dbg_mxn\u0027s parameter (git-fixes).\n- drm/sti: avoid potential dereference of error pointers (git-fixes).\n- drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check (git-fixes).\n- drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check (git-fixes).\n- drm/v3d: Address race-condition in MMU flush (git-fixes).\n- drm/v3d: Enable Performance Counters before clearing them (git-fixes).\n- drm/v3d: Stop the active perfmon before being destroyed (git-fixes).\n- drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA (stable-fixes).\n- drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_atomic_flush (git-fixes).\n- drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_lut_load (git-fixes).\n- drm/vc4: Stop the active perfmon before being destroyed (git-fixes).\n- drm/vc4: hdmi: Avoid hang with debug registers when suspended (git-fixes).\n- drm/vc4: hvs: Correct logic on stopping an HVS channel (git-fixes).\n- drm/vc4: hvs: Do not write gamma luts on 2711 (git-fixes).\n- drm/vc4: hvs: Fix dlist debug not resetting the next entry pointer (git-fixes).\n- drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs function (git-fixes).\n- drm/vkms: Drop unnecessary call to drm_crtc_cleanup() (git-fixes).\n- drm/vmwgfx: Handle surface check failure correctly (git-fixes).\n- drm/vmwgfx: Limit display layout ioctl array size to VMWGFX_NUM_DISPLAY_UNITS (stable-fixes).\n- drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS (git-fixes).\n- drm: Expand max DRM device number to full MINORBITS (jsc#PED-11580).\n- drm: Use XArray instead of IDR for minors (jsc#PED-11580).\n- drm: use ATOMIC64_INIT() for atomic64_t (git-fixes).\n- drm: xlnx: zynqmp_dpsub: fix hotplug detection (git-fixes).\n- drm: zynqmp_kms: Unplug DRM device before removal (git-fixes).\n- e1000e: Fix S0ix residency on corporate systems (git-fixes).\n- e1000e: Remove Meteor Lake SMBUS workarounds (git-fixes).\n- e1000e: change I219 (19) devices to ADP (git-fixes).\n- e1000e: fix force smbus during suspend flow (git-fixes).\n- e1000e: move force SMBUS near the end of enable_ulp function (git-fixes).\n- efi/libstub: Free correct pointer on failure (git-fixes).\n- efi/libstub: fix efi_parse_options() ignoring the default command line (git-fixes).\n- efi/libstub: zboot.lds: Discard .discard sections (stable-fixes).\n- efi/memattr: Ignore table if the size is clearly bogus (bsc#1231465).\n- efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption (stable-fixes).\n- eth: bnxt: fix counting packets discarded due to OOM and netpoll (git-fixes).\n- ext4: do not track ranges in fast_commit if inode has inlined data (bsc#1231635).\n- ext4: fix fast commit inode enqueueing during a full journal commit (bsc#1231636).\n- ext4: fix incorrect tid assumption in ext4_fc_mark_ineligible() (bsc#1231637).\n- ext4: fix possible tid_t sequence overflows (bsc#1231634).\n- ext4: fix slab-use-after-free in ext4_split_extent_at() (bsc#1232201)\n- ext4: fix unttached inode after power cut with orphan file feature enabled (bsc#1234009).\n- ext4: mark fc as ineligible using an handle in ext4_xattr_set() (bsc#1231640).\n- ext4: use handle to mark fc as ineligible in __track_dentry_update() (bsc#1231639).\n- f2fs: get out of a repeat loop when getting a locked data page (bsc#1234011).\n- fat: fix uninitialized variable (git-fixes).\n- fbcon: Fix a NULL pointer dereference issue in fbcon_putcs (stable-fixes).\n- fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() (git-fixes).\n- fbdev: sisfb: Fix strbuf array overflow (stable-fixes).\n- fgraph: Change the name of cpuhp state to \"fgraph:online\" (git-fixes).\n- fgraph: Fix missing unlock in register_ftrace_graph() (git-fixes).\n- fgraph: Use CPU hotplug mechanism to initialize idle shadow stacks (git-fixes).\n- filemap: remove use of wait bookmarks (bsc#1224088).\n- firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() (git-fixes).\n- firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup() (git-fixes).\n- firmware: arm_scpi: Check the DVFS OPP count returned by the firmware (git-fixes).\n- firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state() (git-fixes).\n- firmware: google: Unregister driver_info on failure (git-fixes).\n- firmware_loader: Fix possible resource leak in fw_log_firmware_info() (git-fixes).\n- fs/9p: drop inodes immediately on non-.L too (git-fixes).\n- fs/9p: fix the cache always being enabled on files with qid flags (git-fixes).\n- fs/ntfs3: Add more attributes checks in mi_enum_attr() (bsc#1233207)\n- fs/ntfs3: Fixed overflow check in mi_enum_attr() (bsc#1233207)\n- fs/ntfs3: Sequential field availability check in mi_enum_attr() (bsc#1233207)\n- fs: Fix uninitialized value issue in from_kuid and from_kgid (git-fixes).\n- genirq/msi: Fix off-by-one error in msi_domain_alloc() (git-fixes).\n- goldfish: Fix unused const variable \u0027goldfish_pipe_acpi_match\u0027 (git-fixes).\n- gpio: aspeed: Add the flush write to ensure the write complete (git-fixes).\n- gpio: aspeed: Use devm_clk api to manage clock source (git-fixes).\n- gpio: davinci: fix lazy disable (git-fixes).\n- gpio: exar: set value when external pull-up or pull-down is present (git-fixes).\n- gpio: zevio: Add missed label initialisation (git-fixes).\n- gve: Fix XDP TX completion handling when counters overflow (git-fixes).\n- gve: Fix an edge case for TSO skb validity check (git-fixes).\n- gve: ignore nonrelevant GSO type bits when processing TSO headers (git-fixes).\n- hid: intel-ish-hid: Fix uninitialized variable \u0027rv\u0027 in ish_fw_xfer_direct_dma (git-fixes).\n- hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event (git-fixes).\n- hv_sock: Initializing vsk-\u003etrans to NULL to prevent a dangling pointer (git-fixes).\n- hwmon: (adm9240) Add missing dependency on REGMAP_I2C (git-fixes).\n- hwmon: (adt7470) Add missing dependency on REGMAP_I2C (git-fixes).\n- hwmon: (max16065) Fix alarm attributes (git-fixes).\n- hwmon: (max16065) Remove use of i2c_match_id() (stable-fixes).\n- hwmon: (mc34vr500) Add missing dependency on REGMAP_I2C (git-fixes).\n- hwmon: (nct6775) add G15CF to ASUS WMI monitoring list (stable-fixes).\n- hwmon: (nct6775-core) Fix overflows seen when writing limit attributes (git-fixes).\n- hwmon: (tmp513) Add missing dependency on REGMAP_I2C (git-fixes).\n- hwmon: (tps23861) Fix reporting of negative temperatures (git-fixes).\n- hwmon: intel-m10-bmc-hwmon: relabel Columbiaville to CVL Die Temperature (git-fixes).\n- i2c: core: Setup i2c_adapter runtime-pm before calling device_add() (git-fixes).\n- i2c: core: fix lockdep warning for sparsely nested adapter chain (git-fixes).\n- i2c: cpm: Remove linux,i2c-index conversion from be32 (git-fixes).\n- i2c: designware: do not hold SCL low when I2C_DYNAMIC_TAR_UPDATE is not set (git-fixes).\n- i2c: exynos5: Calculate t_scl_l, t_scl_h according to i2c spec (git-fixes).\n- i2c: i801: Add lis3lv02d for Dell Precision 3540 (git-fixes).\n- i2c: i801: Add lis3lv02d for Dell XPS 15 7590 (git-fixes).\n- i2c: i801: Use a different adapter-name for IDF adapters (stable-fixes).\n- i2c: i801: add helper i801_restore_regs (git-fixes).\n- i2c: ismt: kill transaction in hardware on timeout (git-fixes).\n- i2c: ocores: Move system PM hooks to the NOIRQ phase (git-fixes).\n- i2c: ocores: Remove #ifdef guards for PM related functions (git-fixes).\n- i2c: omap: switch to NOIRQ_SYSTEM_SLEEP_PM_OPS() and RUNTIME_PM_OPS() (git-fixes).\n- i2c: omap: wakeup the controller during suspend() callback (git-fixes).\n- i2c: rcar: properly format a debug output (git-fixes).\n- i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume (git-fixes).\n- i2c: stm32f7: perform most of irq job in threaded handler (git-fixes).\n- i2c: synquacer: Deal with optional PCLK correctly (git-fixes).\n- i2c: synquacer: Remove a clk reference from struct synquacer_i2c (stable-fixes).\n- i2c: xiic: Try re-initialization on bus busy timeout (git-fixes).\n- i2c: xiic: improve error message when transfer fails to start (stable-fixes).\n- i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() (git-fixes).\n- i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition (stable-fixes).\n- i3c: master: svc: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).\n- i40e: Fix XDP program unloading while removing the driver (git-fixes).\n- i40e: Report MFS in decimal base instead of hex (git-fixes).\n- i40e: fix race condition by adding filter\u0027s intermediate sync state (git-fixes).\n- iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call (git-fixes).\n- iavf: Fix TC config comparison with existing adapter TC config (git-fixes).\n- ice: Fix VSI list rule with ICE_SW_LKUP_LAST type (git-fixes).\n- ice: Fix checking for unsupported keys on non-tunnel device (git-fixes).\n- ice: Fix lldp packets dropping after changing the number of channels (git-fixes).\n- ice: Fix netif_is_ice() in Safe Mode (git-fixes).\n- ice: Fix package download algorithm (git-fixes).\n- ice: Fix recipe read procedure (git-fixes).\n- ice: Fix reset handler (git-fixes).\n- ice: Flush FDB entries before reset (git-fixes).\n- ice: Interpret .set_channels() input differently (git-fixes).\n- ice: Rebuild TC queues on VSI queue reconfiguration (git-fixes).\n- ice: Reject pin requests with unsupported flags (git-fixes).\n- ice: add flag to distinguish reset from .ndo_bpf in XDP rings config (git-fixes).\n- ice: add missing WRITE_ONCE when clearing ice_rx_ring::xdp_prog (git-fixes).\n- ice: avoid IRQ collision to fix init failure on ACPI S3 resume (git-fixes).\n- ice: clear port vlan config during reset (git-fixes).\n- ice: disallow DPLL_PIN_STATE_SELECTABLE for dpll output pins (git-fixes).\n- ice: do not bring the VSI up, if it was down before the XDP setup (git-fixes).\n- ice: do not busy wait for Rx queue disable in ice_qp_dis() (git-fixes).\n- ice: fix 200G PHY types to link speed mapping (git-fixes).\n- ice: fix 200G link speed message log (git-fixes).\n- ice: fix ICE_LAST_OFFSET formula (git-fixes).\n- ice: fix VLAN replay after reset (git-fixes).\n- ice: fix VSI lists confusion when adding VLANs (git-fixes).\n- ice: fix accounting for filters shared by multiple VSIs (git-fixes).\n- ice: fix accounting if a VLAN already exists (git-fixes).\n- ice: fix iteration of TLVs in Preserved Fields Area (git-fixes).\n- ice: fix page reuse when PAGE_SIZE is over 8k (git-fixes).\n- ice: fix reads from NVM Shadow RAM on E830 and E825-C devices (git-fixes).\n- ice: fix truesize operations for PAGE_SIZE \u003e= 8192 (git-fixes).\n- ice: implement AQ download pkg retry (git-fixes).\n- ice: map XDP queues to vectors in ice_vsi_map_rings_to_vectors() (git-fixes).\n- ice: remove af_xdp_zc_qps bitmap (git-fixes).\n- ice: replace synchronize_rcu with synchronize_net (git-fixes).\n- ice: respect netif readiness in AF_XDP ZC related ndo\u0027s (git-fixes).\n- ice: set correct dst VSI in only LAN filters (git-fixes).\n- ice: tc: allow zero flags in parsing tc flower (git-fixes).\n- ice: tc: check src_vsi in case of traffic from VF (git-fixes).\n- ice: use proper macro for testing bit (git-fixes).\n- idpf: Interpret .set_channels() input differently (git-fixes).\n- idpf: avoid bloating \u0026idpf_q_vector with big %NR_CPUS (git-fixes).\n- idpf: do not enable NAPI and interrupts prior to allocating Rx buffers (git-fixes).\n- idpf: do not skip over ethtool tcp-data-split setting (git-fixes).\n- idpf: fix UAFs when destroying the queues (git-fixes).\n- idpf: fix memleak in vport interrupt configuration (git-fixes).\n- idpf: fix memory leaks and crashes while performing a soft reset (git-fixes).\n- ieee802154: Fix build error (git-fixes).\n- igb: Always call igb_xdp_ring_update_tail() under Tx lock (git-fixes).\n- igb: Disable threaded IRQ for igb_msix_other (git-fixes).\n- igb: Fix not clearing TimeSync interrupts for 82580 (git-fixes).\n- igc: Fix double reset adapter triggered from a single taprio cmd (git-fixes).\n- igc: Fix packet still tx after gate close by reducing i226 MAC retry buffer (git-fixes).\n- igc: Fix qbv tx latency by setting gtxoffset (git-fixes).\n- igc: Fix qbv_config_change_errors logics (git-fixes).\n- igc: Fix reset adapter logics when tx mode change (git-fixes).\n- igc: Unlock on error in igc_io_resume() (git-fixes).\n- iio: Fix fwnode_handle in __fwnode_iio_channel_get_by_name() (git-fixes).\n- iio: accel: bma400: Fix uninitialized variable field_value in tap event handling (git-fixes).\n- iio: accel: kx022a: Fix raw read format (git-fixes).\n- iio: accel: kx022a: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).\n- iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() (git-fixes).\n- iio: adc: ad7606: Fix typo in the driver name (git-fixes).\n- iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer (git-fixes).\n- iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).\n- iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).\n- iio: adc: ti-lmp92064: add missing select REGMAP_SPI in Kconfig (git-fixes).\n- iio: amplifiers: ada4250: add missing select REGMAP_SPI in Kconfig (git-fixes).\n- iio: dac: ad3552r: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).\n- iio: dac: ad5766: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).\n- iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig (git-fixes).\n- iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig (git-fixes).\n- iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig (git-fixes).\n- iio: frequency: adf4377: add missing select REMAP_SPI in Kconfig (git-fixes).\n- iio: frequency: admv4420: fix missing select REMAP_SPI in Kconfig (git-fixes).\n- iio: gts-helper: Fix memory leaks for the error path of iio_gts_build_avail_scale_table() (git-fixes).\n- iio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table() (git-fixes).\n- iio: gts: Fix uninitialized symbol \u0027ret\u0027 (git-fixes).\n- iio: gts: fix infinite loop for gain_to_scaletables() (git-fixes).\n- iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() (git-fixes).\n- iio: light: al3010: Fix an error handling path in al3010_probe() (git-fixes).\n- iio: light: opt3001: add missing full-scale range value (git-fixes).\n- iio: light: veml6030: fix ALS sensor resolution (git-fixes).\n- iio: light: veml6030: fix IIO device retrieval from embedded device (git-fixes).\n- iio: light: veml6030: fix microlux value calculation (git-fixes).\n- iio: magnetometer: ak8975: Convert enum-\u003epointer for data in the match tables (stable-fixes).\n- iio: magnetometer: ak8975: Fix \u0027Unexpected device\u0027 error (git-fixes).\n- iio: magnetometer: ak8975: drop incorrect AK09116 compatible (git-fixes).\n- iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).\n- ima: fix buffer overrun in ima_eventdigest_init_common (git-fixes).\n- initramfs: avoid filename buffer overrun (bsc#1232436).\n- intel_idle: add Granite Rapids Xeon support (bsc#1231630).\n- intel_idle: fix ACPI _CST matching for newer Xeon platforms (bsc#1231630).\n- io_uring/eventfd: move to more idiomatic RCU free usage (git-fixes).\n- io_uring/io-wq: do not allow pinning outside of cpuset (git-fixes).\n- io_uring/io-wq: inherit cpuset of cgroup in io worker (git-fixes).\n- io_uring/net: harden multishot termination case for recv (git-fixes).\n- io_uring/rw: fix cflags posting for single issue multishot read (git-fixes).\n- io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (git-fixes).\n- io_uring/rw: treat -EOPNOTSUPP for IOCB_NOWAIT like -EAGAIN (git-fixes).\n- io_uring/sqpoll: close race on waiting for sqring entries (git-fixes).\n- io_uring/sqpoll: do not allow pinning outside of cpuset (git-fixes).\n- io_uring/sqpoll: do not put cpumask on stack (git-fixes).\n- io_uring/sqpoll: retain test for whether the CPU is valid (git-fixes).\n- io_uring: check for presence of task_work rather than TIF_NOTIFY_SIGNAL (git-fixes).\n- iommu/amd: Allocate the page table root using GFP_KERNEL (git-fixes).\n- iommu/amd: Do not set the D bit on AMD v2 table entries (git-fixes).\n- iommu/amd: Fix typo of , instead of ; (git-fixes).\n- iommu/vt-d: Always reserve a domain ID for identity setup (git-fixes).\n- iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices (git-fixes).\n- iommufd: Check the domain owner of the parent before creating a nesting domain (git-fixes).\n- iommufd: Protect against overflow of ALIGN() during iova allocation (git-fixes).\n- irqchip/gic-v3-its: Avoid explicit cpumask allocation on stack (git-fixes).\n- jbd2: Move j_transaction_overhead_buffers into a hole (bsc#1234042).\n- jbd2: avoid infinite transaction commit loop (bsc#1234039).\n- jbd2: avoid memleak in jbd2_journal_write_metadata_buffer (bsc#1234043).\n- jbd2: avoid mount failed when commit block is partial submitted (bsc#1234040).\n- jbd2: correct the printing of write_flags in jbd2_write_superblock() (bsc#1234045).\n- jbd2: correctly compare tids with tid_geq function in jbd2_fc_begin_commit (bsc#1231638).\n- jbd2: fix kernel-doc for j_transaction_overhead_buffers (bsc#1234042).\n- jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev (bsc#1234044).\n- jbd2: fix soft lockup in journal_finish_inode_data_buffers() (bsc#1234046).\n- jbd2: make jbd2_journal_get_max_txn_bufs() internal (bsc#1234041).\n- jbd2: precompute number of transaction descriptor blocks (bsc#1234042).\n- jfs: Fix sanity check in dbMount (git-fixes).\n- jfs: Fix uaf in dbFreeBits (git-fixes).\n- jfs: Fix uninit-value access of new_ea in ea_buffer (git-fixes).\n- jfs: UBSAN: shift-out-of-bounds in dbFindBits (git-fixes).\n- jfs: check if leafidx greater than num leaves per dmap tree (git-fixes).\n- jump_label: Fix static_key_slow_dec() yet again (git-fixes).\n- kABI fix of VM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC) (git-fixes).\n- kABI workaround for ASoC SOF (bsc#1233305).\n- kABI: Restore exported __arm_smccc_sve_check (git-fixes)\n- kABI: bpf: enum bpf_{type_flag,arg_type} kABI workaround (git-fixes).\n- kABI: bpf: struct bpf_insn_acces_aux kABI workaround (git-fixes).\n- kabi, mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling (git-fixes kabi).\n- kasan: Fix Software Tag-Based KASAN with GCC (git-fixes).\n- kasan: move checks to do_strncpy_from_user (git-fixes).\n- kbuild, bpf: Use test-ge check for v1.25-only pahole (bsc#1230414 bsc#1229450).\n- kbuild,bpf: Add module-specific pahole flags for distilled base BTF (bsc#1230414 bsc#1229450).\n- kbuild,bpf: Switch to using --btf_features for pahole v1.26 and later (bsc#1230414 bsc#1229450).\n- kbuild: avoid too many execution of scripts/pahole-flags.sh (bsc#1230414 bsc#1229450).\n- kbuild: bpf: Tell pahole to DECL_TAG kfuncs (bsc#1230414 bsc#1229450).\n- kconfig: qconf: fix buffer overflow in debug links (git-fixes).\n- kernel-binary: Enable livepatch package only when livepatch is enabled Otherwise the filelist may be empty failing the build (bsc#1218644).\n- kexec_file: fix elfcorehdr digest exclusion when CONFIG_CRASH_HOTPLUG=y (git-fixes).\n- keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry (git-fixes).\n- keys: Fix overwrite of key expiration on instantiation (git-fixes).\n- kthread: unpark only parked kthread (git-fixes).\n- leds: lp55xx: Remove redundant test for invalid channel number (git-fixes).\n- lib/xarray: introduce a new helper xas_get_order (bsc#1231617).\n- lib: string_helpers: silence snprintf() output truncation warning (git-fixes).\n- mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING (git-fixes).\n- macsec: do not increment counters for an unrelated SA (git-fixes).\n- mailbox: arm_mhuv2: clean up loop in get_irq_chan_comb() (git-fixes).\n- maple_tree: correct tree corruption on spanning store (git-fixes).\n- maple_tree: fix alloc node fail issue (git-fixes).\n- maple_tree: refine mas_store_root() on storing NULL (git-fixes).\n- media: adv7604: prevent underflow condition when reporting colorspace (git-fixes).\n- media: amphion: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).\n- media: amphion: Set video drvdata before register video device (git-fixes).\n- media: ar0521: do not overflow when checking PLL values (git-fixes).\n- media: atomisp: Add check for rgby_data memory allocation failure (git-fixes).\n- media: bttv: use audio defaults for winfast2000 (git-fixes).\n- media: core: v4l2-ioctl: check if ioctl is known to avoid NULL name (git-fixes).\n- media: cx24116: prevent overflows on SNR calculus (git-fixes).\n- media: dvb_frontend: do not play tricks with underflow values (git-fixes).\n- media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set (stable-fixes).\n- media: dvbdev: prevent the risk of out of memory access (git-fixes).\n- media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate() (git-fixes).\n- media: i2c: dw9768: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).\n- media: i2c: imx335: Enable regulator supplies (stable-fixes).\n- media: i2c: tc358743: Fix crash in the probe error path when using polling (git-fixes).\n- media: imx-jpeg: Ensure power suppliers be suspended before detach them (git-fixes).\n- media: imx-jpeg: Set video drvdata before register video device (git-fixes).\n- media: imx335: Fix reset-gpio handling (git-fixes).\n- media: mantis: remove orphan mantis_core.h (git-fixes).\n- media: mtk-jpeg: Fix null-ptr-deref during unload module (git-fixes).\n- media: pci: ipu3-cio2: Initialise timing struct to avoid a compiler warning (git-fixes).\n- media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() (git-fixes).\n- media: platform: exynos4-is: Fix an OF node reference leak in fimc_md_is_isp_available (git-fixes).\n- media: pulse8-cec: fix data timestamp at pulse8_setup() (git-fixes).\n- media: s5p-jpeg: prevent buffer overflows (git-fixes).\n- media: stb0899_algo: initialize cfr before using it (git-fixes).\n- media: ts2020: fix null-ptr-deref in ts2020_probe() (git-fixes).\n- media: uvcvideo: Require entities to have a non-zero unique ID (git-fixes).\n- media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (git-fixes).\n- media: uvcvideo: Stop stream during unregister (git-fixes).\n- media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl() (git-fixes).\n- media: v4l2-tpg: prevent the risk of a division by zero (git-fixes).\n- media: vb2: Fix comment (git-fixes).\n- media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).\n- media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() (stable-fixes).\n- media: videobuf2: fix typo: vb2_dbuf -\u003e vb2_qbuf (git-fixes).\n- media: wl128x: Fix atomicity violation in fmc_send_cmd() (git-fixes).\n- mei: use kvmalloc for read buffer (git-fixes).\n- mfd: intel_soc_pmic_chtwc: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes).\n- mfd: rt5033: Fix missing regmap_del_irq_chip() (git-fixes).\n- mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race (git-fixes).\n- minmax: avoid overly complex min()/max() macro arguments in xen (git-fixes).\n- minmax: scsi: fix mis-use of \u0027clamp()\u0027 in sr.c (git-fixes).\n- misc: apds990x: Fix missing pm_runtime_disable() (git-fixes).\n- mlx5: avoid truncating error message (git-fixes).\n- mlx5: stop warning for 64KB pages (git-fixes).\n- mlxbf_gige: disable RX filters until RX path initialized (git-fixes).\n- mm/filemap: optimize filemap folio adding (bsc#1231617).\n- mm/filemap: return early if failed to allocate memory for split (bsc#1231617).\n- mm/hugetlb: fix nodes huge page allocation when there are surplus pages (bsc#1234012).\n- mm: avoid unsafe VMA hook invocation when error arises on mmap hook (git-fixes).\n- mm: khugepaged: fix the arguments order in khugepaged_collapse_file trace point (git-fixes).\n- mm: mmap: no need to call khugepaged_enter_vma() for stack (jsc#PED-10978).\n- mm: move dummy_vm_ops out of a header (git-fixes prerequisity).\n- mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling (git-fixes).\n- mm: refactor map_deny_write_exec() (git-fixes).\n- mm: resolve faulty mmap_region() error path behaviour (git-fixes).\n- mm: unconditionally close VMAs on error (git-fixes).\n- mmc: core: Further prevent card detect during shutdown (git-fixes).\n- mmc: mmc_spi: drop buggy snprintf() (git-fixes).\n- mmc: sunxi-mmc: Fix A100 compatible description (git-fixes).\n- modpost: fix acpi MODULE_DEVICE_TABLE built with mismatched endianness (git-fixes).\n- modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host (git-fixes).\n- modpost: remove incorrect code in do_eisa_entry() (git-fixes).\n- module: abort module loading when sysfs setup suffer errors (git-fixes).\n- mtd: rawnand: atmel: Fix possible memory leak (git-fixes).\n- mtd: spi-nor: core: replace dummy buswidth from addr to data (git-fixes).\n- nbd: fix race between timeout and normal completion (bsc#1230918).\n- net/mlx5: Add missing masks and QoS bit masks for scheduling elements (git-fixes).\n- net/mlx5: Added cond_resched() to crdump collection (git-fixes).\n- net/mlx5: Check capability for fw_reset (git-fixes).\n- net/mlx5: Check for invalid vector index on EQ creation (git-fixes).\n- net/mlx5: Explicitly set scheduling element and TSAR type (git-fixes).\n- net/mlx5: Fix command bitmask initialization (git-fixes).\n- net/mlx5: Fix error handling in irq_pool_request_irq (git-fixes).\n- net/mlx5: Lag, do bond only if slaves agree on roce state (git-fixes).\n- net/mlx5: Lag, do not use the hardcoded value of the first port (git-fixes).\n- net/mlx5: Stop waiting for PCI if pci channel is offline (git-fixes).\n- net/mlx5: Unregister notifier on eswitch init failure (git-fixes).\n- net/mlx5: Update the list of the PCI supported devices (git-fixes).\n- net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys (git-fixes).\n- net/mlx5e: Add missing link mode to ptys2ext_ethtool_map (git-fixes).\n- net/mlx5e: Add missing link modes to ptys2ethtool_map (git-fixes).\n- net/mlx5e: Add mqprio_rl cleanup and free in mlx5e_priv_cleanup() (git-fixes).\n- net/mlx5e: Correctly report errors for ethtool rx flows (git-fixes).\n- net/mlx5e: Do not call cleanup on profile rollback failure (git-fixes).\n- net/mlx5e: Fix IPsec tunnel mode offload feature check (git-fixes).\n- net/mlx5e: Fix UDP GSO for encapsulated packets (git-fixes).\n- net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets (git-fixes).\n- net/mlx5e: Require mlx5 tc classifier action support for IPsec prio capability (git-fixes).\n- net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion (git-fixes).\n- net: mana: Implement get_ringparam/set_ringparam for mana (bsc#1229891).\n- net: mana: Improve mana_set_channels() in low mem conditions (bsc#1230289).\n- net: mdio-ipq4019: add missing error check (git-fixes).\n- net: phy: Remove LED entry from LEDs list on unregister (git-fixes).\n- net: phy: bcm84881: Fix some error handling paths (git-fixes).\n- net: phy: dp83822: Fix reset pin definitions (git-fixes).\n- net: phy: dp83869: fix memory corruption when enabling fiber (git-fixes).\n- net: phy: ti: add PHY_RST_AFTER_CLK_EN flag (git-fixes).\n- net: qede: sanitize \u0027rc\u0027 in qede_add_tc_flower_fltr() (git-fixes).\n- net: qede: use return from qede_parse_actions() (git-fixes).\n- net: qede: use return from qede_parse_flow_attr() for flow_spec (git-fixes).\n- net: qede: use return from qede_parse_flow_attr() for flower (git-fixes).\n- net: relax socket state check at accept time (git-fixes).\n- net: stmmac: dwmac-tegra: Fix link bring-up sequence (git-fixes)\n- net: sysfs: Fix /sys/class/net/\u0026lt;iface\u003e path for statistics (git-fixes).\n- net: test for not too small csum_start in virtio_net_hdr_to_skb() (git-fixes).\n- net: usb: lan78xx: Fix double free issue with interrupt buffer allocation (git-fixes).\n- net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device (git-fixes).\n- net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration (git-fixes).\n- net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition (stable-fixes).\n- net: usb: usbnet: fix name regression (get-fixes).\n- net: usb: usbnet: fix race in probe failure (git-fixes).\n- net: wwan: fix global oob in wwan_rtnl_policy (git-fixes).\n- net: wwan: t7xx: Fix off-by-one error in t7xx_dpmaif_rx_buf_alloc() (git-fixes).\n- net: xfrm: preserve kabi for xfrm_state (bsc#1233754).\n- netdevsim: copy addresses for both in and out paths (git-fixes).\n- netdevsim: use cond_resched() in nsim_dev_trap_report_work() (git-fixes).\n- netfilter: nf_tables: missing iterator type in lookup walk (git-fixes).\n- nfs: Fix KMSAN warning in decode_getfattr_attrs() (git-fixes).\n- nfs: avoid i_lock contention in nfs_clear_invalid_mapping (git-fixes).\n- nfs: fix memory leak in error path of nfs4_do_reclaim (git-fixes).\n- nfsd: call cache_put if xdr_reserve_space returns NULL (git-fixes).\n- nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net (git-fixes).\n- nfsd: fix delegation_blocked() to block correctly for at least 30 seconds (git-fixes).\n- nfsd: fix refcount leak when file is unhashed after being found (git-fixes).\n- nfsd: map the EBADMSG to nfserr_io to avoid warning (git-fixes).\n- nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire (git-fixes).\n- nfsd: remove unsafe BUG_ON from set_change_info (bsc#1234121).\n- nfsd: return -EINVAL when namelen is 0 (git-fixes).\n- nilfs2: fix kernel bug due to missing clearing of buffer delay flag (git-fixes).\n- nilfs2: fix potential deadlock with newly created symlinks (git-fixes).\n- nouveau/dmem: Fix privileged error in copy engine channel (git-fixes).\n- nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error (git-fixes).\n- nouveau/dp: handle retries for AUX CH transfers with GSP (git-fixes).\n- nouveau/gsp: Avoid addressing beyond end of rpc-\u003eentries (stable-fixes).\n- nouveau: fw: sync dma after setup is called (git-fixes).\n- nouveau: handle EBUSY and EAGAIN for GSP aux errors (git-fixes).\n- ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).\n- ntfs3: Add bounds checking to mi_enum_attr() (bsc#1233207)\n- nvme-fabrics: fix kernel crash while shutting down controller (git-fixes).\n- nvme-loop: flush off pending I/O while shutting down loop controller (git-fixes).\n- nvme-multipath: suppress partition scan until the disk is ready (bsc#1228244).\n- nvme-pci: fix freeing of the HMB descriptor table (git-fixes).\n- nvme-pci: fix race condition between reset and nvme_dev_disable() (git-fixes).\n- nvme-pci: qdepth 1 quirk (git-fixes).\n- nvme-pci: reverse request order in nvme_queue_rqs (git-fixes).\n- nvme-pci: set doorbell config before unquiescing (git-fixes).\n- nvme/host: Fix RCU list traversal to use SRCU primitive (git-fixes).\n- nvme: disable CC.CRIME (NVME_CC_CRIME) (jsc#PED-9901).\n- nvme: null terminate nvme_tls_attrs (git-fixes).\n- nvme: re-fix error-handling for io_uring nvme-passthrough (git-fixes).\n- nvme: tcp: avoid race between queue_lock lock and destroy (git-fixes).\n- nvmet-auth: assign dh_key to NULL after kfree_sensitive (git-fixes).\n- ocfs2: fix UBSAN warning in ocfs2_verify_volume() (git-fixes).\n- ocfs2: fix the la space leak when unmounting an ocfs2 volume (git-fixes).\n- ocfs2: fix uninit-value in ocfs2_get_block() (git-fixes).\n- ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow (git-fixes).\n- ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() (git-fixes).\n- ocfs2: uncache inode which has failed entering the group (git-fixes).\n- of: Add cleanup.h based auto release via __free(device_node) markings (bsc#1232386)\n- parport: Proper fix for array out-of-bounds access (git-fixes).\n- phy: freescale: imx8m-pcie: Do CMN_RST just before PHY PLL lock check (git-fixes).\n- phy: qcom: qmp-combo: move driver data initialisation earlier (git-fixes).\n- phy: qcom: qmp-usb: fix NULL-deref on runtime suspend (git-fixes).\n- phy: tegra: xusb: Add error pointer check in xusb.c (git-fixes).\n- phy: ti: phy-j721e-wiz: fix usxgmii configuration (git-fixes).\n- pinctrl: apple: check devm_kasprintf() returned value (git-fixes).\n- pinctrl: k210: Undef K210_PC_DEFAULT (git-fixes).\n- pinctrl: ocelot: fix system hang on level based interrupts (stable-fixes).\n- pinctrl: qcom: spmi: fix debugfs drive strength (git-fixes).\n- pinctrl: zynqmp: drop excess struct member description (git-fixes).\n- platform/chrome: cros_ec_typec: fix missing fwnode reference decrement (git-fixes).\n- platform/x86/amd/pmc: Detect when STB is not available (git-fixes).\n- platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug (git-fixes).\n- platform/x86: dell-sysman: add support for alienware products (stable-fixes).\n- platform/x86: dell-wmi: Ignore suspend notifications (stable-fixes).\n- platform/x86: lenovo-ymc: Ignore the 0x0 state (stable-fixes).\n- platform/x86: panasonic-laptop: Return errno correctly in show callback (git-fixes).\n- platform/x86: touchscreen_dmi: add nanote-next quirk (stable-fixes).\n- posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone (bsc#1234098).\n- power: reset: brcmstb: Do not go into infinite loop if reset fails (stable-fixes).\n- power: supply: bq27xxx: Fix registers of bq27426 (git-fixes).\n- power: supply: core: Remove might_sleep() from power_supply_put() (git-fixes).\n- power: supply: rt9471: Fix wrong WDT function regfield declaration (git-fixes).\n- power: supply: rt9471: Use IC status regfield to report real charger status (git-fixes).\n- powercap: intel_rapl: Fix off by one in get_rpi() (git-fixes).\n- powerpc/64: Convert patch_instruction() to patch_u32() (bsc#1194869).\n- powerpc/64s: Fix unnecessary copy to 0 when kernel is booted at address 0 (bsc#1215199).\n- powerpc/atomic: Use YZ constraints for DS-form instructions (bsc#1194869).\n- powerpc/boot: Handle allocation failure in simple_realloc() (bsc#1194869).\n- powerpc/boot: Only free if realloc() succeeds (bsc#1194869).\n- powerpc/code-patching: Add generic memory patching (bsc#1194869).\n- powerpc/code-patching: Perform hwsync in __patch_instruction() in case of failure (bsc#1194869).\n- powerpc/crypto: do not build aes-gcm-p10 by default (bsc#1230501 ltc#208632).\n- powerpc/crypto: fix missing skcipher dependency for aes-gcm-p10 (bsc#1230501 ltc#208632).\n- powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init() (bsc#1215199).\n- powerpc/fadump: Refactor and prepare fadump_cma_init for late init (bsc#1215199).\n- powerpc/kexec: Fix return of uninitialized variable (bsc#1194869).\n- powerpc/mm/fault: Fix kfence page fault reporting (bsc#1194869).\n- powerpc/mm: Fix boot crash with FLATMEM (bsc#1194869).\n- powerpc/mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL (bsc#1194869).\n- powerpc/powernv: Free name on error in opal_event_init() (bsc#1194869).\n- powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector (bsc#1194869).\n- powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore (bsc#1194869).\n- powerpc/pseries: Use correct data types from pseries_hp_errorlog struct (bsc#1215199).\n- powerpc/vdso: Fix VDSO data access when running in a non-root time namespace (bsc#1194869).\n- powerpc/vdso: Inconditionally use CFUNC macro (bsc#1215199).\n- powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu (bsc#1194869).\n- powerpc/xmon: Fix disassembly CPU feature checks (bsc#1065729).\n- printk: Add notation to console_srcu locking (bsc#1232183).\n- pwm: imx-tpm: Use correct MODULO value for EPWM mode (git-fixes).\n- qed: avoid truncating work queue length (git-fixes).\n- rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow (bsc#1226631).\n- rcu: Fix buffer overflow in print_cpu_stall_info() (bsc#1226623).\n- regmap: detach regmap from dev on regmap_exit (git-fixes).\n- regmap: irq: Set lockdep class for hierarchical IRQ domains (git-fixes).\n- rpm/check-for-config-changes: add HAVE_RUST and RUSTC_SUPPORTS_ to IGNORED_CONFIGS_RE They depend on SHADOW_CALL_STACK.\n- rpm/release-projects: Add SLFO projects (bsc#1231293).\n- rpm/scripts: Remove obsolete Symbols.list Symbols.list is not longer needed by the new klp-convert implementation. (bsc#1218644)\n- rpmsg: glink: Handle rejected intent request better (git-fixes).\n- rtc: ab-eoz9: do not fail temperature reads on undervoltage notification (git-fixes).\n- rtc: abx80x: Fix WDT bit position of the status register (git-fixes).\n- rtc: bbnsm: add remove hook (git-fixes).\n- rtc: check if __rtc_read_time was successful in rtc_timer_do_work() (git-fixes).\n- rtc: rzn1: fix BCD to rtc_time conversion errors (git-fixes).\n- rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).\n- runtime constants: add default dummy infrastructure (git-fixes).\n- runtime constants: add x86 architecture support (git-fixes).\n- s390/mm: Add cond_resched() to cmm_alloc/free_pages() (bsc#1228747).\n- s390/pci: Handle PCI error codes other than 0x3a (git-fixes bsc#1232629).\n- s390/sclp: Deactivate sclp after all its users (git-fixes bsc#1232628).\n- s390/sclp_vt220: Convert newlines to CRLF instead of LFCR (git-fixes bsc#1232627).\n- scsi: NCR5380: Check for phase match during PDMA fixup (git-fixes).\n- scsi: NCR5380: Initialize buffer for MSG IN and STATUS transfers (git-fixes).\n- scsi: Remove scsi device no_start_on_resume flag (git-fixes).\n- scsi: aacraid: Rearrange order of struct aac_srb_unit (git-fixes).\n- scsi: cdrom: kABI: fix cdrom_dev_ops change (git-fixes).\n- scsi: core: Disable CDL by default (git-fixes).\n- scsi: core: Fix handling of SCMD_FAIL_IF_RECOVERING (git-fixes).\n- scsi: core: Fix the return value of scsi_logical_block_count() (git-fixes).\n- scsi: core: Handle devices which return an unusually large VPD page count (git-fixes).\n- scsi: core: alua: I/O errors for ALUA state transitions (git-fixes).\n- scsi: fnic: Move flush_work initialization out of if block (bsc#1230055).\n- scsi: hisi_sas: Handle the NCQ error returned by D2H frame (git-fixes).\n- scsi: hpsa: Fix allocation size for Scsi_Host private data (git-fixes).\n- scsi: kABI: restore no_start_on_resume to scsi_device (git-fixes).\n- scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed (git-fixes).\n- scsi: libsas: Fix the failure of adding phy with zero-address to port (git-fixes).\n- scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in lpfc_els_flush_cmd() (bsc#1232757).\n- scsi: lpfc: Add cleanup of nvmels_wq after HBA reset (bsc#1233241 jsc#PED-9943).\n- scsi: lpfc: Call lpfc_sli4_queue_unset() in restart and rmmod paths (bsc#1233241 jsc#PED-9943).\n- scsi: lpfc: Change lpfc_nodelist nlp_flag member into a bitmask (bsc#1233241 jsc#PED-9943).\n- scsi: lpfc: Check SLI_ACTIVE flag in FDMI cmpl before submitting follow up FDMI (bsc#1233241 jsc#PED-9943).\n- scsi: lpfc: Check devloss callbk done flag for potential stale NDLP ptrs (bsc#1233241 jsc#PED-9943).\n- scsi: lpfc: Copyright updates for 14.4.0.6 patches (bsc#1233241 jsc#PED-9943).\n- scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance (bsc#1232757).\n- scsi: lpfc: Fix kref imbalance on fabric ndlps from dev_loss_tmo handler (bsc#1232757).\n- scsi: lpfc: Modify CGN warning signal calculation based on EDC response (bsc#1233241 jsc#PED-9943).\n- scsi: lpfc: Prevent NDLP reference count underflow in dev_loss_tmo callback (bsc#1233241 jsc#PED-9943).\n- scsi: lpfc: Remove NLP_RELEASE_RPI flag from nodelist structure (bsc#1233241 jsc#PED-9943).\n- scsi: lpfc: Remove trailing space after \\n newline (bsc#1232757).\n- scsi: lpfc: Restrict support for 32 byte CDBs to specific HBAs (bsc#1232757 bsc#1228119).\n- scsi: lpfc: Revise TRACE_EVENT log flag severities from KERN_ERR to KERN_WARNING (bsc#1232757).\n- scsi: lpfc: Support loopback tests with VMID enabled (bsc#1232757).\n- scsi: lpfc: Update lpfc version to 14.4.0.5 (bsc#1232757).\n- scsi: lpfc: Update lpfc version to 14.4.0.6 (bsc#1233241 jsc#PED-9943).\n- scsi: lpfc: Update lpfc_els_flush_cmd() to check for SLI_ACTIVE before BSG flag (bsc#1233241 jsc#PED-9943).\n- scsi: lpfc: Update phba link state conditional before sending CMF_SYNC_WQE (bsc#1232757).\n- scsi: mac_scsi: Disallow bus errors during PDMA send (git-fixes).\n- scsi: mac_scsi: Refactor polling loop (git-fixes).\n- scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages (git-fixes).\n- scsi: mpi3mr: Avoid IOMMU page faults on REPORT ZONES (git-fixes).\n- scsi: mpi3mr: Avoid memcpy field-spanning write WARNING (git-fixes).\n- scsi: mpi3mr: Avoid possible run-time warning with long manufacturer strings (git-fixes).\n- scsi: mpi3mr: Fix ATA NCQ priority support (git-fixes).\n- scsi: mpi3mr: Validate SAS port assignments (git-fixes).\n- scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES (git-fixes).\n- scsi: pm8001: Do not overwrite PCI queue mapping (git-fixes).\n- scsi: pm80xx: Set phy-\u003eenable_completion only when we wait for it (git-fixes).\n- scsi: qedf: Set qed_slowpath_params to zero before use (git-fixes).\n- scsi: scsi_transport_fc: Allow setting rport state to current state (git-fixes).\n- scsi: sd: Ignore command SYNCHRONIZE CACHE error if format in progress (git-fixes).\n- scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer (git-fixes).\n- scsi: smartpqi: correct stream detection (git-fixes).\n- scsi: smartpqi: revert propagate-the-multipath-failure-to-SML-quickly (git-fixes).\n- scsi: spi: Fix sshdr use (git-fixes).\n- scsi: sr: Fix unintentional arithmetic wraparound (git-fixes).\n- scsi: wd33c93: Do not use stale scsi_pointer value (git-fixes).\n- security/keys: fix slab-out-of-bounds in key_task_permission (git-fixes).\n- selftests/bpf: Add a test case to write mtu result into .rodata (git-fixes).\n- selftests/bpf: Add a test case to write strtol result into .rodata (git-fixes).\n- selftests/bpf: Add test for sign extension in coerce_subreg_to_size_sx() (git-fixes).\n- selftests/bpf: Add test for truncation after sign extension in coerce_reg_to_size_sx() (git-fixes).\n- selftests/bpf: Add tests for ldsx of pkt data/data_end/data_meta accesses (git-fixes).\n- selftests/bpf: Fix ARG_PTR_TO_LONG {half-,}uninitialized test (git-fixes).\n- selftests/bpf: Rename ARG_PTR_TO_LONG test description (git-fixes).\n- selftests/bpf: test for malformed BPF_CORE_TYPE_ID_LOCAL relocation (git-fixes).\n- serial: 8250: omap: Move pm_runtime_get_sync (git-fixes).\n- serial: imx: Update mctrl old_status on RTSD interrupt (git-fixes).\n- serial: protect uart_port_dtr_rts() in uart_shutdown() too (stable-fixes).\n- signal: Replace BUG_ON()s (bsc#1234093).\n- soc: fsl: rcpm: fix missing of_node_put() in copy_ippdexpcr1_setting() (git-fixes).\n- soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() (git-fixes).\n- soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).\n- soundwire: intel_bus_common: enable interrupts before exiting reset (stable-fixes).\n- spi: Fix acpi deferred irq probe (git-fixes).\n- spi: atmel-quadspi: Fix register name in verbose logging function (git-fixes).\n- spi: atmel-quadspi: Fix wrong register value written to MR (git-fixes).\n- spi: mpc52xx: Add cancel_work_sync before module remove (git-fixes).\n- spi: mtk-snfi: fix kerneldoc for mtk_snand_is_page_ops() (git-fixes).\n- spi: s3c64xx: fix timeout counters in flush_fifo (git-fixes).\n- spi: spi-fsl-dspi: Fix crash when not using GPIO chip select (git-fixes).\n- spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).\n- spi: tegra210-quad: Avoid shift-out-of-bounds (git-fixes).\n- splice: always fsnotify_access(in), fsnotify_modify(out) on success (git-fixes).\n- splice: fsnotify_access(fd)/fsnotify_modify(fd) in vmsplice (git-fixes).\n- splice: fsnotify_access(in), fsnotify_modify(out) on success in tee (git-fixes).\n- srcu: Fix callbacks acceleration mishandling (git-fixes).\n- staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() (git-fixes).\n- sumversion: Fix a memory leak in get_src_version() (git-fixes).\n- supported.conf: mark nhpoly1305 module as supported (bsc#1231035)\n- supported.conf: mark ultravisor userspace access as supported (bsc#1232090)\n- task_work: add kerneldoc annotation for \u0027data\u0027 argument (git-fixes).\n- tcp: Fix refcnt handling in __inet_hash_connect() (git-fixes).\n- thermal: core: Initialize thermal zones before registering them (git-fixes).\n- thermal: int3400: Fix reading of current_uuid for active policy (git-fixes).\n- thermal: intel: int340x: processor: Fix warning during module unload (git-fixes).\n- thunderbolt: Honor TMU requirements in the domain when setting TMU mode (stable-fixes).\n- thunderbolt: Improve DisplayPort tunnel setup process to be more robust (stable-fixes).\n- tools/lib/thermal: Fix sampling handler context ptr (git-fixes).\n- tools/power turbostat: Fix trailing \u0027\\n\u0027 parsing (git-fixes).\n- tools/power turbostat: Increase the limit for fd opened (bsc#1233119).\n- tools: hv: rm .*.cmd when make clean (git-fixes).\n- tpm: Lock TPM chip in tpm_pm_suspend() first (bsc#1082555 git-fixes).\n- tpm: fix signed/unsigned bug when checking event logs (git-fixes).\n- tracing/hwlat: Fix a race during cpuhp processing (git-fixes).\n- tracing/osnoise: Fix build when timerlat is not enabled (git-fixes).\n- tracing/osnoise: Skip running osnoise if all instances are off (git-fixes).\n- tracing/osnoise: Switch from PF_NO_SETAFFINITY to migrate_disable (git-fixes).\n- tracing/osnoise: Use a cpumask to know what threads are kthreads (git-fixes).\n- tracing/timerlat: Add interface_lock around clearing of kthread in stop_kthread() (git-fixes).\n- tracing/timerlat: Add user-space interface (git-fixes).\n- tracing/timerlat: Drop interface_lock in stop_kthread() (git-fixes).\n- tracing/timerlat: Fix a race during cpuhp processing (git-fixes).\n- tracing/timerlat: Fix duplicated kthread creation due to CPU online/offline (git-fixes).\n- tracing/timerlat: Move hrtimer_init to timerlat_fd open() (git-fixes).\n- tracing/timerlat: Only clear timer if a kthread exists (git-fixes).\n- tracing: Consider the NULL character when validating the event length (git-fixes).\n- tty: ldsic: fix tty_ldisc_autoload sysctl\u0027s proc_handler (git-fixes).\n- tty: n_gsm: Fix use-after-free in gsm_cleanup_mux (stable-fixes).\n- u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file (git-fixes).\n- ubifs: Fix adding orphan entry twice for the same inode (git-fixes).\n- ubifs: Fix unattached xattr inode if powercut happens after deleting (git-fixes).\n- ubifs: add check for crypto_shash_tfm_digest (git-fixes).\n- ubifs: dbg_orphan_check: Fix missed key type checking (git-fixes).\n- ucounts: fix counter leak in inc_rlimit_get_ucounts() (bsc#1233460).\n- unicode: Do not special case ignorable code points (stable-fixes).\n- unicode: Fix utf8_load() error path (git-fixes).\n- uprobe: avoid out-of-bounds memory access of fetching args (git-fixes).\n- uprobes: encapsulate preparation of uprobe args buffer (git-fixes).\n- uprobes: introduce the global struct vm_special_mapping xol_mapping (bsc#1231114).\n- uprobes: turn xol_area-\u003epages into xol_area-\u003epage (bsc#1231114).\n- usb: chipidea: udc: enable suspend interrupt after usb reset (stable-fixes).\n- usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the Crashkernel Scenario (stable-fixes).\n- usb: dwc3: Wait for EndXfer completion before restoring GUSB2PHYCFG (git-fixes).\n- usb: dwc3: core: Stop processing of pending events if controller is halted (git-fixes).\n- usb: dwc3: gadget: Add missing check for single port RAM in TxFIFO resizing logic (git-fixes).\n- usb: dwc3: gadget: Fix checking for number of TRBs left (git-fixes).\n- usb: dwc3: gadget: Fix looping of queued SG entries (git-fixes).\n- usb: ehci-spear: fix call balance of sehci clk handling routines (git-fixes).\n- usb: gadget: core: force synchronous registration (git-fixes).\n- usb: gadget: dummy_hcd: Set transfer interval to 1 microframe (stable-fixes).\n- usb: gadget: dummy_hcd: Switch to hrtimer transfer scheduler (stable-fixes).\n- usb: gadget: dummy_hcd: execute hrtimer callback in softirq context (git-fixes).\n- usb: gadget: f_uac2: Replace snprintf() with the safer scnprintf() variant (stable-fixes).\n- usb: gadget: f_uac2: fix non-newline-terminated function name (stable-fixes).\n- usb: gadget: f_uac2: fix return value for UAC2_ATTRIBUTE_STRING store (git-fixes).\n- usb: musb: Fix hardware lockup on first Rx endpoint request (git-fixes).\n- usb: musb: sunxi: Fix accessing an released usb phy (git-fixes).\n- usb: phy: Fix API devm_usb_put_phy() can not release the phy (git-fixes).\n- usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip (stable-fixes).\n- usb: typec: altmode should keep reference to parent (git-fixes).\n- usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() (git-fixes).\n- usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes() (git-fixes).\n- usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() (git-fixes).\n- usb: xhci: Fix TD invalidation under pending Set TR Dequeue (git-fixes).\n- usb: xhci: Fix problem with xhci resume from suspend (stable-fixes).\n- usb: xhci: fix loss of data on Cadence xHC (git-fixes).\n- usb: yurex: make waiting on yurex_write interruptible (git-fixes).\n- usbip: tools: Fix detach_port() invalid port error path (git-fixes).\n- usbnet: fix cyclical race on disconnect with work queue (git-fixes).\n- vdpa: Fix an error handling path in eni_vdpa_probe() (git-fixes).\n- vdpa_sim_blk: Fix the potential leak of mgmt_dev (git-fixes).\n- vdpa_sim_blk: allocate the buffer zeroed (git-fixes).\n- vduse: avoid using __GFP_NOFAIL (git-fixes).\n- vfs: dcache: move hashlen_hash() from callers into d_hash() (git-fixes).\n- vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (git-fixes).\n- vhost_vdpa: assign irq bypass producer token correctly (git-fixes).\n- virtio_console: fix misc probe bugs (git-fixes).\n- vmalloc: modify the alloc_vmap_area() error message for better diagnostics (jsc#PED-10978).\n- vmxnet3: Add XDP support (bsc#1226498).\n- vmxnet3: Fix missing reserved tailroom (bsc#1226498).\n- vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame (bsc#1226498).\n- vmxnet3: add command to allow disabling of offloads (bsc#1226498).\n- vmxnet3: add latency measurement support in vmxnet3 (bsc#1226498).\n- vmxnet3: prepare for version 9 changes (bsc#1226498).\n- vmxnet3: update to version 9 (bsc#1226498).\n- vsock: Update msg_count on read_skb() (git-fixes).\n- vt: prevent kernel-infoleak in con_font_get() (git-fixes).\n- watchdog: apple: Actually flush writes after requesting watchdog restart (git-fixes).\n- watchdog: mediatek: Make sure system reset gets asserted in mtk_wdt_restart() (git-fixes).\n- watchdog: rti: of: honor timeout-sec property (git-fixes).\n- wifi: ath10k: Fix memory leak in management tx (git-fixes).\n- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1 (git-fixes).\n- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2 (git-fixes).\n- wifi: ath11k: Fix CE offset address calculation for WCN6750 in SSR (git-fixes).\n- wifi: ath11k: Fix invalid ring usage in full monitor mode (git-fixes).\n- wifi: ath11k: fix array out-of-bound access in SoC stats (stable-fixes).\n- wifi: ath12k: Skip Rx TID cleanup for self peer (git-fixes).\n- wifi: ath12k: fix array out-of-bound access in SoC stats (stable-fixes).\n- wifi: ath12k: fix crash when unbinding (git-fixes).\n- wifi: ath12k: fix warning when unbinding (git-fixes).\n- wifi: ath12k: remove msdu_end structure for WCN7850 (git-fixes).\n- wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (git-fixes).\n- wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() (stable-fixes).\n- wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit (stable-fixes).\n- wifi: brcm80211: BRCM_TRACING should depend on TRACING (git-fixes).\n- wifi: brcmfmac: release \u0027root\u0027 node in all execution paths (git-fixes).\n- wifi: cfg80211: Set correct chandef when starting CAC (stable-fixes).\n- wifi: cfg80211: clear wdev-\u003ecqm_config pointer on free (git-fixes).\n- wifi: cw1200: Fix potential NULL dereference (git-fixes).\n- wifi: iwlegacy: Clear stale interrupts before resuming device (stable-fixes).\n- wifi: iwlegacy: Fix \"field-spanning write\" warning in il_enqueue_hcmd() (git-fixes).\n- wifi: iwlwifi: allow only CN mcc from WRDD (stable-fixes).\n- wifi: iwlwifi: config: label \u0027gl\u0027 devices as discrete (git-fixes).\n- wifi: iwlwifi: mvm: Fix a race in scan abort flow (stable-fixes).\n- wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() (git-fixes).\n- wifi: iwlwifi: mvm: avoid NULL pointer dereference (stable-fixes).\n- wifi: iwlwifi: mvm: do not add default link in fw restart flow (git-fixes).\n- wifi: iwlwifi: mvm: do not leak a link on AP removal (git-fixes).\n- wifi: iwlwifi: mvm: drop wrong STA selection in TX (stable-fixes).\n- wifi: iwlwifi: mvm: use correct key iteration (stable-fixes).\n- wifi: iwlwifi: remove AX101, AX201 and AX203 support from LNL (stable-fixes).\n- wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower (git-fixes).\n- wifi: mac80211: fix RCU list iterations (stable-fixes).\n- wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys (git-fixes).\n- wifi: mt76: mt7915: add dummy HW offload of IEEE 802.11 fragmentation (stable-fixes).\n- wifi: mt76: mt7915: disable tx worker during tx BA session enable/disable (stable-fixes).\n- wifi: mt76: mt7915: hold dev-\u003emt76.mutex while disabling tx worker (stable-fixes).\n- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() (stable-fixes).\n- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (git-fixes).\n- wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).\n- wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).\n- wifi: rtw88: 8821cu: Remove VID/PID 0bda:c82c (stable-fixes).\n- wifi: rtw88: Fix USB/SDIO devices not transmitting beacons (git-fixes).\n- wifi: rtw88: select WANT_DEV_COREDUMP (stable-fixes).\n- wifi: rtw89: avoid reading out of bounds when loading TX power FW elements (stable-fixes).\n- wifi: rtw89: avoid to add interface to list twice when SER (stable-fixes).\n- wifi: rtw89: correct base HT rate mask for firmware (stable-fixes).\n- wifi: wfx: Fix error handling in wfx_core_init() (git-fixes).\n- x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client (bsc#1233443).\n- x86/CPU/AMD: Only apply Zenbleed fix for Zen2 during late microcode load (git-fixes).\n- x86/Documentation: Indent \u0027note::\u0027 directive for protocol version number note (git-fixes).\n- x86/PCI: Check pcie_find_root_port() return for NULL (git-fixes).\n- x86/amd_nb: Add new PCI IDs for AMD family 1Ah model 60h (git-fixes).\n- x86/apic: Always explicitly disarm TSC-deadline timer (git-fixes).\n- x86/apic: Make x2apic_disable() work correctly (git-fixes).\n- x86/bugs: Do not use UNTRAIN_RET with IBPB on entry (git-fixes).\n- x86/bugs: Skip RSB fill at VMEXIT (git-fixes).\n- x86/cpufeatures: Add a IBPB_NO_RET BUG flag (git-fixes).\n- x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET (git-fixes).\n- x86/entry: Have entry_ibpb() invalidate return predictions (git-fixes).\n- x86/entry: Remove unwanted instrumentation in common_interrupt() (git-fixes).\n- x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency (git-fixes).\n- x86/microcode/intel: Remove unnecessary cache writeback and invalidation (git-fixes).\n- x86/mm: Use IPIs to synchronize LAM enablement (git-fixes).\n- x86/resctrl: Annotate get_mem_config() functions as __init (git-fixes).\n- x86/resctrl: Avoid overflow in MB settings in bw_validate() (git-fixes).\n- x86/resctrl: Remove hard-coded memory bandwidth limit (git-fixes).\n- x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler (git-fixes).\n- x86/syscall: Avoid memcpy() for ia32 syscall_get_arguments() (git-fixes).\n- x86/tdx: Dynamically disable SEPT violations from causing #VEs (git-fixes).\n- x86/tdx: Enable CPU topology enumeration (git-fixes).\n- x86/tdx: Introduce wrappers to read and write TD metadata (git-fixes).\n- x86/tdx: Rename tdx_parse_tdinfo() to tdx_setup() (git-fixes).\n- x86/traps: move kmsan check after instrumentation_begin (git-fixes).\n- x86: Increase brk randomness entropy for 64-bit systems (git-fixes).\n- x86: do the user address masking outside the user access area (git-fixes).\n- x86: fix off-by-one in access_ok() (git-fixes).\n- x86: fix user address masking non-canonical speculation issue (git-fixes).\n- x86: make the masked_user_access_begin() macro use its argument only once (git-fixes).\n- x86: support user address masking instead of non-speculative conditional (git-fixes).\n- xfrm: Export symbol xfrm_dev_state_delete (bsc#1233754).\n- xfrm: Fix unregister netdevice hang on hardware offload (bsc#1233754).\n- xfs: check opcode and iovec count match in xlog_recover_attri_commit_pass2 (git-fixes).\n- xfs: check shortform attr entry flags specifically (git-fixes).\n- xfs: convert delayed extents to unwritten when zeroing post eof blocks (git-fixes).\n- xfs: fix finding a last resort AG in xfs_filestream_pick_ag (git-fixes).\n- xfs: fix freeing speculative preallocations for preallocated files (git-fixes).\n- xfs: make sure sb_fdblocks is non-negative (git-fixes).\n- xfs: make the seq argument to xfs_bmapi_convert_delalloc() optional (git-fixes).\n- xfs: make xfs_bmapi_convert_delalloc() to allocate the target offset (git-fixes).\n- xfs: remove a racy if_bytes check in xfs_reflink_end_cow_extent (git-fixes).\n- xfs: validate recovered name buffers when recovering xattr items (git-fixes).\n- xhci: Add a quirk for writing ERST in high-low order (git-fixes).\n- xhci: Fix Link TRB DMA in command ring stopped completion event (git-fixes).\n- xhci: Fix incorrect stream context type macro (git-fixes).\n- xhci: Mitigate failed set dequeue pointer commands (git-fixes).\n- xhci: Use pm_runtime_get to prevent RPM on unsupported systems (git-fixes).\n- xhci: tegra: fix checked USB2 port number (git-fixes).\n- zonefs: Improve error handling (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-kernel-1",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20247-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20247-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520247-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20247-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021076.html"
},
{
"category": "self",
"summary": "SUSE Bug 1012628",
"url": "https://bugzilla.suse.com/1012628"
},
{
"category": "self",
"summary": "SUSE Bug 1065729",
"url": "https://bugzilla.suse.com/1065729"
},
{
"category": "self",
"summary": "SUSE Bug 1082555",
"url": "https://bugzilla.suse.com/1082555"
},
{
"category": "self",
"summary": "SUSE Bug 1194869",
"url": "https://bugzilla.suse.com/1194869"
},
{
"category": "self",
"summary": "SUSE Bug 1215199",
"url": "https://bugzilla.suse.com/1215199"
},
{
"category": "self",
"summary": "SUSE Bug 1217845",
"url": "https://bugzilla.suse.com/1217845"
},
{
"category": "self",
"summary": "SUSE Bug 1218562",
"url": "https://bugzilla.suse.com/1218562"
},
{
"category": "self",
"summary": "SUSE Bug 1218644",
"url": "https://bugzilla.suse.com/1218644"
},
{
"category": "self",
"summary": "SUSE Bug 1219596",
"url": "https://bugzilla.suse.com/1219596"
},
{
"category": "self",
"summary": "SUSE Bug 1219803",
"url": "https://bugzilla.suse.com/1219803"
},
{
"category": "self",
"summary": "SUSE Bug 1220355",
"url": "https://bugzilla.suse.com/1220355"
},
{
"category": "self",
"summary": "SUSE Bug 1220382",
"url": "https://bugzilla.suse.com/1220382"
},
{
"category": "self",
"summary": "SUSE Bug 1221309",
"url": "https://bugzilla.suse.com/1221309"
},
{
"category": "self",
"summary": "SUSE Bug 1222423",
"url": "https://bugzilla.suse.com/1222423"
},
{
"category": "self",
"summary": "SUSE Bug 1222587",
"url": "https://bugzilla.suse.com/1222587"
},
{
"category": "self",
"summary": "SUSE Bug 1222590",
"url": "https://bugzilla.suse.com/1222590"
},
{
"category": "self",
"summary": "SUSE Bug 1223112",
"url": "https://bugzilla.suse.com/1223112"
},
{
"category": "self",
"summary": "SUSE Bug 1223384",
"url": "https://bugzilla.suse.com/1223384"
},
{
"category": "self",
"summary": "SUSE Bug 1223656",
"url": "https://bugzilla.suse.com/1223656"
},
{
"category": "self",
"summary": "SUSE Bug 1223700",
"url": "https://bugzilla.suse.com/1223700"
},
{
"category": "self",
"summary": "SUSE Bug 1223733",
"url": "https://bugzilla.suse.com/1223733"
},
{
"category": "self",
"summary": "SUSE Bug 1223824",
"url": "https://bugzilla.suse.com/1223824"
},
{
"category": "self",
"summary": "SUSE Bug 1223848",
"url": "https://bugzilla.suse.com/1223848"
},
{
"category": "self",
"summary": "SUSE Bug 1224088",
"url": "https://bugzilla.suse.com/1224088"
},
{
"category": "self",
"summary": "SUSE Bug 1224429",
"url": "https://bugzilla.suse.com/1224429"
},
{
"category": "self",
"summary": "SUSE Bug 1224518",
"url": "https://bugzilla.suse.com/1224518"
},
{
"category": "self",
"summary": "SUSE Bug 1224548",
"url": "https://bugzilla.suse.com/1224548"
},
{
"category": "self",
"summary": "SUSE Bug 1224574",
"url": "https://bugzilla.suse.com/1224574"
},
{
"category": "self",
"summary": "SUSE Bug 1224948",
"url": "https://bugzilla.suse.com/1224948"
},
{
"category": "self",
"summary": "SUSE Bug 1225611",
"url": "https://bugzilla.suse.com/1225611"
},
{
"category": "self",
"summary": "SUSE Bug 1225713",
"url": "https://bugzilla.suse.com/1225713"
},
{
"category": "self",
"summary": "SUSE Bug 1225725",
"url": "https://bugzilla.suse.com/1225725"
},
{
"category": "self",
"summary": "SUSE Bug 1225730",
"url": "https://bugzilla.suse.com/1225730"
},
{
"category": "self",
"summary": "SUSE Bug 1225742",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "self",
"summary": "SUSE Bug 1225764",
"url": "https://bugzilla.suse.com/1225764"
},
{
"category": "self",
"summary": "SUSE Bug 1225768",
"url": "https://bugzilla.suse.com/1225768"
},
{
"category": "self",
"summary": "SUSE Bug 1225813",
"url": "https://bugzilla.suse.com/1225813"
},
{
"category": "self",
"summary": "SUSE Bug 1225903",
"url": "https://bugzilla.suse.com/1225903"
},
{
"category": "self",
"summary": "SUSE Bug 1226003",
"url": "https://bugzilla.suse.com/1226003"
},
{
"category": "self",
"summary": "SUSE Bug 1226130",
"url": "https://bugzilla.suse.com/1226130"
},
{
"category": "self",
"summary": "SUSE Bug 1226498",
"url": "https://bugzilla.suse.com/1226498"
},
{
"category": "self",
"summary": "SUSE Bug 1226623",
"url": "https://bugzilla.suse.com/1226623"
},
{
"category": "self",
"summary": "SUSE Bug 1226631",
"url": "https://bugzilla.suse.com/1226631"
},
{
"category": "self",
"summary": "SUSE Bug 1226748",
"url": "https://bugzilla.suse.com/1226748"
},
{
"category": "self",
"summary": "SUSE Bug 1226797",
"url": "https://bugzilla.suse.com/1226797"
},
{
"category": "self",
"summary": "SUSE Bug 1226848",
"url": "https://bugzilla.suse.com/1226848"
},
{
"category": "self",
"summary": "SUSE Bug 1226872",
"url": "https://bugzilla.suse.com/1226872"
},
{
"category": "self",
"summary": "SUSE Bug 1227726",
"url": "https://bugzilla.suse.com/1227726"
},
{
"category": "self",
"summary": "SUSE Bug 1227842",
"url": "https://bugzilla.suse.com/1227842"
},
{
"category": "self",
"summary": "SUSE Bug 1228119",
"url": "https://bugzilla.suse.com/1228119"
},
{
"category": "self",
"summary": "SUSE Bug 1228244",
"url": "https://bugzilla.suse.com/1228244"
},
{
"category": "self",
"summary": "SUSE Bug 1228269",
"url": "https://bugzilla.suse.com/1228269"
},
{
"category": "self",
"summary": "SUSE Bug 1228410",
"url": "https://bugzilla.suse.com/1228410"
},
{
"category": "self",
"summary": "SUSE Bug 1228430",
"url": "https://bugzilla.suse.com/1228430"
},
{
"category": "self",
"summary": "SUSE Bug 1228454",
"url": "https://bugzilla.suse.com/1228454"
},
{
"category": "self",
"summary": "SUSE Bug 1228537",
"url": "https://bugzilla.suse.com/1228537"
},
{
"category": "self",
"summary": "SUSE Bug 1228620",
"url": "https://bugzilla.suse.com/1228620"
},
{
"category": "self",
"summary": "SUSE Bug 1228743",
"url": "https://bugzilla.suse.com/1228743"
},
{
"category": "self",
"summary": "SUSE Bug 1228747",
"url": "https://bugzilla.suse.com/1228747"
},
{
"category": "self",
"summary": "SUSE Bug 1228850",
"url": "https://bugzilla.suse.com/1228850"
},
{
"category": "self",
"summary": "SUSE Bug 1228857",
"url": "https://bugzilla.suse.com/1228857"
},
{
"category": "self",
"summary": "SUSE Bug 1229019",
"url": "https://bugzilla.suse.com/1229019"
},
{
"category": "self",
"summary": "SUSE Bug 1229165",
"url": "https://bugzilla.suse.com/1229165"
},
{
"category": "self",
"summary": "SUSE Bug 1229429",
"url": "https://bugzilla.suse.com/1229429"
},
{
"category": "self",
"summary": "SUSE Bug 1229450",
"url": "https://bugzilla.suse.com/1229450"
},
{
"category": "self",
"summary": "SUSE Bug 1229585",
"url": "https://bugzilla.suse.com/1229585"
},
{
"category": "self",
"summary": "SUSE Bug 1229677",
"url": "https://bugzilla.suse.com/1229677"
},
{
"category": "self",
"summary": "SUSE Bug 1229769",
"url": "https://bugzilla.suse.com/1229769"
},
{
"category": "self",
"summary": "SUSE Bug 1229808",
"url": "https://bugzilla.suse.com/1229808"
},
{
"category": "self",
"summary": "SUSE Bug 1229891",
"url": "https://bugzilla.suse.com/1229891"
},
{
"category": "self",
"summary": "SUSE Bug 1230055",
"url": "https://bugzilla.suse.com/1230055"
},
{
"category": "self",
"summary": "SUSE Bug 1230132",
"url": "https://bugzilla.suse.com/1230132"
},
{
"category": "self",
"summary": "SUSE Bug 1230179",
"url": "https://bugzilla.suse.com/1230179"
},
{
"category": "self",
"summary": "SUSE Bug 1230220",
"url": "https://bugzilla.suse.com/1230220"
},
{
"category": "self",
"summary": "SUSE Bug 1230231",
"url": "https://bugzilla.suse.com/1230231"
},
{
"category": "self",
"summary": "SUSE Bug 1230289",
"url": "https://bugzilla.suse.com/1230289"
},
{
"category": "self",
"summary": "SUSE Bug 1230295",
"url": "https://bugzilla.suse.com/1230295"
},
{
"category": "self",
"summary": "SUSE Bug 1230339",
"url": "https://bugzilla.suse.com/1230339"
},
{
"category": "self",
"summary": "SUSE Bug 1230341",
"url": "https://bugzilla.suse.com/1230341"
},
{
"category": "self",
"summary": "SUSE Bug 1230375",
"url": "https://bugzilla.suse.com/1230375"
},
{
"category": "self",
"summary": "SUSE Bug 1230414",
"url": "https://bugzilla.suse.com/1230414"
},
{
"category": "self",
"summary": "SUSE Bug 1230429",
"url": "https://bugzilla.suse.com/1230429"
},
{
"category": "self",
"summary": "SUSE Bug 1230456",
"url": "https://bugzilla.suse.com/1230456"
},
{
"category": "self",
"summary": "SUSE Bug 1230501",
"url": "https://bugzilla.suse.com/1230501"
},
{
"category": "self",
"summary": "SUSE Bug 1230527",
"url": "https://bugzilla.suse.com/1230527"
},
{
"category": "self",
"summary": "SUSE Bug 1230550",
"url": "https://bugzilla.suse.com/1230550"
},
{
"category": "self",
"summary": "SUSE Bug 1230557",
"url": "https://bugzilla.suse.com/1230557"
},
{
"category": "self",
"summary": "SUSE Bug 1230558",
"url": "https://bugzilla.suse.com/1230558"
},
{
"category": "self",
"summary": "SUSE Bug 1230600",
"url": "https://bugzilla.suse.com/1230600"
},
{
"category": "self",
"summary": "SUSE Bug 1230620",
"url": "https://bugzilla.suse.com/1230620"
},
{
"category": "self",
"summary": "SUSE Bug 1230710",
"url": "https://bugzilla.suse.com/1230710"
},
{
"category": "self",
"summary": "SUSE Bug 1230733",
"url": "https://bugzilla.suse.com/1230733"
},
{
"category": "self",
"summary": "SUSE Bug 1230762",
"url": "https://bugzilla.suse.com/1230762"
},
{
"category": "self",
"summary": "SUSE Bug 1230763",
"url": "https://bugzilla.suse.com/1230763"
},
{
"category": "self",
"summary": "SUSE Bug 1230773",
"url": "https://bugzilla.suse.com/1230773"
},
{
"category": "self",
"summary": "SUSE Bug 1230774",
"url": "https://bugzilla.suse.com/1230774"
},
{
"category": "self",
"summary": "SUSE Bug 1230801",
"url": "https://bugzilla.suse.com/1230801"
},
{
"category": "self",
"summary": "SUSE Bug 1230807",
"url": "https://bugzilla.suse.com/1230807"
},
{
"category": "self",
"summary": "SUSE Bug 1230817",
"url": "https://bugzilla.suse.com/1230817"
},
{
"category": "self",
"summary": "SUSE Bug 1230827",
"url": "https://bugzilla.suse.com/1230827"
},
{
"category": "self",
"summary": "SUSE Bug 1230831",
"url": "https://bugzilla.suse.com/1230831"
},
{
"category": "self",
"summary": "SUSE Bug 1230914",
"url": "https://bugzilla.suse.com/1230914"
},
{
"category": "self",
"summary": "SUSE Bug 1230918",
"url": "https://bugzilla.suse.com/1230918"
},
{
"category": "self",
"summary": "SUSE Bug 1230971",
"url": "https://bugzilla.suse.com/1230971"
},
{
"category": "self",
"summary": "SUSE Bug 1231016",
"url": "https://bugzilla.suse.com/1231016"
},
{
"category": "self",
"summary": "SUSE Bug 1231035",
"url": "https://bugzilla.suse.com/1231035"
},
{
"category": "self",
"summary": "SUSE Bug 1231072",
"url": "https://bugzilla.suse.com/1231072"
},
{
"category": "self",
"summary": "SUSE Bug 1231073",
"url": "https://bugzilla.suse.com/1231073"
},
{
"category": "self",
"summary": "SUSE Bug 1231075",
"url": "https://bugzilla.suse.com/1231075"
},
{
"category": "self",
"summary": "SUSE Bug 1231076",
"url": "https://bugzilla.suse.com/1231076"
},
{
"category": "self",
"summary": "SUSE Bug 1231081",
"url": "https://bugzilla.suse.com/1231081"
},
{
"category": "self",
"summary": "SUSE Bug 1231082",
"url": "https://bugzilla.suse.com/1231082"
},
{
"category": "self",
"summary": "SUSE Bug 1231083",
"url": "https://bugzilla.suse.com/1231083"
},
{
"category": "self",
"summary": "SUSE Bug 1231084",
"url": "https://bugzilla.suse.com/1231084"
},
{
"category": "self",
"summary": "SUSE Bug 1231085",
"url": "https://bugzilla.suse.com/1231085"
},
{
"category": "self",
"summary": "SUSE Bug 1231087",
"url": "https://bugzilla.suse.com/1231087"
},
{
"category": "self",
"summary": "SUSE Bug 1231089",
"url": "https://bugzilla.suse.com/1231089"
},
{
"category": "self",
"summary": "SUSE Bug 1231092",
"url": "https://bugzilla.suse.com/1231092"
},
{
"category": "self",
"summary": "SUSE Bug 1231093",
"url": "https://bugzilla.suse.com/1231093"
},
{
"category": "self",
"summary": "SUSE Bug 1231094",
"url": "https://bugzilla.suse.com/1231094"
},
{
"category": "self",
"summary": "SUSE Bug 1231096",
"url": "https://bugzilla.suse.com/1231096"
},
{
"category": "self",
"summary": "SUSE Bug 1231098",
"url": "https://bugzilla.suse.com/1231098"
},
{
"category": "self",
"summary": "SUSE Bug 1231100",
"url": "https://bugzilla.suse.com/1231100"
},
{
"category": "self",
"summary": "SUSE Bug 1231101",
"url": "https://bugzilla.suse.com/1231101"
},
{
"category": "self",
"summary": "SUSE Bug 1231102",
"url": "https://bugzilla.suse.com/1231102"
},
{
"category": "self",
"summary": "SUSE Bug 1231105",
"url": "https://bugzilla.suse.com/1231105"
},
{
"category": "self",
"summary": "SUSE Bug 1231108",
"url": "https://bugzilla.suse.com/1231108"
},
{
"category": "self",
"summary": "SUSE Bug 1231111",
"url": "https://bugzilla.suse.com/1231111"
},
{
"category": "self",
"summary": "SUSE Bug 1231114",
"url": "https://bugzilla.suse.com/1231114"
},
{
"category": "self",
"summary": "SUSE Bug 1231115",
"url": "https://bugzilla.suse.com/1231115"
},
{
"category": "self",
"summary": "SUSE Bug 1231116",
"url": "https://bugzilla.suse.com/1231116"
},
{
"category": "self",
"summary": "SUSE Bug 1231117",
"url": "https://bugzilla.suse.com/1231117"
},
{
"category": "self",
"summary": "SUSE Bug 1231131",
"url": "https://bugzilla.suse.com/1231131"
},
{
"category": "self",
"summary": "SUSE Bug 1231132",
"url": "https://bugzilla.suse.com/1231132"
},
{
"category": "self",
"summary": "SUSE Bug 1231135",
"url": "https://bugzilla.suse.com/1231135"
},
{
"category": "self",
"summary": "SUSE Bug 1231136",
"url": "https://bugzilla.suse.com/1231136"
},
{
"category": "self",
"summary": "SUSE Bug 1231138",
"url": "https://bugzilla.suse.com/1231138"
},
{
"category": "self",
"summary": "SUSE Bug 1231148",
"url": "https://bugzilla.suse.com/1231148"
},
{
"category": "self",
"summary": "SUSE Bug 1231169",
"url": "https://bugzilla.suse.com/1231169"
},
{
"category": "self",
"summary": "SUSE Bug 1231170",
"url": "https://bugzilla.suse.com/1231170"
},
{
"category": "self",
"summary": "SUSE Bug 1231171",
"url": "https://bugzilla.suse.com/1231171"
},
{
"category": "self",
"summary": "SUSE Bug 1231178",
"url": "https://bugzilla.suse.com/1231178"
},
{
"category": "self",
"summary": "SUSE Bug 1231179",
"url": "https://bugzilla.suse.com/1231179"
},
{
"category": "self",
"summary": "SUSE Bug 1231182",
"url": "https://bugzilla.suse.com/1231182"
},
{
"category": "self",
"summary": "SUSE Bug 1231183",
"url": "https://bugzilla.suse.com/1231183"
},
{
"category": "self",
"summary": "SUSE Bug 1231187",
"url": "https://bugzilla.suse.com/1231187"
},
{
"category": "self",
"summary": "SUSE Bug 1231191",
"url": "https://bugzilla.suse.com/1231191"
},
{
"category": "self",
"summary": "SUSE Bug 1231193",
"url": "https://bugzilla.suse.com/1231193"
},
{
"category": "self",
"summary": "SUSE Bug 1231195",
"url": "https://bugzilla.suse.com/1231195"
},
{
"category": "self",
"summary": "SUSE Bug 1231197",
"url": "https://bugzilla.suse.com/1231197"
},
{
"category": "self",
"summary": "SUSE Bug 1231200",
"url": "https://bugzilla.suse.com/1231200"
},
{
"category": "self",
"summary": "SUSE Bug 1231202",
"url": "https://bugzilla.suse.com/1231202"
},
{
"category": "self",
"summary": "SUSE Bug 1231203",
"url": "https://bugzilla.suse.com/1231203"
},
{
"category": "self",
"summary": "SUSE Bug 1231276",
"url": "https://bugzilla.suse.com/1231276"
},
{
"category": "self",
"summary": "SUSE Bug 1231293",
"url": "https://bugzilla.suse.com/1231293"
},
{
"category": "self",
"summary": "SUSE Bug 1231384",
"url": "https://bugzilla.suse.com/1231384"
},
{
"category": "self",
"summary": "SUSE Bug 1231434",
"url": "https://bugzilla.suse.com/1231434"
},
{
"category": "self",
"summary": "SUSE Bug 1231435",
"url": "https://bugzilla.suse.com/1231435"
},
{
"category": "self",
"summary": "SUSE Bug 1231436",
"url": "https://bugzilla.suse.com/1231436"
},
{
"category": "self",
"summary": "SUSE Bug 1231439",
"url": "https://bugzilla.suse.com/1231439"
},
{
"category": "self",
"summary": "SUSE Bug 1231440",
"url": "https://bugzilla.suse.com/1231440"
},
{
"category": "self",
"summary": "SUSE Bug 1231441",
"url": "https://bugzilla.suse.com/1231441"
},
{
"category": "self",
"summary": "SUSE Bug 1231442",
"url": "https://bugzilla.suse.com/1231442"
},
{
"category": "self",
"summary": "SUSE Bug 1231452",
"url": "https://bugzilla.suse.com/1231452"
},
{
"category": "self",
"summary": "SUSE Bug 1231453",
"url": "https://bugzilla.suse.com/1231453"
},
{
"category": "self",
"summary": "SUSE Bug 1231465",
"url": "https://bugzilla.suse.com/1231465"
},
{
"category": "self",
"summary": "SUSE Bug 1231474",
"url": "https://bugzilla.suse.com/1231474"
},
{
"category": "self",
"summary": "SUSE Bug 1231481",
"url": "https://bugzilla.suse.com/1231481"
},
{
"category": "self",
"summary": "SUSE Bug 1231496",
"url": "https://bugzilla.suse.com/1231496"
},
{
"category": "self",
"summary": "SUSE Bug 1231502",
"url": "https://bugzilla.suse.com/1231502"
},
{
"category": "self",
"summary": "SUSE Bug 1231537",
"url": "https://bugzilla.suse.com/1231537"
},
{
"category": "self",
"summary": "SUSE Bug 1231539",
"url": "https://bugzilla.suse.com/1231539"
},
{
"category": "self",
"summary": "SUSE Bug 1231540",
"url": "https://bugzilla.suse.com/1231540"
},
{
"category": "self",
"summary": "SUSE Bug 1231541",
"url": "https://bugzilla.suse.com/1231541"
},
{
"category": "self",
"summary": "SUSE Bug 1231617",
"url": "https://bugzilla.suse.com/1231617"
},
{
"category": "self",
"summary": "SUSE Bug 1231630",
"url": "https://bugzilla.suse.com/1231630"
},
{
"category": "self",
"summary": "SUSE Bug 1231634",
"url": "https://bugzilla.suse.com/1231634"
},
{
"category": "self",
"summary": "SUSE Bug 1231635",
"url": "https://bugzilla.suse.com/1231635"
},
{
"category": "self",
"summary": "SUSE Bug 1231636",
"url": "https://bugzilla.suse.com/1231636"
},
{
"category": "self",
"summary": "SUSE Bug 1231637",
"url": "https://bugzilla.suse.com/1231637"
},
{
"category": "self",
"summary": "SUSE Bug 1231638",
"url": "https://bugzilla.suse.com/1231638"
},
{
"category": "self",
"summary": "SUSE Bug 1231639",
"url": "https://bugzilla.suse.com/1231639"
},
{
"category": "self",
"summary": "SUSE Bug 1231640",
"url": "https://bugzilla.suse.com/1231640"
},
{
"category": "self",
"summary": "SUSE Bug 1231673",
"url": "https://bugzilla.suse.com/1231673"
},
{
"category": "self",
"summary": "SUSE Bug 1231828",
"url": "https://bugzilla.suse.com/1231828"
},
{
"category": "self",
"summary": "SUSE Bug 1231849",
"url": "https://bugzilla.suse.com/1231849"
},
{
"category": "self",
"summary": "SUSE Bug 1231855",
"url": "https://bugzilla.suse.com/1231855"
},
{
"category": "self",
"summary": "SUSE Bug 1231856",
"url": "https://bugzilla.suse.com/1231856"
},
{
"category": "self",
"summary": "SUSE Bug 1231857",
"url": "https://bugzilla.suse.com/1231857"
},
{
"category": "self",
"summary": "SUSE Bug 1231858",
"url": "https://bugzilla.suse.com/1231858"
},
{
"category": "self",
"summary": "SUSE Bug 1231859",
"url": "https://bugzilla.suse.com/1231859"
},
{
"category": "self",
"summary": "SUSE Bug 1231860",
"url": "https://bugzilla.suse.com/1231860"
},
{
"category": "self",
"summary": "SUSE Bug 1231861",
"url": "https://bugzilla.suse.com/1231861"
},
{
"category": "self",
"summary": "SUSE Bug 1231864",
"url": "https://bugzilla.suse.com/1231864"
},
{
"category": "self",
"summary": "SUSE Bug 1231865",
"url": "https://bugzilla.suse.com/1231865"
},
{
"category": "self",
"summary": "SUSE Bug 1231868",
"url": "https://bugzilla.suse.com/1231868"
},
{
"category": "self",
"summary": "SUSE Bug 1231869",
"url": "https://bugzilla.suse.com/1231869"
},
{
"category": "self",
"summary": "SUSE Bug 1231871",
"url": "https://bugzilla.suse.com/1231871"
},
{
"category": "self",
"summary": "SUSE Bug 1231872",
"url": "https://bugzilla.suse.com/1231872"
},
{
"category": "self",
"summary": "SUSE Bug 1231901",
"url": "https://bugzilla.suse.com/1231901"
},
{
"category": "self",
"summary": "SUSE Bug 1231902",
"url": "https://bugzilla.suse.com/1231902"
},
{
"category": "self",
"summary": "SUSE Bug 1231903",
"url": "https://bugzilla.suse.com/1231903"
},
{
"category": "self",
"summary": "SUSE Bug 1231904",
"url": "https://bugzilla.suse.com/1231904"
},
{
"category": "self",
"summary": "SUSE Bug 1231906",
"url": "https://bugzilla.suse.com/1231906"
},
{
"category": "self",
"summary": "SUSE Bug 1231907",
"url": "https://bugzilla.suse.com/1231907"
},
{
"category": "self",
"summary": "SUSE Bug 1231908",
"url": "https://bugzilla.suse.com/1231908"
},
{
"category": "self",
"summary": "SUSE Bug 1231914",
"url": "https://bugzilla.suse.com/1231914"
},
{
"category": "self",
"summary": "SUSE Bug 1231916",
"url": "https://bugzilla.suse.com/1231916"
},
{
"category": "self",
"summary": "SUSE Bug 1231920",
"url": "https://bugzilla.suse.com/1231920"
},
{
"category": "self",
"summary": "SUSE Bug 1231924",
"url": "https://bugzilla.suse.com/1231924"
},
{
"category": "self",
"summary": "SUSE Bug 1231926",
"url": "https://bugzilla.suse.com/1231926"
},
{
"category": "self",
"summary": "SUSE Bug 1231930",
"url": "https://bugzilla.suse.com/1231930"
},
{
"category": "self",
"summary": "SUSE Bug 1231931",
"url": "https://bugzilla.suse.com/1231931"
},
{
"category": "self",
"summary": "SUSE Bug 1231935",
"url": "https://bugzilla.suse.com/1231935"
},
{
"category": "self",
"summary": "SUSE Bug 1231942",
"url": "https://bugzilla.suse.com/1231942"
},
{
"category": "self",
"summary": "SUSE Bug 1231944",
"url": "https://bugzilla.suse.com/1231944"
},
{
"category": "self",
"summary": "SUSE Bug 1231946",
"url": "https://bugzilla.suse.com/1231946"
},
{
"category": "self",
"summary": "SUSE Bug 1231947",
"url": "https://bugzilla.suse.com/1231947"
},
{
"category": "self",
"summary": "SUSE Bug 1231950",
"url": "https://bugzilla.suse.com/1231950"
},
{
"category": "self",
"summary": "SUSE Bug 1231951",
"url": "https://bugzilla.suse.com/1231951"
},
{
"category": "self",
"summary": "SUSE Bug 1231952",
"url": "https://bugzilla.suse.com/1231952"
},
{
"category": "self",
"summary": "SUSE Bug 1231953",
"url": "https://bugzilla.suse.com/1231953"
},
{
"category": "self",
"summary": "SUSE Bug 1231954",
"url": "https://bugzilla.suse.com/1231954"
},
{
"category": "self",
"summary": "SUSE Bug 1231955",
"url": "https://bugzilla.suse.com/1231955"
},
{
"category": "self",
"summary": "SUSE Bug 1231956",
"url": "https://bugzilla.suse.com/1231956"
},
{
"category": "self",
"summary": "SUSE Bug 1231957",
"url": "https://bugzilla.suse.com/1231957"
},
{
"category": "self",
"summary": "SUSE Bug 1231965",
"url": "https://bugzilla.suse.com/1231965"
},
{
"category": "self",
"summary": "SUSE Bug 1231967",
"url": "https://bugzilla.suse.com/1231967"
},
{
"category": "self",
"summary": "SUSE Bug 1231968",
"url": "https://bugzilla.suse.com/1231968"
},
{
"category": "self",
"summary": "SUSE Bug 1231987",
"url": "https://bugzilla.suse.com/1231987"
},
{
"category": "self",
"summary": "SUSE Bug 1231988",
"url": "https://bugzilla.suse.com/1231988"
},
{
"category": "self",
"summary": "SUSE Bug 1231989",
"url": "https://bugzilla.suse.com/1231989"
},
{
"category": "self",
"summary": "SUSE Bug 1231990",
"url": "https://bugzilla.suse.com/1231990"
},
{
"category": "self",
"summary": "SUSE Bug 1231998",
"url": "https://bugzilla.suse.com/1231998"
},
{
"category": "self",
"summary": "SUSE Bug 1232000",
"url": "https://bugzilla.suse.com/1232000"
},
{
"category": "self",
"summary": "SUSE Bug 1232003",
"url": "https://bugzilla.suse.com/1232003"
},
{
"category": "self",
"summary": "SUSE Bug 1232009",
"url": "https://bugzilla.suse.com/1232009"
},
{
"category": "self",
"summary": "SUSE Bug 1232013",
"url": "https://bugzilla.suse.com/1232013"
},
{
"category": "self",
"summary": "SUSE Bug 1232015",
"url": "https://bugzilla.suse.com/1232015"
},
{
"category": "self",
"summary": "SUSE Bug 1232016",
"url": "https://bugzilla.suse.com/1232016"
},
{
"category": "self",
"summary": "SUSE Bug 1232017",
"url": "https://bugzilla.suse.com/1232017"
},
{
"category": "self",
"summary": "SUSE Bug 1232018",
"url": "https://bugzilla.suse.com/1232018"
},
{
"category": "self",
"summary": "SUSE Bug 1232033",
"url": "https://bugzilla.suse.com/1232033"
},
{
"category": "self",
"summary": "SUSE Bug 1232034",
"url": "https://bugzilla.suse.com/1232034"
},
{
"category": "self",
"summary": "SUSE Bug 1232036",
"url": "https://bugzilla.suse.com/1232036"
},
{
"category": "self",
"summary": "SUSE Bug 1232043",
"url": "https://bugzilla.suse.com/1232043"
},
{
"category": "self",
"summary": "SUSE Bug 1232047",
"url": "https://bugzilla.suse.com/1232047"
},
{
"category": "self",
"summary": "SUSE Bug 1232048",
"url": "https://bugzilla.suse.com/1232048"
},
{
"category": "self",
"summary": "SUSE Bug 1232049",
"url": "https://bugzilla.suse.com/1232049"
},
{
"category": "self",
"summary": "SUSE Bug 1232050",
"url": "https://bugzilla.suse.com/1232050"
},
{
"category": "self",
"summary": "SUSE Bug 1232056",
"url": "https://bugzilla.suse.com/1232056"
},
{
"category": "self",
"summary": "SUSE Bug 1232075",
"url": "https://bugzilla.suse.com/1232075"
},
{
"category": "self",
"summary": "SUSE Bug 1232076",
"url": "https://bugzilla.suse.com/1232076"
},
{
"category": "self",
"summary": "SUSE Bug 1232079",
"url": "https://bugzilla.suse.com/1232079"
},
{
"category": "self",
"summary": "SUSE Bug 1232080",
"url": "https://bugzilla.suse.com/1232080"
},
{
"category": "self",
"summary": "SUSE Bug 1232083",
"url": "https://bugzilla.suse.com/1232083"
},
{
"category": "self",
"summary": "SUSE Bug 1232084",
"url": "https://bugzilla.suse.com/1232084"
},
{
"category": "self",
"summary": "SUSE Bug 1232085",
"url": "https://bugzilla.suse.com/1232085"
},
{
"category": "self",
"summary": "SUSE Bug 1232089",
"url": "https://bugzilla.suse.com/1232089"
},
{
"category": "self",
"summary": "SUSE Bug 1232090",
"url": "https://bugzilla.suse.com/1232090"
},
{
"category": "self",
"summary": "SUSE Bug 1232093",
"url": "https://bugzilla.suse.com/1232093"
},
{
"category": "self",
"summary": "SUSE Bug 1232094",
"url": "https://bugzilla.suse.com/1232094"
},
{
"category": "self",
"summary": "SUSE Bug 1232096",
"url": "https://bugzilla.suse.com/1232096"
},
{
"category": "self",
"summary": "SUSE Bug 1232097",
"url": "https://bugzilla.suse.com/1232097"
},
{
"category": "self",
"summary": "SUSE Bug 1232098",
"url": "https://bugzilla.suse.com/1232098"
},
{
"category": "self",
"summary": "SUSE Bug 1232103",
"url": "https://bugzilla.suse.com/1232103"
},
{
"category": "self",
"summary": "SUSE Bug 1232104",
"url": "https://bugzilla.suse.com/1232104"
},
{
"category": "self",
"summary": "SUSE Bug 1232105",
"url": "https://bugzilla.suse.com/1232105"
},
{
"category": "self",
"summary": "SUSE Bug 1232109",
"url": "https://bugzilla.suse.com/1232109"
},
{
"category": "self",
"summary": "SUSE Bug 1232111",
"url": "https://bugzilla.suse.com/1232111"
},
{
"category": "self",
"summary": "SUSE Bug 1232114",
"url": "https://bugzilla.suse.com/1232114"
},
{
"category": "self",
"summary": "SUSE Bug 1232116",
"url": "https://bugzilla.suse.com/1232116"
},
{
"category": "self",
"summary": "SUSE Bug 1232117",
"url": "https://bugzilla.suse.com/1232117"
},
{
"category": "self",
"summary": "SUSE Bug 1232124",
"url": "https://bugzilla.suse.com/1232124"
},
{
"category": "self",
"summary": "SUSE Bug 1232126",
"url": "https://bugzilla.suse.com/1232126"
},
{
"category": "self",
"summary": "SUSE Bug 1232127",
"url": "https://bugzilla.suse.com/1232127"
},
{
"category": "self",
"summary": "SUSE Bug 1232129",
"url": "https://bugzilla.suse.com/1232129"
},
{
"category": "self",
"summary": "SUSE Bug 1232130",
"url": "https://bugzilla.suse.com/1232130"
},
{
"category": "self",
"summary": "SUSE Bug 1232131",
"url": "https://bugzilla.suse.com/1232131"
},
{
"category": "self",
"summary": "SUSE Bug 1232132",
"url": "https://bugzilla.suse.com/1232132"
},
{
"category": "self",
"summary": "SUSE Bug 1232134",
"url": "https://bugzilla.suse.com/1232134"
},
{
"category": "self",
"summary": "SUSE Bug 1232135",
"url": "https://bugzilla.suse.com/1232135"
},
{
"category": "self",
"summary": "SUSE Bug 1232140",
"url": "https://bugzilla.suse.com/1232140"
},
{
"category": "self",
"summary": "SUSE Bug 1232141",
"url": "https://bugzilla.suse.com/1232141"
},
{
"category": "self",
"summary": "SUSE Bug 1232142",
"url": "https://bugzilla.suse.com/1232142"
},
{
"category": "self",
"summary": "SUSE Bug 1232145",
"url": "https://bugzilla.suse.com/1232145"
},
{
"category": "self",
"summary": "SUSE Bug 1232147",
"url": "https://bugzilla.suse.com/1232147"
},
{
"category": "self",
"summary": "SUSE Bug 1232148",
"url": "https://bugzilla.suse.com/1232148"
},
{
"category": "self",
"summary": "SUSE Bug 1232149",
"url": "https://bugzilla.suse.com/1232149"
},
{
"category": "self",
"summary": "SUSE Bug 1232151",
"url": "https://bugzilla.suse.com/1232151"
},
{
"category": "self",
"summary": "SUSE Bug 1232152",
"url": "https://bugzilla.suse.com/1232152"
},
{
"category": "self",
"summary": "SUSE Bug 1232154",
"url": "https://bugzilla.suse.com/1232154"
},
{
"category": "self",
"summary": "SUSE Bug 1232155",
"url": "https://bugzilla.suse.com/1232155"
},
{
"category": "self",
"summary": "SUSE Bug 1232156",
"url": "https://bugzilla.suse.com/1232156"
},
{
"category": "self",
"summary": "SUSE Bug 1232157",
"url": "https://bugzilla.suse.com/1232157"
},
{
"category": "self",
"summary": "SUSE Bug 1232159",
"url": "https://bugzilla.suse.com/1232159"
},
{
"category": "self",
"summary": "SUSE Bug 1232160",
"url": "https://bugzilla.suse.com/1232160"
},
{
"category": "self",
"summary": "SUSE Bug 1232162",
"url": "https://bugzilla.suse.com/1232162"
},
{
"category": "self",
"summary": "SUSE Bug 1232164",
"url": "https://bugzilla.suse.com/1232164"
},
{
"category": "self",
"summary": "SUSE Bug 1232165",
"url": "https://bugzilla.suse.com/1232165"
},
{
"category": "self",
"summary": "SUSE Bug 1232166",
"url": "https://bugzilla.suse.com/1232166"
},
{
"category": "self",
"summary": "SUSE Bug 1232174",
"url": "https://bugzilla.suse.com/1232174"
},
{
"category": "self",
"summary": "SUSE Bug 1232180",
"url": "https://bugzilla.suse.com/1232180"
},
{
"category": "self",
"summary": "SUSE Bug 1232182",
"url": "https://bugzilla.suse.com/1232182"
},
{
"category": "self",
"summary": "SUSE Bug 1232183",
"url": "https://bugzilla.suse.com/1232183"
},
{
"category": "self",
"summary": "SUSE Bug 1232185",
"url": "https://bugzilla.suse.com/1232185"
},
{
"category": "self",
"summary": "SUSE Bug 1232187",
"url": "https://bugzilla.suse.com/1232187"
},
{
"category": "self",
"summary": "SUSE Bug 1232189",
"url": "https://bugzilla.suse.com/1232189"
},
{
"category": "self",
"summary": "SUSE Bug 1232192",
"url": "https://bugzilla.suse.com/1232192"
},
{
"category": "self",
"summary": "SUSE Bug 1232195",
"url": "https://bugzilla.suse.com/1232195"
},
{
"category": "self",
"summary": "SUSE Bug 1232196",
"url": "https://bugzilla.suse.com/1232196"
},
{
"category": "self",
"summary": "SUSE Bug 1232198",
"url": "https://bugzilla.suse.com/1232198"
},
{
"category": "self",
"summary": "SUSE Bug 1232199",
"url": "https://bugzilla.suse.com/1232199"
},
{
"category": "self",
"summary": "SUSE Bug 1232200",
"url": "https://bugzilla.suse.com/1232200"
},
{
"category": "self",
"summary": "SUSE Bug 1232201",
"url": "https://bugzilla.suse.com/1232201"
},
{
"category": "self",
"summary": "SUSE Bug 1232207",
"url": "https://bugzilla.suse.com/1232207"
},
{
"category": "self",
"summary": "SUSE Bug 1232208",
"url": "https://bugzilla.suse.com/1232208"
},
{
"category": "self",
"summary": "SUSE Bug 1232217",
"url": "https://bugzilla.suse.com/1232217"
},
{
"category": "self",
"summary": "SUSE Bug 1232218",
"url": "https://bugzilla.suse.com/1232218"
},
{
"category": "self",
"summary": "SUSE Bug 1232220",
"url": "https://bugzilla.suse.com/1232220"
},
{
"category": "self",
"summary": "SUSE Bug 1232221",
"url": "https://bugzilla.suse.com/1232221"
},
{
"category": "self",
"summary": "SUSE Bug 1232222",
"url": "https://bugzilla.suse.com/1232222"
},
{
"category": "self",
"summary": "SUSE Bug 1232224",
"url": "https://bugzilla.suse.com/1232224"
},
{
"category": "self",
"summary": "SUSE Bug 1232232",
"url": "https://bugzilla.suse.com/1232232"
},
{
"category": "self",
"summary": "SUSE Bug 1232250",
"url": "https://bugzilla.suse.com/1232250"
},
{
"category": "self",
"summary": "SUSE Bug 1232251",
"url": "https://bugzilla.suse.com/1232251"
},
{
"category": "self",
"summary": "SUSE Bug 1232253",
"url": "https://bugzilla.suse.com/1232253"
},
{
"category": "self",
"summary": "SUSE Bug 1232254",
"url": "https://bugzilla.suse.com/1232254"
},
{
"category": "self",
"summary": "SUSE Bug 1232255",
"url": "https://bugzilla.suse.com/1232255"
},
{
"category": "self",
"summary": "SUSE Bug 1232256",
"url": "https://bugzilla.suse.com/1232256"
},
{
"category": "self",
"summary": "SUSE Bug 1232258",
"url": "https://bugzilla.suse.com/1232258"
},
{
"category": "self",
"summary": "SUSE Bug 1232259",
"url": "https://bugzilla.suse.com/1232259"
},
{
"category": "self",
"summary": "SUSE Bug 1232260",
"url": "https://bugzilla.suse.com/1232260"
},
{
"category": "self",
"summary": "SUSE Bug 1232262",
"url": "https://bugzilla.suse.com/1232262"
},
{
"category": "self",
"summary": "SUSE Bug 1232263",
"url": "https://bugzilla.suse.com/1232263"
},
{
"category": "self",
"summary": "SUSE Bug 1232264",
"url": "https://bugzilla.suse.com/1232264"
},
{
"category": "self",
"summary": "SUSE Bug 1232272",
"url": "https://bugzilla.suse.com/1232272"
},
{
"category": "self",
"summary": "SUSE Bug 1232275",
"url": "https://bugzilla.suse.com/1232275"
},
{
"category": "self",
"summary": "SUSE Bug 1232279",
"url": "https://bugzilla.suse.com/1232279"
},
{
"category": "self",
"summary": "SUSE Bug 1232282",
"url": "https://bugzilla.suse.com/1232282"
},
{
"category": "self",
"summary": "SUSE Bug 1232285",
"url": "https://bugzilla.suse.com/1232285"
},
{
"category": "self",
"summary": "SUSE Bug 1232287",
"url": "https://bugzilla.suse.com/1232287"
},
{
"category": "self",
"summary": "SUSE Bug 1232295",
"url": "https://bugzilla.suse.com/1232295"
},
{
"category": "self",
"summary": "SUSE Bug 1232305",
"url": "https://bugzilla.suse.com/1232305"
},
{
"category": "self",
"summary": "SUSE Bug 1232307",
"url": "https://bugzilla.suse.com/1232307"
},
{
"category": "self",
"summary": "SUSE Bug 1232309",
"url": "https://bugzilla.suse.com/1232309"
},
{
"category": "self",
"summary": "SUSE Bug 1232310",
"url": "https://bugzilla.suse.com/1232310"
},
{
"category": "self",
"summary": "SUSE Bug 1232312",
"url": "https://bugzilla.suse.com/1232312"
},
{
"category": "self",
"summary": "SUSE Bug 1232313",
"url": "https://bugzilla.suse.com/1232313"
},
{
"category": "self",
"summary": "SUSE Bug 1232314",
"url": "https://bugzilla.suse.com/1232314"
},
{
"category": "self",
"summary": "SUSE Bug 1232315",
"url": "https://bugzilla.suse.com/1232315"
},
{
"category": "self",
"summary": "SUSE Bug 1232316",
"url": "https://bugzilla.suse.com/1232316"
},
{
"category": "self",
"summary": "SUSE Bug 1232317",
"url": "https://bugzilla.suse.com/1232317"
},
{
"category": "self",
"summary": "SUSE Bug 1232318",
"url": "https://bugzilla.suse.com/1232318"
},
{
"category": "self",
"summary": "SUSE Bug 1232329",
"url": "https://bugzilla.suse.com/1232329"
},
{
"category": "self",
"summary": "SUSE Bug 1232332",
"url": "https://bugzilla.suse.com/1232332"
},
{
"category": "self",
"summary": "SUSE Bug 1232333",
"url": "https://bugzilla.suse.com/1232333"
},
{
"category": "self",
"summary": "SUSE Bug 1232334",
"url": "https://bugzilla.suse.com/1232334"
},
{
"category": "self",
"summary": "SUSE Bug 1232335",
"url": "https://bugzilla.suse.com/1232335"
},
{
"category": "self",
"summary": "SUSE Bug 1232337",
"url": "https://bugzilla.suse.com/1232337"
},
{
"category": "self",
"summary": "SUSE Bug 1232339",
"url": "https://bugzilla.suse.com/1232339"
},
{
"category": "self",
"summary": "SUSE Bug 1232340",
"url": "https://bugzilla.suse.com/1232340"
},
{
"category": "self",
"summary": "SUSE Bug 1232342",
"url": "https://bugzilla.suse.com/1232342"
},
{
"category": "self",
"summary": "SUSE Bug 1232345",
"url": "https://bugzilla.suse.com/1232345"
},
{
"category": "self",
"summary": "SUSE Bug 1232349",
"url": "https://bugzilla.suse.com/1232349"
},
{
"category": "self",
"summary": "SUSE Bug 1232352",
"url": "https://bugzilla.suse.com/1232352"
},
{
"category": "self",
"summary": "SUSE Bug 1232354",
"url": "https://bugzilla.suse.com/1232354"
},
{
"category": "self",
"summary": "SUSE Bug 1232355",
"url": "https://bugzilla.suse.com/1232355"
},
{
"category": "self",
"summary": "SUSE Bug 1232357",
"url": "https://bugzilla.suse.com/1232357"
},
{
"category": "self",
"summary": "SUSE Bug 1232358",
"url": "https://bugzilla.suse.com/1232358"
},
{
"category": "self",
"summary": "SUSE Bug 1232359",
"url": "https://bugzilla.suse.com/1232359"
},
{
"category": "self",
"summary": "SUSE Bug 1232361",
"url": "https://bugzilla.suse.com/1232361"
},
{
"category": "self",
"summary": "SUSE Bug 1232362",
"url": "https://bugzilla.suse.com/1232362"
},
{
"category": "self",
"summary": "SUSE Bug 1232366",
"url": "https://bugzilla.suse.com/1232366"
},
{
"category": "self",
"summary": "SUSE Bug 1232367",
"url": "https://bugzilla.suse.com/1232367"
},
{
"category": "self",
"summary": "SUSE Bug 1232368",
"url": "https://bugzilla.suse.com/1232368"
},
{
"category": "self",
"summary": "SUSE Bug 1232369",
"url": "https://bugzilla.suse.com/1232369"
},
{
"category": "self",
"summary": "SUSE Bug 1232370",
"url": "https://bugzilla.suse.com/1232370"
},
{
"category": "self",
"summary": "SUSE Bug 1232371",
"url": "https://bugzilla.suse.com/1232371"
},
{
"category": "self",
"summary": "SUSE Bug 1232374",
"url": "https://bugzilla.suse.com/1232374"
},
{
"category": "self",
"summary": "SUSE Bug 1232378",
"url": "https://bugzilla.suse.com/1232378"
},
{
"category": "self",
"summary": "SUSE Bug 1232381",
"url": "https://bugzilla.suse.com/1232381"
},
{
"category": "self",
"summary": "SUSE Bug 1232383",
"url": "https://bugzilla.suse.com/1232383"
},
{
"category": "self",
"summary": "SUSE Bug 1232385",
"url": "https://bugzilla.suse.com/1232385"
},
{
"category": "self",
"summary": "SUSE Bug 1232386",
"url": "https://bugzilla.suse.com/1232386"
},
{
"category": "self",
"summary": "SUSE Bug 1232387",
"url": "https://bugzilla.suse.com/1232387"
},
{
"category": "self",
"summary": "SUSE Bug 1232392",
"url": "https://bugzilla.suse.com/1232392"
},
{
"category": "self",
"summary": "SUSE Bug 1232394",
"url": "https://bugzilla.suse.com/1232394"
},
{
"category": "self",
"summary": "SUSE Bug 1232395",
"url": "https://bugzilla.suse.com/1232395"
},
{
"category": "self",
"summary": "SUSE Bug 1232396",
"url": "https://bugzilla.suse.com/1232396"
},
{
"category": "self",
"summary": "SUSE Bug 1232413",
"url": "https://bugzilla.suse.com/1232413"
},
{
"category": "self",
"summary": "SUSE Bug 1232416",
"url": "https://bugzilla.suse.com/1232416"
},
{
"category": "self",
"summary": "SUSE Bug 1232417",
"url": "https://bugzilla.suse.com/1232417"
},
{
"category": "self",
"summary": "SUSE Bug 1232418",
"url": "https://bugzilla.suse.com/1232418"
},
{
"category": "self",
"summary": "SUSE Bug 1232424",
"url": "https://bugzilla.suse.com/1232424"
},
{
"category": "self",
"summary": "SUSE Bug 1232427",
"url": "https://bugzilla.suse.com/1232427"
},
{
"category": "self",
"summary": "SUSE Bug 1232432",
"url": "https://bugzilla.suse.com/1232432"
},
{
"category": "self",
"summary": "SUSE Bug 1232435",
"url": "https://bugzilla.suse.com/1232435"
},
{
"category": "self",
"summary": "SUSE Bug 1232436",
"url": "https://bugzilla.suse.com/1232436"
},
{
"category": "self",
"summary": "SUSE Bug 1232442",
"url": "https://bugzilla.suse.com/1232442"
},
{
"category": "self",
"summary": "SUSE Bug 1232446",
"url": "https://bugzilla.suse.com/1232446"
},
{
"category": "self",
"summary": "SUSE Bug 1232483",
"url": "https://bugzilla.suse.com/1232483"
},
{
"category": "self",
"summary": "SUSE Bug 1232494",
"url": "https://bugzilla.suse.com/1232494"
},
{
"category": "self",
"summary": "SUSE Bug 1232498",
"url": "https://bugzilla.suse.com/1232498"
},
{
"category": "self",
"summary": "SUSE Bug 1232499",
"url": "https://bugzilla.suse.com/1232499"
},
{
"category": "self",
"summary": "SUSE Bug 1232500",
"url": "https://bugzilla.suse.com/1232500"
},
{
"category": "self",
"summary": "SUSE Bug 1232501",
"url": "https://bugzilla.suse.com/1232501"
},
{
"category": "self",
"summary": "SUSE Bug 1232502",
"url": "https://bugzilla.suse.com/1232502"
},
{
"category": "self",
"summary": "SUSE Bug 1232503",
"url": "https://bugzilla.suse.com/1232503"
},
{
"category": "self",
"summary": "SUSE Bug 1232504",
"url": "https://bugzilla.suse.com/1232504"
},
{
"category": "self",
"summary": "SUSE Bug 1232505",
"url": "https://bugzilla.suse.com/1232505"
},
{
"category": "self",
"summary": "SUSE Bug 1232506",
"url": "https://bugzilla.suse.com/1232506"
},
{
"category": "self",
"summary": "SUSE Bug 1232507",
"url": "https://bugzilla.suse.com/1232507"
},
{
"category": "self",
"summary": "SUSE Bug 1232511",
"url": "https://bugzilla.suse.com/1232511"
},
{
"category": "self",
"summary": "SUSE Bug 1232519",
"url": "https://bugzilla.suse.com/1232519"
},
{
"category": "self",
"summary": "SUSE Bug 1232520",
"url": "https://bugzilla.suse.com/1232520"
},
{
"category": "self",
"summary": "SUSE Bug 1232529",
"url": "https://bugzilla.suse.com/1232529"
},
{
"category": "self",
"summary": "SUSE Bug 1232552",
"url": "https://bugzilla.suse.com/1232552"
},
{
"category": "self",
"summary": "SUSE Bug 1232623",
"url": "https://bugzilla.suse.com/1232623"
},
{
"category": "self",
"summary": "SUSE Bug 1232626",
"url": "https://bugzilla.suse.com/1232626"
},
{
"category": "self",
"summary": "SUSE Bug 1232627",
"url": "https://bugzilla.suse.com/1232627"
},
{
"category": "self",
"summary": "SUSE Bug 1232628",
"url": "https://bugzilla.suse.com/1232628"
},
{
"category": "self",
"summary": "SUSE Bug 1232629",
"url": "https://bugzilla.suse.com/1232629"
},
{
"category": "self",
"summary": "SUSE Bug 1232704",
"url": "https://bugzilla.suse.com/1232704"
},
{
"category": "self",
"summary": "SUSE Bug 1232757",
"url": "https://bugzilla.suse.com/1232757"
},
{
"category": "self",
"summary": "SUSE Bug 1232768",
"url": "https://bugzilla.suse.com/1232768"
},
{
"category": "self",
"summary": "SUSE Bug 1232819",
"url": "https://bugzilla.suse.com/1232819"
},
{
"category": "self",
"summary": "SUSE Bug 1232823",
"url": "https://bugzilla.suse.com/1232823"
},
{
"category": "self",
"summary": "SUSE Bug 1232860",
"url": "https://bugzilla.suse.com/1232860"
},
{
"category": "self",
"summary": "SUSE Bug 1232869",
"url": "https://bugzilla.suse.com/1232869"
},
{
"category": "self",
"summary": "SUSE Bug 1232870",
"url": "https://bugzilla.suse.com/1232870"
},
{
"category": "self",
"summary": "SUSE Bug 1232873",
"url": "https://bugzilla.suse.com/1232873"
},
{
"category": "self",
"summary": "SUSE Bug 1232876",
"url": "https://bugzilla.suse.com/1232876"
},
{
"category": "self",
"summary": "SUSE Bug 1232877",
"url": "https://bugzilla.suse.com/1232877"
},
{
"category": "self",
"summary": "SUSE Bug 1232878",
"url": "https://bugzilla.suse.com/1232878"
},
{
"category": "self",
"summary": "SUSE Bug 1232880",
"url": "https://bugzilla.suse.com/1232880"
},
{
"category": "self",
"summary": "SUSE Bug 1232881",
"url": "https://bugzilla.suse.com/1232881"
},
{
"category": "self",
"summary": "SUSE Bug 1232884",
"url": "https://bugzilla.suse.com/1232884"
},
{
"category": "self",
"summary": "SUSE Bug 1232885",
"url": "https://bugzilla.suse.com/1232885"
},
{
"category": "self",
"summary": "SUSE Bug 1232887",
"url": "https://bugzilla.suse.com/1232887"
},
{
"category": "self",
"summary": "SUSE Bug 1232888",
"url": "https://bugzilla.suse.com/1232888"
},
{
"category": "self",
"summary": "SUSE Bug 1232890",
"url": "https://bugzilla.suse.com/1232890"
},
{
"category": "self",
"summary": "SUSE Bug 1232892",
"url": "https://bugzilla.suse.com/1232892"
},
{
"category": "self",
"summary": "SUSE Bug 1232894",
"url": "https://bugzilla.suse.com/1232894"
},
{
"category": "self",
"summary": "SUSE Bug 1232896",
"url": "https://bugzilla.suse.com/1232896"
},
{
"category": "self",
"summary": "SUSE Bug 1232897",
"url": "https://bugzilla.suse.com/1232897"
},
{
"category": "self",
"summary": "SUSE Bug 1232905",
"url": "https://bugzilla.suse.com/1232905"
},
{
"category": "self",
"summary": "SUSE Bug 1232907",
"url": "https://bugzilla.suse.com/1232907"
},
{
"category": "self",
"summary": "SUSE Bug 1232914",
"url": "https://bugzilla.suse.com/1232914"
},
{
"category": "self",
"summary": "SUSE Bug 1232919",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "self",
"summary": "SUSE Bug 1232925",
"url": "https://bugzilla.suse.com/1232925"
},
{
"category": "self",
"summary": "SUSE Bug 1232926",
"url": "https://bugzilla.suse.com/1232926"
},
{
"category": "self",
"summary": "SUSE Bug 1232928",
"url": "https://bugzilla.suse.com/1232928"
},
{
"category": "self",
"summary": "SUSE Bug 1232935",
"url": "https://bugzilla.suse.com/1232935"
},
{
"category": "self",
"summary": "SUSE Bug 1233029",
"url": "https://bugzilla.suse.com/1233029"
},
{
"category": "self",
"summary": "SUSE Bug 1233032",
"url": "https://bugzilla.suse.com/1233032"
},
{
"category": "self",
"summary": "SUSE Bug 1233035",
"url": "https://bugzilla.suse.com/1233035"
},
{
"category": "self",
"summary": "SUSE Bug 1233036",
"url": "https://bugzilla.suse.com/1233036"
},
{
"category": "self",
"summary": "SUSE Bug 1233041",
"url": "https://bugzilla.suse.com/1233041"
},
{
"category": "self",
"summary": "SUSE Bug 1233044",
"url": "https://bugzilla.suse.com/1233044"
},
{
"category": "self",
"summary": "SUSE Bug 1233049",
"url": "https://bugzilla.suse.com/1233049"
},
{
"category": "self",
"summary": "SUSE Bug 1233050",
"url": "https://bugzilla.suse.com/1233050"
},
{
"category": "self",
"summary": "SUSE Bug 1233051",
"url": "https://bugzilla.suse.com/1233051"
},
{
"category": "self",
"summary": "SUSE Bug 1233056",
"url": "https://bugzilla.suse.com/1233056"
},
{
"category": "self",
"summary": "SUSE Bug 1233057",
"url": "https://bugzilla.suse.com/1233057"
},
{
"category": "self",
"summary": "SUSE Bug 1233061",
"url": "https://bugzilla.suse.com/1233061"
},
{
"category": "self",
"summary": "SUSE Bug 1233062",
"url": "https://bugzilla.suse.com/1233062"
},
{
"category": "self",
"summary": "SUSE Bug 1233063",
"url": "https://bugzilla.suse.com/1233063"
},
{
"category": "self",
"summary": "SUSE Bug 1233065",
"url": "https://bugzilla.suse.com/1233065"
},
{
"category": "self",
"summary": "SUSE Bug 1233067",
"url": "https://bugzilla.suse.com/1233067"
},
{
"category": "self",
"summary": "SUSE Bug 1233070",
"url": "https://bugzilla.suse.com/1233070"
},
{
"category": "self",
"summary": "SUSE Bug 1233073",
"url": "https://bugzilla.suse.com/1233073"
},
{
"category": "self",
"summary": "SUSE Bug 1233074",
"url": "https://bugzilla.suse.com/1233074"
},
{
"category": "self",
"summary": "SUSE Bug 1233088",
"url": "https://bugzilla.suse.com/1233088"
},
{
"category": "self",
"summary": "SUSE Bug 1233091",
"url": "https://bugzilla.suse.com/1233091"
},
{
"category": "self",
"summary": "SUSE Bug 1233092",
"url": "https://bugzilla.suse.com/1233092"
},
{
"category": "self",
"summary": "SUSE Bug 1233097",
"url": "https://bugzilla.suse.com/1233097"
},
{
"category": "self",
"summary": "SUSE Bug 1233100",
"url": "https://bugzilla.suse.com/1233100"
},
{
"category": "self",
"summary": "SUSE Bug 1233103",
"url": "https://bugzilla.suse.com/1233103"
},
{
"category": "self",
"summary": "SUSE Bug 1233104",
"url": "https://bugzilla.suse.com/1233104"
},
{
"category": "self",
"summary": "SUSE Bug 1233105",
"url": "https://bugzilla.suse.com/1233105"
},
{
"category": "self",
"summary": "SUSE Bug 1233106",
"url": "https://bugzilla.suse.com/1233106"
},
{
"category": "self",
"summary": "SUSE Bug 1233107",
"url": "https://bugzilla.suse.com/1233107"
},
{
"category": "self",
"summary": "SUSE Bug 1233108",
"url": "https://bugzilla.suse.com/1233108"
},
{
"category": "self",
"summary": "SUSE Bug 1233110",
"url": "https://bugzilla.suse.com/1233110"
},
{
"category": "self",
"summary": "SUSE Bug 1233111",
"url": "https://bugzilla.suse.com/1233111"
},
{
"category": "self",
"summary": "SUSE Bug 1233113",
"url": "https://bugzilla.suse.com/1233113"
},
{
"category": "self",
"summary": "SUSE Bug 1233114",
"url": "https://bugzilla.suse.com/1233114"
},
{
"category": "self",
"summary": "SUSE Bug 1233115",
"url": "https://bugzilla.suse.com/1233115"
},
{
"category": "self",
"summary": "SUSE Bug 1233117",
"url": "https://bugzilla.suse.com/1233117"
},
{
"category": "self",
"summary": "SUSE Bug 1233119",
"url": "https://bugzilla.suse.com/1233119"
},
{
"category": "self",
"summary": "SUSE Bug 1233123",
"url": "https://bugzilla.suse.com/1233123"
},
{
"category": "self",
"summary": "SUSE Bug 1233125",
"url": "https://bugzilla.suse.com/1233125"
},
{
"category": "self",
"summary": "SUSE Bug 1233127",
"url": "https://bugzilla.suse.com/1233127"
},
{
"category": "self",
"summary": "SUSE Bug 1233129",
"url": "https://bugzilla.suse.com/1233129"
},
{
"category": "self",
"summary": "SUSE Bug 1233130",
"url": "https://bugzilla.suse.com/1233130"
},
{
"category": "self",
"summary": "SUSE Bug 1233132",
"url": "https://bugzilla.suse.com/1233132"
},
{
"category": "self",
"summary": "SUSE Bug 1233135",
"url": "https://bugzilla.suse.com/1233135"
},
{
"category": "self",
"summary": "SUSE Bug 1233176",
"url": "https://bugzilla.suse.com/1233176"
},
{
"category": "self",
"summary": "SUSE Bug 1233179",
"url": "https://bugzilla.suse.com/1233179"
},
{
"category": "self",
"summary": "SUSE Bug 1233185",
"url": "https://bugzilla.suse.com/1233185"
},
{
"category": "self",
"summary": "SUSE Bug 1233188",
"url": "https://bugzilla.suse.com/1233188"
},
{
"category": "self",
"summary": "SUSE Bug 1233189",
"url": "https://bugzilla.suse.com/1233189"
},
{
"category": "self",
"summary": "SUSE Bug 1233191",
"url": "https://bugzilla.suse.com/1233191"
},
{
"category": "self",
"summary": "SUSE Bug 1233193",
"url": "https://bugzilla.suse.com/1233193"
},
{
"category": "self",
"summary": "SUSE Bug 1233197",
"url": "https://bugzilla.suse.com/1233197"
},
{
"category": "self",
"summary": "SUSE Bug 1233201",
"url": "https://bugzilla.suse.com/1233201"
},
{
"category": "self",
"summary": "SUSE Bug 1233203",
"url": "https://bugzilla.suse.com/1233203"
},
{
"category": "self",
"summary": "SUSE Bug 1233204",
"url": "https://bugzilla.suse.com/1233204"
},
{
"category": "self",
"summary": "SUSE Bug 1233205",
"url": "https://bugzilla.suse.com/1233205"
},
{
"category": "self",
"summary": "SUSE Bug 1233206",
"url": "https://bugzilla.suse.com/1233206"
},
{
"category": "self",
"summary": "SUSE Bug 1233207",
"url": "https://bugzilla.suse.com/1233207"
},
{
"category": "self",
"summary": "SUSE Bug 1233208",
"url": "https://bugzilla.suse.com/1233208"
},
{
"category": "self",
"summary": "SUSE Bug 1233209",
"url": "https://bugzilla.suse.com/1233209"
},
{
"category": "self",
"summary": "SUSE Bug 1233210",
"url": "https://bugzilla.suse.com/1233210"
},
{
"category": "self",
"summary": "SUSE Bug 1233211",
"url": "https://bugzilla.suse.com/1233211"
},
{
"category": "self",
"summary": "SUSE Bug 1233212",
"url": "https://bugzilla.suse.com/1233212"
},
{
"category": "self",
"summary": "SUSE Bug 1233216",
"url": "https://bugzilla.suse.com/1233216"
},
{
"category": "self",
"summary": "SUSE Bug 1233217",
"url": "https://bugzilla.suse.com/1233217"
},
{
"category": "self",
"summary": "SUSE Bug 1233219",
"url": "https://bugzilla.suse.com/1233219"
},
{
"category": "self",
"summary": "SUSE Bug 1233226",
"url": "https://bugzilla.suse.com/1233226"
},
{
"category": "self",
"summary": "SUSE Bug 1233238",
"url": "https://bugzilla.suse.com/1233238"
},
{
"category": "self",
"summary": "SUSE Bug 1233241",
"url": "https://bugzilla.suse.com/1233241"
},
{
"category": "self",
"summary": "SUSE Bug 1233244",
"url": "https://bugzilla.suse.com/1233244"
},
{
"category": "self",
"summary": "SUSE Bug 1233253",
"url": "https://bugzilla.suse.com/1233253"
},
{
"category": "self",
"summary": "SUSE Bug 1233255",
"url": "https://bugzilla.suse.com/1233255"
},
{
"category": "self",
"summary": "SUSE Bug 1233293",
"url": "https://bugzilla.suse.com/1233293"
},
{
"category": "self",
"summary": "SUSE Bug 1233298",
"url": "https://bugzilla.suse.com/1233298"
},
{
"category": "self",
"summary": "SUSE Bug 1233305",
"url": "https://bugzilla.suse.com/1233305"
},
{
"category": "self",
"summary": "SUSE Bug 1233320",
"url": "https://bugzilla.suse.com/1233320"
},
{
"category": "self",
"summary": "SUSE Bug 1233350",
"url": "https://bugzilla.suse.com/1233350"
},
{
"category": "self",
"summary": "SUSE Bug 1233443",
"url": "https://bugzilla.suse.com/1233443"
},
{
"category": "self",
"summary": "SUSE Bug 1233452",
"url": "https://bugzilla.suse.com/1233452"
},
{
"category": "self",
"summary": "SUSE Bug 1233453",
"url": "https://bugzilla.suse.com/1233453"
},
{
"category": "self",
"summary": "SUSE Bug 1233454",
"url": "https://bugzilla.suse.com/1233454"
},
{
"category": "self",
"summary": "SUSE Bug 1233456",
"url": "https://bugzilla.suse.com/1233456"
},
{
"category": "self",
"summary": "SUSE Bug 1233457",
"url": "https://bugzilla.suse.com/1233457"
},
{
"category": "self",
"summary": "SUSE Bug 1233458",
"url": "https://bugzilla.suse.com/1233458"
},
{
"category": "self",
"summary": "SUSE Bug 1233460",
"url": "https://bugzilla.suse.com/1233460"
},
{
"category": "self",
"summary": "SUSE Bug 1233462",
"url": "https://bugzilla.suse.com/1233462"
},
{
"category": "self",
"summary": "SUSE Bug 1233463",
"url": "https://bugzilla.suse.com/1233463"
},
{
"category": "self",
"summary": "SUSE Bug 1233464",
"url": "https://bugzilla.suse.com/1233464"
},
{
"category": "self",
"summary": "SUSE Bug 1233465",
"url": "https://bugzilla.suse.com/1233465"
},
{
"category": "self",
"summary": "SUSE Bug 1233468",
"url": "https://bugzilla.suse.com/1233468"
},
{
"category": "self",
"summary": "SUSE Bug 1233471",
"url": "https://bugzilla.suse.com/1233471"
},
{
"category": "self",
"summary": "SUSE Bug 1233476",
"url": "https://bugzilla.suse.com/1233476"
},
{
"category": "self",
"summary": "SUSE Bug 1233478",
"url": "https://bugzilla.suse.com/1233478"
},
{
"category": "self",
"summary": "SUSE Bug 1233479",
"url": "https://bugzilla.suse.com/1233479"
},
{
"category": "self",
"summary": "SUSE Bug 1233481",
"url": "https://bugzilla.suse.com/1233481"
},
{
"category": "self",
"summary": "SUSE Bug 1233484",
"url": "https://bugzilla.suse.com/1233484"
},
{
"category": "self",
"summary": "SUSE Bug 1233485",
"url": "https://bugzilla.suse.com/1233485"
},
{
"category": "self",
"summary": "SUSE Bug 1233487",
"url": "https://bugzilla.suse.com/1233487"
},
{
"category": "self",
"summary": "SUSE Bug 1233490",
"url": "https://bugzilla.suse.com/1233490"
},
{
"category": "self",
"summary": "SUSE Bug 1233491",
"url": "https://bugzilla.suse.com/1233491"
},
{
"category": "self",
"summary": "SUSE Bug 1233523",
"url": "https://bugzilla.suse.com/1233523"
},
{
"category": "self",
"summary": "SUSE Bug 1233524",
"url": "https://bugzilla.suse.com/1233524"
},
{
"category": "self",
"summary": "SUSE Bug 1233540",
"url": "https://bugzilla.suse.com/1233540"
},
{
"category": "self",
"summary": "SUSE Bug 1233547",
"url": "https://bugzilla.suse.com/1233547"
},
{
"category": "self",
"summary": "SUSE Bug 1233548",
"url": "https://bugzilla.suse.com/1233548"
},
{
"category": "self",
"summary": "SUSE Bug 1233550",
"url": "https://bugzilla.suse.com/1233550"
},
{
"category": "self",
"summary": "SUSE Bug 1233552",
"url": "https://bugzilla.suse.com/1233552"
},
{
"category": "self",
"summary": "SUSE Bug 1233553",
"url": "https://bugzilla.suse.com/1233553"
},
{
"category": "self",
"summary": "SUSE Bug 1233554",
"url": "https://bugzilla.suse.com/1233554"
},
{
"category": "self",
"summary": "SUSE Bug 1233555",
"url": "https://bugzilla.suse.com/1233555"
},
{
"category": "self",
"summary": "SUSE Bug 1233557",
"url": "https://bugzilla.suse.com/1233557"
},
{
"category": "self",
"summary": "SUSE Bug 1233560",
"url": "https://bugzilla.suse.com/1233560"
},
{
"category": "self",
"summary": "SUSE Bug 1233561",
"url": "https://bugzilla.suse.com/1233561"
},
{
"category": "self",
"summary": "SUSE Bug 1233564",
"url": "https://bugzilla.suse.com/1233564"
},
{
"category": "self",
"summary": "SUSE Bug 1233566",
"url": "https://bugzilla.suse.com/1233566"
},
{
"category": "self",
"summary": "SUSE Bug 1233567",
"url": "https://bugzilla.suse.com/1233567"
},
{
"category": "self",
"summary": "SUSE Bug 1233568",
"url": "https://bugzilla.suse.com/1233568"
},
{
"category": "self",
"summary": "SUSE Bug 1233570",
"url": "https://bugzilla.suse.com/1233570"
},
{
"category": "self",
"summary": "SUSE Bug 1233572",
"url": "https://bugzilla.suse.com/1233572"
},
{
"category": "self",
"summary": "SUSE Bug 1233573",
"url": "https://bugzilla.suse.com/1233573"
},
{
"category": "self",
"summary": "SUSE Bug 1233577",
"url": "https://bugzilla.suse.com/1233577"
},
{
"category": "self",
"summary": "SUSE Bug 1233580",
"url": "https://bugzilla.suse.com/1233580"
},
{
"category": "self",
"summary": "SUSE Bug 1233640",
"url": "https://bugzilla.suse.com/1233640"
},
{
"category": "self",
"summary": "SUSE Bug 1233641",
"url": "https://bugzilla.suse.com/1233641"
},
{
"category": "self",
"summary": "SUSE Bug 1233642",
"url": "https://bugzilla.suse.com/1233642"
},
{
"category": "self",
"summary": "SUSE Bug 1233721",
"url": "https://bugzilla.suse.com/1233721"
},
{
"category": "self",
"summary": "SUSE Bug 1233754",
"url": "https://bugzilla.suse.com/1233754"
},
{
"category": "self",
"summary": "SUSE Bug 1233756",
"url": "https://bugzilla.suse.com/1233756"
},
{
"category": "self",
"summary": "SUSE Bug 1233769",
"url": "https://bugzilla.suse.com/1233769"
},
{
"category": "self",
"summary": "SUSE Bug 1233771",
"url": "https://bugzilla.suse.com/1233771"
},
{
"category": "self",
"summary": "SUSE Bug 1233977",
"url": "https://bugzilla.suse.com/1233977"
},
{
"category": "self",
"summary": "SUSE Bug 1234009",
"url": "https://bugzilla.suse.com/1234009"
},
{
"category": "self",
"summary": "SUSE Bug 1234011",
"url": "https://bugzilla.suse.com/1234011"
},
{
"category": "self",
"summary": "SUSE Bug 1234012",
"url": "https://bugzilla.suse.com/1234012"
},
{
"category": "self",
"summary": "SUSE Bug 1234025",
"url": "https://bugzilla.suse.com/1234025"
},
{
"category": "self",
"summary": "SUSE Bug 1234039",
"url": "https://bugzilla.suse.com/1234039"
},
{
"category": "self",
"summary": "SUSE Bug 1234040",
"url": "https://bugzilla.suse.com/1234040"
},
{
"category": "self",
"summary": "SUSE Bug 1234041",
"url": "https://bugzilla.suse.com/1234041"
},
{
"category": "self",
"summary": "SUSE Bug 1234042",
"url": "https://bugzilla.suse.com/1234042"
},
{
"category": "self",
"summary": "SUSE Bug 1234043",
"url": "https://bugzilla.suse.com/1234043"
},
{
"category": "self",
"summary": "SUSE Bug 1234044",
"url": "https://bugzilla.suse.com/1234044"
},
{
"category": "self",
"summary": "SUSE Bug 1234045",
"url": "https://bugzilla.suse.com/1234045"
},
{
"category": "self",
"summary": "SUSE Bug 1234046",
"url": "https://bugzilla.suse.com/1234046"
},
{
"category": "self",
"summary": "SUSE Bug 1234072",
"url": "https://bugzilla.suse.com/1234072"
},
{
"category": "self",
"summary": "SUSE Bug 1234078",
"url": "https://bugzilla.suse.com/1234078"
},
{
"category": "self",
"summary": "SUSE Bug 1234081",
"url": "https://bugzilla.suse.com/1234081"
},
{
"category": "self",
"summary": "SUSE Bug 1234083",
"url": "https://bugzilla.suse.com/1234083"
},
{
"category": "self",
"summary": "SUSE Bug 1234085",
"url": "https://bugzilla.suse.com/1234085"
},
{
"category": "self",
"summary": "SUSE Bug 1234087",
"url": "https://bugzilla.suse.com/1234087"
},
{
"category": "self",
"summary": "SUSE Bug 1234093",
"url": "https://bugzilla.suse.com/1234093"
},
{
"category": "self",
"summary": "SUSE Bug 1234098",
"url": "https://bugzilla.suse.com/1234098"
},
{
"category": "self",
"summary": "SUSE Bug 1234108",
"url": "https://bugzilla.suse.com/1234108"
},
{
"category": "self",
"summary": "SUSE Bug 1234121",
"url": "https://bugzilla.suse.com/1234121"
},
{
"category": "self",
"summary": "SUSE Bug 1234223",
"url": "https://bugzilla.suse.com/1234223"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52766 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52766/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52778 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52778/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52800 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52800/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52881 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52917 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52917/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52918 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52918/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52919 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52919/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52920 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52920/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52921 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52921/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52922 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52922/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-6270 page",
"url": "https://www.suse.com/security/cve/CVE-2023-6270/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26596 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26596/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26703 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26741 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26741/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26758 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26758/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26761 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26761/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26767 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26767/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26782 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26864 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26943 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26943/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26953 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26953/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27017 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27017/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27026 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27026/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27043 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27043/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27407 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27407/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35888 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35888/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35980 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36000 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36000/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36031 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36031/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36244 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36244/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36484 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36484/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36883 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36883/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36886 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36886/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36905 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36920 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36920/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36927 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36927/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36954 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36954/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36968 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36968/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38576 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38576/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38577 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38577/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38589 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38589/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38599 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38599/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40914 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41016 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41016/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41023 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41023/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41031 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41031/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41047 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41047/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41082 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41082/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42102 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42102/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42145 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42145/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44932 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44932/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44958 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44958/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44964 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44964/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44995 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44995/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45016 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45016/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45025 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45025/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46678 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46678/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46680 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46681 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46721 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46721/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46754 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46765 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46765/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46766 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46766/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46770 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46770/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46775 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46775/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46777 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46777/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46788 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46788/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46797 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46800 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46800/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46802 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46802/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46803 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46803/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46804 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46804/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46805 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46805/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46806 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46806/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46807 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46807/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46809 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46809/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46810 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46811 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46811/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46812 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46812/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46813 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46814 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46815 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46815/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46816 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46816/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46817 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46817/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46818 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46818/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46819 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46819/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46821 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46825 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46825/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46826 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46826/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46827 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46828 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46830 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46831 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46834 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46835 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46836 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46836/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46840 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46840/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46841 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46841/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46842 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46842/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46843 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46843/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46845 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46845/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46846 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46846/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46848 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46848/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46849 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46849/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46851 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46851/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46852 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46852/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46853 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46853/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46854 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46854/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46855 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46855/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46857 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46857/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46859 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46859/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46860 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46860/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46861 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46864 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46870 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46871 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46871/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47658 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47658/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47660 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47660/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47661 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47661/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47662 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47662/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47663 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47663/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47664 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47664/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47665 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47665/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47666 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47666/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47667 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47667/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47668 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47669 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47669/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47670 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47671 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47671/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47672 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47672/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47673 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47674 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47674/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47675 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47675/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47679 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47679/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47681 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47682 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47682/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47684 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47684/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47685 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47685/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47686 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47686/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47687 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47688 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47688/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47692 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47692/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47693 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47695 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47695/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47696 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47696/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47697 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47698 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47698/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47699 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47701 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47702 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47703 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47704 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47704/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47705 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47705/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47706 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47706/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47707 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47707/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47709 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47709/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47710 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47710/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47712 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47712/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47713 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47714 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47715 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47718 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47719 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47720 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47720/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47723 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47727 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47728 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47730 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47730/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47731 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47731/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47732 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47735 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47737 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47737/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47738 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47739 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47741 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47741/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47742 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47742/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47743 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47743/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47744 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47744/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47745 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47745/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47747 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47747/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47748 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47748/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47749 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47749/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47750 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47750/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47751 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47751/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47752 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47753 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47754 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47756 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47756/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47757 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47757/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49850 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49850/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49851 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49851/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49852 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49852/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49853 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49853/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49855 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49855/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49858 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49860 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49860/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49861 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49862 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49862/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49863 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49863/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49864 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49866 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49866/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49867 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49867/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49868 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49868/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49870 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49871 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49871/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49874 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49875 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49877 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49877/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49878 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49878/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49879 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49879/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49881 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49882 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49882/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49883 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49883/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49884 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49886 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49886/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49888 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49888/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49890 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49891 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49891/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49892 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49892/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49894 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49894/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49895 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49895/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49896 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49896/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49897 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49897/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49898 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49898/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49899 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49899/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49900 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49900/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49901 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49901/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49902 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49902/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49903 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49903/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49905 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49906 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49906/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49907 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49907/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49908 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49908/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49909 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49909/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49911 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49912 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49912/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49913 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49914 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49917 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49917/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49918 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49918/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49919 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49919/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49920 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49920/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49921 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49921/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49922 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49922/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49923 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49923/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49925 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49925/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49928 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49928/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49929 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49929/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49930 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49930/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49931 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49931/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49933 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49933/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49934 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49935 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49935/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49936 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49936/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49937 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49937/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49938 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49938/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49939 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49939/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49944 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49944/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49945 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49945/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49946 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49946/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49947 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49949 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49949/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49950 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49950/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49952 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49952/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49953 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49953/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49954 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49954/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49955 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49955/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49957 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49957/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49958 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49958/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49959 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49959/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49960 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49960/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49961 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49961/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49962 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49962/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49963 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49963/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49965 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49965/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49966 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49966/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49967 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49967/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49968 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49968/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49969 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49969/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49972 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49972/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49973 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49973/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49974 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49975 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49975/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49976 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49976/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49981 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49981/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49982 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49982/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49983 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49983/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49985 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49985/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49986 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49986/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49987 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49987/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49989 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49989/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49991 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49991/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49993 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49993/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49995 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49995/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49996 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50000 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50000/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50001 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50001/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50002 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50002/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50003 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50003/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50004 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50004/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50006 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50006/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50007 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50007/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50008 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50008/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50009 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50012 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50012/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50013 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50014 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50014/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50015 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50015/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50017 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50017/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50019 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50019/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50020 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50020/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50021 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50021/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50022 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50022/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50023 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50023/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50024 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50024/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50025 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50025/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50026 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50026/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50027 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50027/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50028 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50028/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50031 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50031/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50033 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50033/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50035 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50035/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50040 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50040/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50041 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50041/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50042 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50042/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50044 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50044/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50045 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50045/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50046 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50046/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50047 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50047/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50048 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50048/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50049 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50049/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50055 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50058 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50059 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50059/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50060 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50061 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50062 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50062/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50063 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50064 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50064/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50067 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50067/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50069 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50069/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50073 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50073/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50074 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50074/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50075 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50075/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50076 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50077 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50077/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50078 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50080 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50081 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50081/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50082 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50082/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50084 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50084/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50087 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50087/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50088 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50089 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50089/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50093 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50093/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50095 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50095/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50096 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50098 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50098/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50099 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50099/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50100 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50100/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50101 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50101/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50102 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50102/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50103 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50103/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50108 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50108/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50110 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50110/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50115 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50116 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50116/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50117 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50117/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50121 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50121/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50124 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50124/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50125 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50127 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50127/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50128 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50128/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50130 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50130/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50131 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50131/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50134 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50134/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50135 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50136 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50138 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50138/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50139 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50139/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50141 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50141/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50145 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50145/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50146 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50146/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50147 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50147/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50148 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50148/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50150 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50150/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50153 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50153/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50154 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50155 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50155/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50156 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50156/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50157 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50157/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50158 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50158/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50159 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50160 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50160/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50166 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50166/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50167 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50167/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50169 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50169/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50171 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50171/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50172 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50172/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50175 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50175/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50176 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50176/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50177 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50179 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50179/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50180 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50180/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50181 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50182 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50182/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50183 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50183/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50184 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50184/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50186 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50187 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50187/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50188 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50188/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50189 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50189/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50192 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50192/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50194 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50194/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50195 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50195/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50196 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50196/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50198 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50198/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50200 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50200/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50201 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50201/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50205 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50205/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50208 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50208/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50209 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50209/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50210 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50210/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50215 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50215/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50216 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50216/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50218 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50218/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50221 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50221/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50224/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50225 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50225/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50228 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50228/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50229 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50229/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50230 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50230/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50231 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50231/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50232 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50232/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50233 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50233/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50234 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50234/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50235 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50235/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50236 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50236/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50237 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50237/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50240 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50240/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50245 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50245/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50246 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50246/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50248 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50248/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50249 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50249/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50250 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50250/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50252 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50252/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50255 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50255/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50257 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50257/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50261 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50261/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50264 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50264/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50265 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50265/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50267 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50267/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50268 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50268/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50269 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50269/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50271 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50271/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50273 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50273/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50274 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50274/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50275 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50275/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50276 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50276/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50279 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50279/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50282 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50282/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50287 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50287/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50289 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50289/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50290 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50290/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50292 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50292/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50295 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50295/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50296 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50296/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50298 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50298/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50301 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50301/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50302 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50302/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53042 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53042/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53043 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53043/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53045 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53045/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53048 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53048/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53051 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53052 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53055 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53056 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53058 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53059 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53059/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53060 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53061 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53063 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53066 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53066/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53068 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53072 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53072/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53074 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53074/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53076 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53079 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53081 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53081/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53082 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53082/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53085 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53088 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53093 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53093/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53094 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53094/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53095 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53095/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53096 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53100 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53100/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53101 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53101/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53104 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53104/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53106 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53106/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53108 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53108/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53110 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53110/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53112 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53112/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53114 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53114/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53121 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53121/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53138 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53138/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-03-27T14:05:14Z",
"generator": {
"date": "2025-03-27T14:05:14Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20247-1",
"initial_release_date": "2025-03-27T14:05:14Z",
"revision_history": [
{
"date": "2025-03-27T14:05:14Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-24.1.aarch64",
"product": {
"name": "kernel-default-6.4.0-24.1.aarch64",
"product_id": "kernel-default-6.4.0-24.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.4.0-24.1.21.4.aarch64",
"product": {
"name": "kernel-default-base-6.4.0-24.1.21.4.aarch64",
"product_id": "kernel-default-base-6.4.0-24.1.21.4.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.4.0-24.1.aarch64",
"product": {
"name": "kernel-default-devel-6.4.0-24.1.aarch64",
"product_id": "kernel-default-devel-6.4.0-24.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-6.4.0-24.1.noarch",
"product": {
"name": "kernel-devel-6.4.0-24.1.noarch",
"product_id": "kernel-devel-6.4.0-24.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-macros-6.4.0-24.1.noarch",
"product": {
"name": "kernel-macros-6.4.0-24.1.noarch",
"product_id": "kernel-macros-6.4.0-24.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-6.4.0-24.1.noarch",
"product": {
"name": "kernel-source-6.4.0-24.1.noarch",
"product_id": "kernel-source-6.4.0-24.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-24.1.ppc64le",
"product": {
"name": "kernel-default-6.4.0-24.1.ppc64le",
"product_id": "kernel-default-6.4.0-24.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"product": {
"name": "kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"product_id": "kernel-default-base-6.4.0-24.1.21.4.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.4.0-24.1.ppc64le",
"product": {
"name": "kernel-default-devel-6.4.0-24.1.ppc64le",
"product_id": "kernel-default-devel-6.4.0-24.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-24.1.s390x",
"product": {
"name": "kernel-default-6.4.0-24.1.s390x",
"product_id": "kernel-default-6.4.0-24.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.4.0-24.1.s390x",
"product": {
"name": "kernel-default-devel-6.4.0-24.1.s390x",
"product_id": "kernel-default-devel-6.4.0-24.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.4.0-24.1.s390x",
"product": {
"name": "kernel-default-livepatch-6.4.0-24.1.s390x",
"product_id": "kernel-default-livepatch-6.4.0-24.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"product_id": "kernel-livepatch-6_4_0-24-default-1-1.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-24.1.x86_64",
"product": {
"name": "kernel-default-6.4.0-24.1.x86_64",
"product_id": "kernel-default-6.4.0-24.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.4.0-24.1.21.4.x86_64",
"product": {
"name": "kernel-default-base-6.4.0-24.1.21.4.x86_64",
"product_id": "kernel-default-base-6.4.0-24.1.21.4.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.4.0-24.1.x86_64",
"product": {
"name": "kernel-default-devel-6.4.0-24.1.x86_64",
"product_id": "kernel-default-devel-6.4.0-24.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.4.0-24.1.x86_64",
"product": {
"name": "kernel-default-livepatch-6.4.0-24.1.x86_64",
"product_id": "kernel-default-livepatch-6.4.0-24.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-6.4.0-24.1.x86_64",
"product": {
"name": "kernel-kvmsmall-6.4.0-24.1.x86_64",
"product_id": "kernel-kvmsmall-6.4.0-24.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"product_id": "kernel-livepatch-6_4_0-24-default-1-1.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-24.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64"
},
"product_reference": "kernel-default-6.4.0-24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-24.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le"
},
"product_reference": "kernel-default-6.4.0-24.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-24.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x"
},
"product_reference": "kernel-default-6.4.0-24.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-24.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64"
},
"product_reference": "kernel-default-6.4.0-24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-24.1.21.4.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64"
},
"product_reference": "kernel-default-base-6.4.0-24.1.21.4.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-24.1.21.4.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le"
},
"product_reference": "kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-24.1.21.4.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64"
},
"product_reference": "kernel-default-base-6.4.0-24.1.21.4.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-24.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64"
},
"product_reference": "kernel-default-devel-6.4.0-24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-24.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le"
},
"product_reference": "kernel-default-devel-6.4.0-24.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-24.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x"
},
"product_reference": "kernel-default-devel-6.4.0-24.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-24.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64"
},
"product_reference": "kernel-default-devel-6.4.0-24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-24.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x"
},
"product_reference": "kernel-default-livepatch-6.4.0-24.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-24.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64"
},
"product_reference": "kernel-default-livepatch-6.4.0-24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-6.4.0-24.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch"
},
"product_reference": "kernel-devel-6.4.0-24.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-6.4.0-24.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64"
},
"product_reference": "kernel-kvmsmall-6.4.0-24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-24-default-1-1.2.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-24-default-1-1.2.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-6.4.0-24.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch"
},
"product_reference": "kernel-macros-6.4.0-24.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-6.4.0-24.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
},
"product_reference": "kernel-source-6.4.0-24.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-52766",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52766"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler\n\nDo not loop over ring headers in hci_dma_irq_handler() that are not\nallocated and enabled in hci_dma_init(). Otherwise out of bounds access\nwill occur from rings-\u003eheaders[i] access when i \u003e= number of allocated\nring headers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52766",
"url": "https://www.suse.com/security/cve/CVE-2023-52766"
},
{
"category": "external",
"summary": "SUSE Bug 1230620 for CVE-2023-52766",
"url": "https://bugzilla.suse.com/1230620"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-52766"
},
{
"cve": "CVE-2023-52778",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52778"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: deal with large GSO size\n\nAfter the blamed commit below, the TCP sockets (and the MPTCP subflows)\ncan build egress packets larger than 64K. That exceeds the maximum DSS\ndata size, the length being misrepresent on the wire and the stream being\ncorrupted, as later observed on the receiver:\n\n WARNING: CPU: 0 PID: 9696 at net/mptcp/protocol.c:705 __mptcp_move_skbs_from_subflow+0x2604/0x26e0\n CPU: 0 PID: 9696 Comm: syz-executor.7 Not tainted 6.6.0-rc5-gcd8bdf563d46 #45\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014\n netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4\u0027.\n RIP: 0010:__mptcp_move_skbs_from_subflow+0x2604/0x26e0 net/mptcp/protocol.c:705\n RSP: 0018:ffffc90000006e80 EFLAGS: 00010246\n RAX: ffffffff83e9f674 RBX: ffff88802f45d870 RCX: ffff888102ad0000\n netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4\u0027.\n RDX: 0000000080000303 RSI: 0000000000013908 RDI: 0000000000003908\n RBP: ffffc90000007110 R08: ffffffff83e9e078 R09: 1ffff1100e548c8a\n R10: dffffc0000000000 R11: ffffed100e548c8b R12: 0000000000013908\n R13: dffffc0000000000 R14: 0000000000003908 R15: 000000000031cf29\n FS: 00007f239c47e700(0000) GS:ffff88811b200000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f239c45cd78 CR3: 000000006a66c006 CR4: 0000000000770ef0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600\n PKRU: 55555554\n Call Trace:\n \u003cIRQ\u003e\n mptcp_data_ready+0x263/0xac0 net/mptcp/protocol.c:819\n subflow_data_ready+0x268/0x6d0 net/mptcp/subflow.c:1409\n tcp_data_queue+0x21a1/0x7a60 net/ipv4/tcp_input.c:5151\n tcp_rcv_established+0x950/0x1d90 net/ipv4/tcp_input.c:6098\n tcp_v6_do_rcv+0x554/0x12f0 net/ipv6/tcp_ipv6.c:1483\n tcp_v6_rcv+0x2e26/0x3810 net/ipv6/tcp_ipv6.c:1749\n ip6_protocol_deliver_rcu+0xd6b/0x1ae0 net/ipv6/ip6_input.c:438\n ip6_input+0x1c5/0x470 net/ipv6/ip6_input.c:483\n ipv6_rcv+0xef/0x2c0 include/linux/netfilter.h:304\n __netif_receive_skb+0x1ea/0x6a0 net/core/dev.c:5532\n process_backlog+0x353/0x660 net/core/dev.c:5974\n __napi_poll+0xc6/0x5a0 net/core/dev.c:6536\n net_rx_action+0x6a0/0xfd0 net/core/dev.c:6603\n __do_softirq+0x184/0x524 kernel/softirq.c:553\n do_softirq+0xdd/0x130 kernel/softirq.c:454\n\nAddress the issue explicitly bounding the maximum GSO size to what MPTCP\nactually allows.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52778",
"url": "https://www.suse.com/security/cve/CVE-2023-52778"
},
{
"category": "external",
"summary": "SUSE Bug 1224948 for CVE-2023-52778",
"url": "https://bugzilla.suse.com/1224948"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-52778"
},
{
"cve": "CVE-2023-52800",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52800"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix htt pktlog locking\n\nThe ath11k active pdevs are protected by RCU but the htt pktlog handling\ncode calling ath11k_mac_get_ar_by_pdev_id() was not marked as a\nread-side critical section.\n\nMark the code in question as an RCU read-side critical section to avoid\nany potential use-after-free issues.\n\nCompile tested only.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52800",
"url": "https://www.suse.com/security/cve/CVE-2023-52800"
},
{
"category": "external",
"summary": "SUSE Bug 1230600 for CVE-2023-52800",
"url": "https://bugzilla.suse.com/1230600"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-52800"
},
{
"cve": "CVE-2023-52881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52881"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: do not accept ACK of bytes we never sent\n\nThis patch is based on a detailed report and ideas from Yepeng Pan\nand Christian Rossow.\n\nACK seq validation is currently following RFC 5961 5.2 guidelines:\n\n The ACK value is considered acceptable only if\n it is in the range of ((SND.UNA - MAX.SND.WND) \u003c= SEG.ACK \u003c=\n SND.NXT). All incoming segments whose ACK value doesn\u0027t satisfy the\n above condition MUST be discarded and an ACK sent back. It needs to\n be noted that RFC 793 on page 72 (fifth check) says: \"If the ACK is a\n duplicate (SEG.ACK \u003c SND.UNA), it can be ignored. If the ACK\n acknowledges something not yet sent (SEG.ACK \u003e SND.NXT) then send an\n ACK, drop the segment, and return\". The \"ignored\" above implies that\n the processing of the incoming data segment continues, which means\n the ACK value is treated as acceptable. This mitigation makes the\n ACK check more stringent since any ACK \u003c SND.UNA wouldn\u0027t be\n accepted, instead only ACKs that are in the range ((SND.UNA -\n MAX.SND.WND) \u003c= SEG.ACK \u003c= SND.NXT) get through.\n\nThis can be refined for new (and possibly spoofed) flows,\nby not accepting ACK for bytes that were never sent.\n\nThis greatly improves TCP security at a little cost.\n\nI added a Fixes: tag to make sure this patch will reach stable trees,\neven if the \u0027blamed\u0027 patch was adhering to the RFC.\n\ntp-\u003ebytes_acked was added in linux-4.2\n\nFollowing packetdrill test (courtesy of Yepeng Pan) shows\nthe issue at hand:\n\n0 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3\n+0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0\n+0 bind(3, ..., ...) = 0\n+0 listen(3, 1024) = 0\n\n// ---------------- Handshake ------------------- //\n\n// when window scale is set to 14 the window size can be extended to\n// 65535 * (2^14) = 1073725440. Linux would accept an ACK packet\n// with ack number in (Server_ISN+1-1073725440. Server_ISN+1)\n// ,though this ack number acknowledges some data never\n// sent by the server.\n\n+0 \u003c S 0:0(0) win 65535 \u003cmss 1400,nop,wscale 14\u003e\n+0 \u003e S. 0:0(0) ack 1 \u003c...\u003e\n+0 \u003c . 1:1(0) ack 1 win 65535\n+0 accept(3, ..., ...) = 4\n\n// For the established connection, we send an ACK packet,\n// the ack packet uses ack number 1 - 1073725300 + 2^32,\n// where 2^32 is used to wrap around.\n// Note: we used 1073725300 instead of 1073725440 to avoid possible\n// edge cases.\n// 1 - 1073725300 + 2^32 = 3221241997\n\n// Oops, old kernels happily accept this packet.\n+0 \u003c . 1:1001(1000) ack 3221241997 win 65535\n\n// After the kernel fix the following will be replaced by a challenge ACK,\n// and prior malicious frame would be dropped.\n+0 \u003e . 1:1(0) ack 1001",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52881",
"url": "https://www.suse.com/security/cve/CVE-2023-52881"
},
{
"category": "external",
"summary": "SUSE Bug 1223384 for CVE-2023-52881",
"url": "https://bugzilla.suse.com/1223384"
},
{
"category": "external",
"summary": "SUSE Bug 1225611 for CVE-2023-52881",
"url": "https://bugzilla.suse.com/1225611"
},
{
"category": "external",
"summary": "SUSE Bug 1226152 for CVE-2023-52881",
"url": "https://bugzilla.suse.com/1226152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-52881"
},
{
"cve": "CVE-2023-52917",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52917"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52917",
"url": "https://www.suse.com/security/cve/CVE-2023-52917"
},
{
"category": "external",
"summary": "SUSE Bug 1231849 for CVE-2023-52917",
"url": "https://bugzilla.suse.com/1231849"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-52917"
},
{
"cve": "CVE-2023-52918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52918"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pci: cx23885: check cx23885_vdev_init() return\n\ncx23885_vdev_init() can return a NULL pointer, but that pointer\nis used in the next line without a check.\n\nAdd a NULL pointer check and go to the error unwind if it is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52918",
"url": "https://www.suse.com/security/cve/CVE-2023-52918"
},
{
"category": "external",
"summary": "SUSE Bug 1232047 for CVE-2023-52918",
"url": "https://bugzilla.suse.com/1232047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-52918"
},
{
"cve": "CVE-2023-52919",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52919"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nci: fix possible NULL pointer dereference in send_acknowledge()\n\nHandle memory allocation failure from nci_skb_alloc() (calling\nalloc_skb()) to avoid possible NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52919",
"url": "https://www.suse.com/security/cve/CVE-2023-52919"
},
{
"category": "external",
"summary": "SUSE Bug 1231988 for CVE-2023-52919",
"url": "https://bugzilla.suse.com/1231988"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-52919"
},
{
"cve": "CVE-2023-52920",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52920"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: support non-r10 register spill/fill to/from stack in precision tracking\n\nUse instruction (jump) history to record instructions that performed\nregister spill/fill to/from stack, regardless if this was done through\nread-only r10 register, or any other register after copying r10 into it\n*and* potentially adjusting offset.\n\nTo make this work reliably, we push extra per-instruction flags into\ninstruction history, encoding stack slot index (spi) and stack frame\nnumber in extra 10 bit flags we take away from prev_idx in instruction\nhistory. We don\u0027t touch idx field for maximum performance, as it\u0027s\nchecked most frequently during backtracking.\n\nThis change removes basically the last remaining practical limitation of\nprecision backtracking logic in BPF verifier. It fixes known\ndeficiencies, but also opens up new opportunities to reduce number of\nverified states, explored in the subsequent patches.\n\nThere are only three differences in selftests\u0027 BPF object files\naccording to veristat, all in the positive direction (less states).\n\nFile Program Insns (A) Insns (B) Insns (DIFF) States (A) States (B) States (DIFF)\n-------------------------------------- ------------- --------- --------- ------------- ---------- ---------- -------------\ntest_cls_redirect_dynptr.bpf.linked3.o cls_redirect 2987 2864 -123 (-4.12%) 240 231 -9 (-3.75%)\nxdp_synproxy_kern.bpf.linked3.o syncookie_tc 82848 82661 -187 (-0.23%) 5107 5073 -34 (-0.67%)\nxdp_synproxy_kern.bpf.linked3.o syncookie_xdp 85116 84964 -152 (-0.18%) 5162 5130 -32 (-0.62%)\n\nNote, I avoided renaming jmp_history to more generic insn_hist to\nminimize number of lines changed and potential merge conflicts between\nbpf and bpf-next trees.\n\nNotice also cur_hist_entry pointer reset to NULL at the beginning of\ninstruction verification loop. This pointer avoids the problem of\nrelying on last jump history entry\u0027s insn_idx to determine whether we\nalready have entry for current instruction or not. It can happen that we\nadded jump history entry because current instruction is_jmp_point(), but\nalso we need to add instruction flags for stack access. In this case, we\ndon\u0027t want to entries, so we need to reuse last added entry, if it is\npresent.\n\nRelying on insn_idx comparison has the same ambiguity problem as the one\nthat was fixed recently in [0], so we avoid that.\n\n [0] https://patchwork.kernel.org/project/netdevbpf/patch/20231110002638.4168352-3-andrii@kernel.org/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52920",
"url": "https://www.suse.com/security/cve/CVE-2023-52920"
},
{
"category": "external",
"summary": "SUSE Bug 1232823 for CVE-2023-52920",
"url": "https://bugzilla.suse.com/1232823"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-52920"
},
{
"cve": "CVE-2023-52921",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52921"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix possible UAF in amdgpu_cs_pass1()\n\nSince the gang_size check is outside of chunk parsing\nloop, we need to reset i before we free the chunk data.\n\nSuggested by Ye Zhang (@VAR10CK) of Baidu Security.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52921",
"url": "https://www.suse.com/security/cve/CVE-2023-52921"
},
{
"category": "external",
"summary": "SUSE Bug 1233452 for CVE-2023-52921",
"url": "https://bugzilla.suse.com/1233452"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-52921"
},
{
"cve": "CVE-2023-52922",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52922"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: bcm: Fix UAF in bcm_proc_show()\n\nBUG: KASAN: slab-use-after-free in bcm_proc_show+0x969/0xa80\nRead of size 8 at addr ffff888155846230 by task cat/7862\n\nCPU: 1 PID: 7862 Comm: cat Not tainted 6.5.0-rc1-00153-gc8746099c197 #230\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xd5/0x150\n print_report+0xc1/0x5e0\n kasan_report+0xba/0xf0\n bcm_proc_show+0x969/0xa80\n seq_read_iter+0x4f6/0x1260\n seq_read+0x165/0x210\n proc_reg_read+0x227/0x300\n vfs_read+0x1d5/0x8d0\n ksys_read+0x11e/0x240\n do_syscall_64+0x35/0xb0\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nAllocated by task 7846:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n __kasan_kmalloc+0x9e/0xa0\n bcm_sendmsg+0x264b/0x44e0\n sock_sendmsg+0xda/0x180\n ____sys_sendmsg+0x735/0x920\n ___sys_sendmsg+0x11d/0x1b0\n __sys_sendmsg+0xfa/0x1d0\n do_syscall_64+0x35/0xb0\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nFreed by task 7846:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n kasan_save_free_info+0x27/0x40\n ____kasan_slab_free+0x161/0x1c0\n slab_free_freelist_hook+0x119/0x220\n __kmem_cache_free+0xb4/0x2e0\n rcu_core+0x809/0x1bd0\n\nbcm_op is freed before procfs entry be removed in bcm_release(),\nthis lead to bcm_proc_show() may read the freed bcm_op.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52922",
"url": "https://www.suse.com/security/cve/CVE-2023-52922"
},
{
"category": "external",
"summary": "SUSE Bug 1233977 for CVE-2023-52922",
"url": "https://bugzilla.suse.com/1233977"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-52922"
},
{
"cve": "CVE-2023-6270",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-6270"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial of service condition or potential code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-6270",
"url": "https://www.suse.com/security/cve/CVE-2023-6270"
},
{
"category": "external",
"summary": "SUSE Bug 1218562 for CVE-2023-6270",
"url": "https://bugzilla.suse.com/1218562"
},
{
"category": "external",
"summary": "SUSE Bug 1218813 for CVE-2023-6270",
"url": "https://bugzilla.suse.com/1218813"
},
{
"category": "external",
"summary": "SUSE Bug 1221578 for CVE-2023-6270",
"url": "https://bugzilla.suse.com/1221578"
},
{
"category": "external",
"summary": "SUSE Bug 1221598 for CVE-2023-6270",
"url": "https://bugzilla.suse.com/1221598"
},
{
"category": "external",
"summary": "SUSE Bug 1223016 for CVE-2023-6270",
"url": "https://bugzilla.suse.com/1223016"
},
{
"category": "external",
"summary": "SUSE Bug 1227675 for CVE-2023-6270",
"url": "https://bugzilla.suse.com/1227675"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2023-6270"
},
{
"cve": "CVE-2024-26596",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26596"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events\n\nAfter the blamed commit, we started doing this dereference for every\nNETDEV_CHANGEUPPER and NETDEV_PRECHANGEUPPER event in the system.\n\nstatic inline struct dsa_port *dsa_user_to_port(const struct net_device *dev)\n{\n\tstruct dsa_user_priv *p = netdev_priv(dev);\n\n\treturn p-\u003edp;\n}\n\nWhich is obviously bogus, because not all net_devices have a netdev_priv()\nof type struct dsa_user_priv. But struct dsa_user_priv is fairly small,\nand p-\u003edp means dereferencing 8 bytes starting with offset 16. Most\ndrivers allocate that much private memory anyway, making our access not\nfault, and we discard the bogus data quickly afterwards, so this wasn\u0027t\ncaught.\n\nBut the dummy interface is somewhat special in that it calls\nalloc_netdev() with a priv size of 0. So every netdev_priv() dereference\nis invalid, and we get this when we emit a NETDEV_PRECHANGEUPPER event\nwith a VLAN as its new upper:\n\n$ ip link add dummy1 type dummy\n$ ip link add link dummy1 name dummy1.100 type vlan id 100\n[ 43.309174] ==================================================================\n[ 43.316456] BUG: KASAN: slab-out-of-bounds in dsa_user_prechangeupper+0x30/0xe8\n[ 43.323835] Read of size 8 at addr ffff3f86481d2990 by task ip/374\n[ 43.330058]\n[ 43.342436] Call trace:\n[ 43.366542] dsa_user_prechangeupper+0x30/0xe8\n[ 43.371024] dsa_user_netdevice_event+0xb38/0xee8\n[ 43.375768] notifier_call_chain+0xa4/0x210\n[ 43.379985] raw_notifier_call_chain+0x24/0x38\n[ 43.384464] __netdev_upper_dev_link+0x3ec/0x5d8\n[ 43.389120] netdev_upper_dev_link+0x70/0xa8\n[ 43.393424] register_vlan_dev+0x1bc/0x310\n[ 43.397554] vlan_newlink+0x210/0x248\n[ 43.401247] rtnl_newlink+0x9fc/0xe30\n[ 43.404942] rtnetlink_rcv_msg+0x378/0x580\n\nAvoid the kernel oops by dereferencing after the type check, as customary.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26596",
"url": "https://www.suse.com/security/cve/CVE-2024-26596"
},
{
"category": "external",
"summary": "SUSE Bug 1220355 for CVE-2024-26596",
"url": "https://bugzilla.suse.com/1220355"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-26596"
},
{
"cve": "CVE-2024-26703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/timerlat: Move hrtimer_init to timerlat_fd open()\n\nCurrently, the timerlat\u0027s hrtimer is initialized at the first read of\ntimerlat_fd, and destroyed at close(). It works, but it causes an error\nif the user program open() and close() the file without reading.\n\nHere\u0027s an example:\n\n # echo NO_OSNOISE_WORKLOAD \u003e /sys/kernel/debug/tracing/osnoise/options\n # echo timerlat \u003e /sys/kernel/debug/tracing/current_tracer\n\n # cat \u003c\u003cEOF \u003e ./timerlat_load.py\n # !/usr/bin/env python3\n\n timerlat_fd = open(\"/sys/kernel/tracing/osnoise/per_cpu/cpu0/timerlat_fd\", \u0027r\u0027)\n timerlat_fd.close();\n EOF\n\n # ./taskset -c 0 ./timerlat_load.py\n\u003cBOOM\u003e\n\n BUG: kernel NULL pointer dereference, address: 0000000000000010\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 1 PID: 2673 Comm: python3 Not tainted 6.6.13-200.fc39.x86_64 #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-1.fc39 04/01/2014\n RIP: 0010:hrtimer_active+0xd/0x50\n Code: 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 48 8b 57 30 \u003c8b\u003e 42 10 a8 01 74 09 f3 90 8b 42 10 a8 01 75 f7 80 7f 38 00 75 1d\n RSP: 0018:ffffb031009b7e10 EFLAGS: 00010286\n RAX: 000000000002db00 RBX: ffff9118f786db08 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffff9117a0e64400 RDI: ffff9118f786db08\n RBP: ffff9118f786db80 R08: ffff9117a0ddd420 R09: ffff9117804d4f70\n R10: 0000000000000000 R11: 0000000000000000 R12: ffff9118f786db08\n R13: ffff91178fdd5e20 R14: ffff9117840978c0 R15: 0000000000000000\n FS: 00007f2ffbab1740(0000) GS:ffff9118f7840000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000010 CR3: 00000001b402e000 CR4: 0000000000750ee0\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __die+0x23/0x70\n ? page_fault_oops+0x171/0x4e0\n ? srso_alias_return_thunk+0x5/0x7f\n ? avc_has_extended_perms+0x237/0x520\n ? exc_page_fault+0x7f/0x180\n ? asm_exc_page_fault+0x26/0x30\n ? hrtimer_active+0xd/0x50\n hrtimer_cancel+0x15/0x40\n timerlat_fd_release+0x48/0xe0\n __fput+0xf5/0x290\n __x64_sys_close+0x3d/0x80\n do_syscall_64+0x60/0x90\n ? srso_alias_return_thunk+0x5/0x7f\n ? __x64_sys_ioctl+0x72/0xd0\n ? srso_alias_return_thunk+0x5/0x7f\n ? syscall_exit_to_user_mode+0x2b/0x40\n ? srso_alias_return_thunk+0x5/0x7f\n ? do_syscall_64+0x6c/0x90\n ? srso_alias_return_thunk+0x5/0x7f\n ? exit_to_user_mode_prepare+0x142/0x1f0\n ? srso_alias_return_thunk+0x5/0x7f\n ? syscall_exit_to_user_mode+0x2b/0x40\n ? srso_alias_return_thunk+0x5/0x7f\n ? do_syscall_64+0x6c/0x90\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n RIP: 0033:0x7f2ffb321594\n Code: 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 80 3d d5 cd 0d 00 00 74 13 b8 03 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 3c c3 0f 1f 00 55 48 89 e5 48 83 ec 10 89 7d\n RSP: 002b:00007ffe8d8eef18 EFLAGS: 00000202 ORIG_RAX: 0000000000000003\n RAX: ffffffffffffffda RBX: 00007f2ffba4e668 RCX: 00007f2ffb321594\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003\n RBP: 00007ffe8d8eef40 R08: 0000000000000000 R09: 0000000000000000\n R10: 55c926e3167eae79 R11: 0000000000000202 R12: 0000000000000003\n R13: 00007ffe8d8ef030 R14: 0000000000000000 R15: 00007f2ffba4e668\n \u003c/TASK\u003e\n CR2: 0000000000000010\n ---[ end trace 0000000000000000 ]---\n\nMove hrtimer_init to timerlat_fd open() to avoid this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26703",
"url": "https://www.suse.com/security/cve/CVE-2024-26703"
},
{
"category": "external",
"summary": "SUSE Bug 1222423 for CVE-2024-26703",
"url": "https://bugzilla.suse.com/1222423"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-26703"
},
{
"cve": "CVE-2024-26741",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26741"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished().\n\nsyzkaller reported a warning [0] in inet_csk_destroy_sock() with no\nrepro.\n\n WARN_ON(inet_sk(sk)-\u003einet_num \u0026\u0026 !inet_csk(sk)-\u003eicsk_bind_hash);\n\nHowever, the syzkaller\u0027s log hinted that connect() failed just before\nthe warning due to FAULT_INJECTION. [1]\n\nWhen connect() is called for an unbound socket, we search for an\navailable ephemeral port. If a bhash bucket exists for the port, we\ncall __inet_check_established() or __inet6_check_established() to check\nif the bucket is reusable.\n\nIf reusable, we add the socket into ehash and set inet_sk(sk)-\u003einet_num.\n\nLater, we look up the corresponding bhash2 bucket and try to allocate\nit if it does not exist.\n\nAlthough it rarely occurs in real use, if the allocation fails, we must\nrevert the changes by check_established(). Otherwise, an unconnected\nsocket could illegally occupy an ehash entry.\n\nNote that we do not put tw back into ehash because sk might have\nalready responded to a packet for tw and it would be better to free\ntw earlier under such memory presure.\n\n[0]:\nWARNING: CPU: 0 PID: 350830 at net/ipv4/inet_connection_sock.c:1193 inet_csk_destroy_sock (net/ipv4/inet_connection_sock.c:1193)\nModules linked in:\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nRIP: 0010:inet_csk_destroy_sock (net/ipv4/inet_connection_sock.c:1193)\nCode: 41 5c 41 5d 41 5e e9 2d 4a 3d fd e8 28 4a 3d fd 48 89 ef e8 f0 cd 7d ff 5b 5d 41 5c 41 5d 41 5e e9 13 4a 3d fd e8 0e 4a 3d fd \u003c0f\u003e 0b e9 61 fe ff ff e8 02 4a 3d fd 4c 89 e7 be 03 00 00 00 e8 05\nRSP: 0018:ffffc9000b21fd38 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: 0000000000009e78 RCX: ffffffff840bae40\nRDX: ffff88806e46c600 RSI: ffffffff840bb012 RDI: ffff88811755cca8\nRBP: ffff88811755c880 R08: 0000000000000003 R09: 0000000000000000\nR10: 0000000000009e78 R11: 0000000000000000 R12: ffff88811755c8e0\nR13: ffff88811755c892 R14: ffff88811755c918 R15: 0000000000000000\nFS: 00007f03e5243800(0000) GS:ffff88811ae00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b32f21000 CR3: 0000000112ffe001 CR4: 0000000000770ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? inet_csk_destroy_sock (net/ipv4/inet_connection_sock.c:1193)\n dccp_close (net/dccp/proto.c:1078)\n inet_release (net/ipv4/af_inet.c:434)\n __sock_release (net/socket.c:660)\n sock_close (net/socket.c:1423)\n __fput (fs/file_table.c:377)\n __fput_sync (fs/file_table.c:462)\n __x64_sys_close (fs/open.c:1557 fs/open.c:1539 fs/open.c:1539)\n do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129)\nRIP: 0033:0x7f03e53852bb\nCode: 03 00 00 00 0f 05 48 3d 00 f0 ff ff 77 41 c3 48 83 ec 18 89 7c 24 0c e8 43 c9 f5 ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 c9 f5 ff 8b 44\nRSP: 002b:00000000005dfba0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003\nRAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f03e53852bb\nRDX: 0000000000000002 RSI: 0000000000000002 RDI: 0000000000000003\nRBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000167c\nR10: 0000000008a79680 R11: 0000000000000293 R12: 00007f03e4e43000\nR13: 00007f03e4e43170 R14: 00007f03e4e43178 R15: 00007f03e4e43170\n \u003c/TASK\u003e\n\n[1]:\nFAULT_INJECTION: forcing a failure.\nname failslab, interval 1, probability 0, space 0, times 0\nCPU: 0 PID: 350833 Comm: syz-executor.1 Not tainted 6.7.0-12272-g2121c43f88f5 #9\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl (lib/dump_stack.c:107 (discriminator 1))\n should_fail_ex (lib/fault-inject.c:52 lib/fault-inject.c:153)\n should_failslab (mm/slub.c:3748)\n kmem_cache_alloc (mm/slub.c:3763 mm/slub.c:3842 mm/slub.c:3867)\n inet_bind2_bucket_create \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26741",
"url": "https://www.suse.com/security/cve/CVE-2024-26741"
},
{
"category": "external",
"summary": "SUSE Bug 1222587 for CVE-2024-26741",
"url": "https://bugzilla.suse.com/1222587"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-26741"
},
{
"cve": "CVE-2024-26758",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26758"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: Don\u0027t ignore suspended array in md_check_recovery()\n\nmddev_suspend() never stop sync_thread, hence it doesn\u0027t make sense to\nignore suspended array in md_check_recovery(), which might cause\nsync_thread can\u0027t be unregistered.\n\nAfter commit f52f5c71f3d4 (\"md: fix stopping sync thread\"), following\nhang can be triggered by test shell/integrity-caching.sh:\n\n1) suspend the array:\nraid_postsuspend\n mddev_suspend\n\n2) stop the array:\nraid_dtr\n md_stop\n __md_stop_writes\n stop_sync_thread\n set_bit(MD_RECOVERY_INTR, \u0026mddev-\u003erecovery);\n md_wakeup_thread_directly(mddev-\u003esync_thread);\n wait_event(..., !test_bit(MD_RECOVERY_RUNNING, \u0026mddev-\u003erecovery))\n\n3) sync thread done:\nmd_do_sync\n set_bit(MD_RECOVERY_DONE, \u0026mddev-\u003erecovery);\n md_wakeup_thread(mddev-\u003ethread);\n\n4) daemon thread can\u0027t unregister sync thread:\nmd_check_recovery\n if (mddev-\u003esuspended)\n return; -\u003e return directly\n md_read_sync_thread\n clear_bit(MD_RECOVERY_RUNNING, \u0026mddev-\u003erecovery);\n -\u003e MD_RECOVERY_RUNNING can\u0027t be cleared, hence step 2 hang;\n\nThis problem is not just related to dm-raid, fix it by ignoring\nsuspended array in md_check_recovery(). And follow up patches will\nimprove dm-raid better to frozen sync thread during suspend.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26758",
"url": "https://www.suse.com/security/cve/CVE-2024-26758"
},
{
"category": "external",
"summary": "SUSE Bug 1230341 for CVE-2024-26758",
"url": "https://bugzilla.suse.com/1230341"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-26758"
},
{
"cve": "CVE-2024-26761",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26761"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window\n\nThe Linux CXL subsystem is built on the assumption that HPA == SPA.\nThat is, the host physical address (HPA) the HDM decoder registers are\nprogrammed with are system physical addresses (SPA).\n\nDuring HDM decoder setup, the DVSEC CXL range registers (cxl-3.1,\n8.1.3.8) are checked if the memory is enabled and the CXL range is in\na HPA window that is described in a CFMWS structure of the CXL host\nbridge (cxl-3.1, 9.18.1.3).\n\nNow, if the HPA is not an SPA, the CXL range does not match a CFMWS\nwindow and the CXL memory range will be disabled then. The HDM decoder\nstops working which causes system memory being disabled and further a\nsystem hang during HDM decoder initialization, typically when a CXL\nenabled kernel boots.\n\nPrevent a system hang and do not disable the HDM decoder if the\ndecoder\u0027s CXL range is not found in a CFMWS window.\n\nNote the change only fixes a hardware hang, but does not implement\nHPA/SPA translation. Support for this can be added in a follow on\npatch series.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26761",
"url": "https://www.suse.com/security/cve/CVE-2024-26761"
},
{
"category": "external",
"summary": "SUSE Bug 1230375 for CVE-2024-26761",
"url": "https://bugzilla.suse.com/1230375"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-26761"
},
{
"cve": "CVE-2024-26767",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26767"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fixed integer types and null check locations\n\n[why]:\nissues fixed:\n- comparison with wider integer type in loop condition which can cause\ninfinite loops\n- pointer dereference before null check",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26767",
"url": "https://www.suse.com/security/cve/CVE-2024-26767"
},
{
"category": "external",
"summary": "SUSE Bug 1230339 for CVE-2024-26767",
"url": "https://bugzilla.suse.com/1230339"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-26767"
},
{
"cve": "CVE-2024-26782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26782"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix double-free on socket dismantle\n\nwhen MPTCP server accepts an incoming connection, it clones its listener\nsocket. However, the pointer to \u0027inet_opt\u0027 for the new socket has the same\nvalue as the original one: as a consequence, on program exit it\u0027s possible\nto observe the following splat:\n\n BUG: KASAN: double-free in inet_sock_destruct+0x54f/0x8b0\n Free of addr ffff888485950880 by task swapper/25/0\n\n CPU: 25 PID: 0 Comm: swapper/25 Kdump: loaded Not tainted 6.8.0-rc1+ #609\n Hardware name: Supermicro SYS-6027R-72RF/X9DRH-7TF/7F/iTF/iF, BIOS 3.0 07/26/2013\n Call Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x32/0x50\n print_report+0xca/0x620\n kasan_report_invalid_free+0x64/0x90\n __kasan_slab_free+0x1aa/0x1f0\n kfree+0xed/0x2e0\n inet_sock_destruct+0x54f/0x8b0\n __sk_destruct+0x48/0x5b0\n rcu_do_batch+0x34e/0xd90\n rcu_core+0x559/0xac0\n __do_softirq+0x183/0x5a4\n irq_exit_rcu+0x12d/0x170\n sysvec_apic_timer_interrupt+0x6b/0x80\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_sysvec_apic_timer_interrupt+0x16/0x20\n RIP: 0010:cpuidle_enter_state+0x175/0x300\n Code: 30 00 0f 84 1f 01 00 00 83 e8 01 83 f8 ff 75 e5 48 83 c4 18 44 89 e8 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc fb 45 85 ed \u003c0f\u003e 89 60 ff ff ff 48 c1 e5 06 48 c7 43 18 00 00 00 00 48 83 44 2b\n RSP: 0018:ffff888481cf7d90 EFLAGS: 00000202\n RAX: 0000000000000000 RBX: ffff88887facddc8 RCX: 0000000000000000\n RDX: 1ffff1110ff588b1 RSI: 0000000000000019 RDI: ffff88887fac4588\n RBP: 0000000000000004 R08: 0000000000000002 R09: 0000000000043080\n R10: 0009b02ea273363f R11: ffff88887fabf42b R12: ffffffff932592e0\n R13: 0000000000000004 R14: 0000000000000000 R15: 00000022c880ec80\n cpuidle_enter+0x4a/0xa0\n do_idle+0x310/0x410\n cpu_startup_entry+0x51/0x60\n start_secondary+0x211/0x270\n secondary_startup_64_no_verify+0x184/0x18b\n \u003c/TASK\u003e\n\n Allocated by task 6853:\n kasan_save_stack+0x1c/0x40\n kasan_save_track+0x10/0x30\n __kasan_kmalloc+0xa6/0xb0\n __kmalloc+0x1eb/0x450\n cipso_v4_sock_setattr+0x96/0x360\n netlbl_sock_setattr+0x132/0x1f0\n selinux_netlbl_socket_post_create+0x6c/0x110\n selinux_socket_post_create+0x37b/0x7f0\n security_socket_post_create+0x63/0xb0\n __sock_create+0x305/0x450\n __sys_socket_create.part.23+0xbd/0x130\n __sys_socket+0x37/0xb0\n __x64_sys_socket+0x6f/0xb0\n do_syscall_64+0x83/0x160\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\n Freed by task 6858:\n kasan_save_stack+0x1c/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x12c/0x1f0\n kfree+0xed/0x2e0\n inet_sock_destruct+0x54f/0x8b0\n __sk_destruct+0x48/0x5b0\n subflow_ulp_release+0x1f0/0x250\n tcp_cleanup_ulp+0x6e/0x110\n tcp_v4_destroy_sock+0x5a/0x3a0\n inet_csk_destroy_sock+0x135/0x390\n tcp_fin+0x416/0x5c0\n tcp_data_queue+0x1bc8/0x4310\n tcp_rcv_state_process+0x15a3/0x47b0\n tcp_v4_do_rcv+0x2c1/0x990\n tcp_v4_rcv+0x41fb/0x5ed0\n ip_protocol_deliver_rcu+0x6d/0x9f0\n ip_local_deliver_finish+0x278/0x360\n ip_local_deliver+0x182/0x2c0\n ip_rcv+0xb5/0x1c0\n __netif_receive_skb_one_core+0x16e/0x1b0\n process_backlog+0x1e3/0x650\n __napi_poll+0xa6/0x500\n net_rx_action+0x740/0xbb0\n __do_softirq+0x183/0x5a4\n\n The buggy address belongs to the object at ffff888485950880\n which belongs to the cache kmalloc-64 of size 64\n The buggy address is located 0 bytes inside of\n 64-byte region [ffff888485950880, ffff8884859508c0)\n\n The buggy address belongs to the physical page:\n page:0000000056d1e95e refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888485950700 pfn:0x485950\n flags: 0x57ffffc0000800(slab|node=1|zone=2|lastcpupid=0x1fffff)\n page_type: 0xffffffff()\n raw: 0057ffffc0000800 ffff88810004c640 ffffea00121b8ac0 dead000000000006\n raw: ffff888485950700 0000000000200019 00000001ffffffff 0000000000000000\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n ffff888485950780: fa fb fb\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26782",
"url": "https://www.suse.com/security/cve/CVE-2024-26782"
},
{
"category": "external",
"summary": "SUSE Bug 1222590 for CVE-2024-26782",
"url": "https://bugzilla.suse.com/1222590"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-26782"
},
{
"cve": "CVE-2024-26864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26864"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Fix refcnt handling in __inet_hash_connect().\n\nsyzbot reported a warning in sk_nulls_del_node_init_rcu().\n\nThe commit 66b60b0c8c4a (\"dccp/tcp: Unhash sk from ehash for tb2 alloc\nfailure after check_estalblished().\") tried to fix an issue that an\nunconnected socket occupies an ehash entry when bhash2 allocation fails.\n\nIn such a case, we need to revert changes done by check_established(),\nwhich does not hold refcnt when inserting socket into ehash.\n\nSo, to revert the change, we need to __sk_nulls_add_node_rcu() instead\nof sk_nulls_add_node_rcu().\n\nOtherwise, sock_put() will cause refcnt underflow and leak the socket.\n\n[0]:\nWARNING: CPU: 0 PID: 23948 at include/net/sock.h:799 sk_nulls_del_node_init_rcu+0x166/0x1a0 include/net/sock.h:799\nModules linked in:\nCPU: 0 PID: 23948 Comm: syz-executor.2 Not tainted 6.8.0-rc6-syzkaller-00159-gc055fc00c07b #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\nRIP: 0010:sk_nulls_del_node_init_rcu+0x166/0x1a0 include/net/sock.h:799\nCode: e8 7f 71 c6 f7 83 fb 02 7c 25 e8 35 6d c6 f7 4d 85 f6 0f 95 c0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 1b 6d c6 f7 90 \u003c0f\u003e 0b 90 eb b2 e8 10 6d c6 f7 4c 89 e7 be 04 00 00 00 e8 63 e7 d2\nRSP: 0018:ffffc900032d7848 EFLAGS: 00010246\nRAX: ffffffff89cd0035 RBX: 0000000000000001 RCX: 0000000000040000\nRDX: ffffc90004de1000 RSI: 000000000003ffff RDI: 0000000000040000\nRBP: 1ffff1100439ac26 R08: ffffffff89ccffe3 R09: 1ffff1100439ac28\nR10: dffffc0000000000 R11: ffffed100439ac29 R12: ffff888021cd6140\nR13: dffffc0000000000 R14: ffff88802a9bf5c0 R15: ffff888021cd6130\nFS: 00007f3b823f16c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f3b823f0ff8 CR3: 000000004674a000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n __inet_hash_connect+0x140f/0x20b0 net/ipv4/inet_hashtables.c:1139\n dccp_v6_connect+0xcb9/0x1480 net/dccp/ipv6.c:956\n __inet_stream_connect+0x262/0xf30 net/ipv4/af_inet.c:678\n inet_stream_connect+0x65/0xa0 net/ipv4/af_inet.c:749\n __sys_connect_file net/socket.c:2048 [inline]\n __sys_connect+0x2df/0x310 net/socket.c:2065\n __do_sys_connect net/socket.c:2075 [inline]\n __se_sys_connect net/socket.c:2072 [inline]\n __x64_sys_connect+0x7a/0x90 net/socket.c:2072\n do_syscall_64+0xf9/0x240\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\nRIP: 0033:0x7f3b8167dda9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f3b823f10c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002a\nRAX: ffffffffffffffda RBX: 00007f3b817abf80 RCX: 00007f3b8167dda9\nRDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000003\nRBP: 00007f3b823f1120 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001\nR13: 000000000000000b R14: 00007f3b817abf80 R15: 00007ffd3beb57b8\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26864",
"url": "https://www.suse.com/security/cve/CVE-2024-26864"
},
{
"category": "external",
"summary": "SUSE Bug 1223112 for CVE-2024-26864",
"url": "https://bugzilla.suse.com/1223112"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-26864"
},
{
"cve": "CVE-2024-26943",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26943"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnouveau/dmem: handle kcalloc() allocation failure\n\nThe kcalloc() in nouveau_dmem_evict_chunk() will return null if\nthe physical memory has run out. As a result, if we dereference\nsrc_pfns, dst_pfns or dma_addrs, the null pointer dereference bugs\nwill happen.\n\nMoreover, the GPU is going away. If the kcalloc() fails, we could not\nevict all pages mapping a chunk. So this patch adds a __GFP_NOFAIL\nflag in kcalloc().\n\nFinally, as there is no need to have physically contiguous memory,\nthis patch switches kcalloc() to kvcalloc() in order to avoid\nfailing allocations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26943",
"url": "https://www.suse.com/security/cve/CVE-2024-26943"
},
{
"category": "external",
"summary": "SUSE Bug 1230527 for CVE-2024-26943",
"url": "https://bugzilla.suse.com/1230527"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-26943"
},
{
"cve": "CVE-2024-26953",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26953"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: esp: fix bad handling of pages from page_pool\n\nWhen the skb is reorganized during esp_output (!esp-\u003einline), the pages\ncoming from the original skb fragments are supposed to be released back\nto the system through put_page. But if the skb fragment pages are\noriginating from a page_pool, calling put_page on them will trigger a\npage_pool leak which will eventually result in a crash.\n\nThis leak can be easily observed when using CONFIG_DEBUG_VM and doing\nipsec + gre (non offloaded) forwarding:\n\n BUG: Bad page state in process ksoftirqd/16 pfn:1451b6\n page:00000000de2b8d32 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1451b6000 pfn:0x1451b6\n flags: 0x200000000000000(node=0|zone=2)\n page_type: 0xffffffff()\n raw: 0200000000000000 dead000000000040 ffff88810d23c000 0000000000000000\n raw: 00000001451b6000 0000000000000001 00000000ffffffff 0000000000000000\n page dumped because: page_pool leak\n Modules linked in: ip_gre gre mlx5_ib mlx5_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink iptable_nat nf_nat xt_addrtype br_netfilter rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm ib_uverbs ib_core overlay zram zsmalloc fuse [last unloaded: mlx5_core]\n CPU: 16 PID: 96 Comm: ksoftirqd/16 Not tainted 6.8.0-rc4+ #22\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x36/0x50\n bad_page+0x70/0xf0\n free_unref_page_prepare+0x27a/0x460\n free_unref_page+0x38/0x120\n esp_ssg_unref.isra.0+0x15f/0x200\n esp_output_tail+0x66d/0x780\n esp_xmit+0x2c5/0x360\n validate_xmit_xfrm+0x313/0x370\n ? validate_xmit_skb+0x1d/0x330\n validate_xmit_skb_list+0x4c/0x70\n sch_direct_xmit+0x23e/0x350\n __dev_queue_xmit+0x337/0xba0\n ? nf_hook_slow+0x3f/0xd0\n ip_finish_output2+0x25e/0x580\n iptunnel_xmit+0x19b/0x240\n ip_tunnel_xmit+0x5fb/0xb60\n ipgre_xmit+0x14d/0x280 [ip_gre]\n dev_hard_start_xmit+0xc3/0x1c0\n __dev_queue_xmit+0x208/0xba0\n ? nf_hook_slow+0x3f/0xd0\n ip_finish_output2+0x1ca/0x580\n ip_sublist_rcv_finish+0x32/0x40\n ip_sublist_rcv+0x1b2/0x1f0\n ? ip_rcv_finish_core.constprop.0+0x460/0x460\n ip_list_rcv+0x103/0x130\n __netif_receive_skb_list_core+0x181/0x1e0\n netif_receive_skb_list_internal+0x1b3/0x2c0\n napi_gro_receive+0xc8/0x200\n gro_cell_poll+0x52/0x90\n __napi_poll+0x25/0x1a0\n net_rx_action+0x28e/0x300\n __do_softirq+0xc3/0x276\n ? sort_range+0x20/0x20\n run_ksoftirqd+0x1e/0x30\n smpboot_thread_fn+0xa6/0x130\n kthread+0xcd/0x100\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x31/0x50\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e\n\nThe suggested fix is to introduce a new wrapper (skb_page_unref) that\ncovers page refcounting for page_pool pages as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26953",
"url": "https://www.suse.com/security/cve/CVE-2024-26953"
},
{
"category": "external",
"summary": "SUSE Bug 1223656 for CVE-2024-26953",
"url": "https://bugzilla.suse.com/1223656"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-26953"
},
{
"cve": "CVE-2024-27017",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27017"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo: walk over current view on netlink dump\n\nThe generation mask can be updated while netlink dump is in progress.\nThe pipapo set backend walk iterator cannot rely on it to infer what\nview of the datastructure is to be used. Add notation to specify if user\nwants to read/update the set.\n\nBased on patch from Florian Westphal.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27017",
"url": "https://www.suse.com/security/cve/CVE-2024-27017"
},
{
"category": "external",
"summary": "SUSE Bug 1223733 for CVE-2024-27017",
"url": "https://bugzilla.suse.com/1223733"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-27017"
},
{
"cve": "CVE-2024-27026",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27026"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvmxnet3: Fix missing reserved tailroom\n\nUse rbi-\u003elen instead of rcd-\u003elen for non-dataring packet.\n\nFound issue:\n XDP_WARN: xdp_update_frame_from_buff(line:278): Driver BUG: missing reserved tailroom\n WARNING: CPU: 0 PID: 0 at net/core/xdp.c:586 xdp_warn+0xf/0x20\n CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W O 6.5.1 #1\n RIP: 0010:xdp_warn+0xf/0x20\n ...\n ? xdp_warn+0xf/0x20\n xdp_do_redirect+0x15f/0x1c0\n vmxnet3_run_xdp+0x17a/0x400 [vmxnet3]\n vmxnet3_process_xdp+0xe4/0x760 [vmxnet3]\n ? vmxnet3_tq_tx_complete.isra.0+0x21e/0x2c0 [vmxnet3]\n vmxnet3_rq_rx_complete+0x7ad/0x1120 [vmxnet3]\n vmxnet3_poll_rx_only+0x2d/0xa0 [vmxnet3]\n __napi_poll+0x20/0x180\n net_rx_action+0x177/0x390",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27026",
"url": "https://www.suse.com/security/cve/CVE-2024-27026"
},
{
"category": "external",
"summary": "SUSE Bug 1223700 for CVE-2024-27026",
"url": "https://bugzilla.suse.com/1223700"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-27026"
},
{
"cve": "CVE-2024-27043",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27043"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: edia: dvbdev: fix a use-after-free\n\nIn dvb_register_device, *pdvbdev is set equal to dvbdev, which is freed\nin several error-handling paths. However, *pdvbdev is not set to NULL\nafter dvbdev\u0027s deallocation, causing use-after-frees in many places,\nfor example, in the following call chain:\n\nbudget_register\n |-\u003e dvb_dmxdev_init\n |-\u003e dvb_register_device\n |-\u003e dvb_dmxdev_release\n |-\u003e dvb_unregister_device\n |-\u003e dvb_remove_device\n |-\u003e dvb_device_put\n |-\u003e kref_put\n\nWhen calling dvb_unregister_device, dmxdev-\u003edvbdev (i.e. *pdvbdev in\ndvb_register_device) could point to memory that had been freed in\ndvb_register_device. Thereafter, this pointer is transferred to\nkref_put and triggering a use-after-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27043",
"url": "https://www.suse.com/security/cve/CVE-2024-27043"
},
{
"category": "external",
"summary": "SUSE Bug 1218562 for CVE-2024-27043",
"url": "https://bugzilla.suse.com/1218562"
},
{
"category": "external",
"summary": "SUSE Bug 1223824 for CVE-2024-27043",
"url": "https://bugzilla.suse.com/1223824"
},
{
"category": "external",
"summary": "SUSE Bug 1223825 for CVE-2024-27043",
"url": "https://bugzilla.suse.com/1223825"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-27043"
},
{
"cve": "CVE-2024-27407",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27407"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Fixed overflow check in mi_enum_attr()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27407",
"url": "https://www.suse.com/security/cve/CVE-2024-27407"
},
{
"category": "external",
"summary": "SUSE Bug 1224429 for CVE-2024-27407",
"url": "https://bugzilla.suse.com/1224429"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-27407"
},
{
"cve": "CVE-2024-35888",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35888"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nerspan: make sure erspan_base_hdr is present in skb-\u003ehead\n\nsyzbot reported a problem in ip6erspan_rcv() [1]\n\nIssue is that ip6erspan_rcv() (and erspan_rcv()) no longer make\nsure erspan_base_hdr is present in skb linear part (skb-\u003ehead)\nbefore getting @ver field from it.\n\nAdd the missing pskb_may_pull() calls.\n\nv2: Reload iph pointer in erspan_rcv() after pskb_may_pull()\n because skb-\u003ehead might have changed.\n\n[1]\n\n BUG: KMSAN: uninit-value in pskb_may_pull_reason include/linux/skbuff.h:2742 [inline]\n BUG: KMSAN: uninit-value in pskb_may_pull include/linux/skbuff.h:2756 [inline]\n BUG: KMSAN: uninit-value in ip6erspan_rcv net/ipv6/ip6_gre.c:541 [inline]\n BUG: KMSAN: uninit-value in gre_rcv+0x11f8/0x1930 net/ipv6/ip6_gre.c:610\n pskb_may_pull_reason include/linux/skbuff.h:2742 [inline]\n pskb_may_pull include/linux/skbuff.h:2756 [inline]\n ip6erspan_rcv net/ipv6/ip6_gre.c:541 [inline]\n gre_rcv+0x11f8/0x1930 net/ipv6/ip6_gre.c:610\n ip6_protocol_deliver_rcu+0x1d4c/0x2ca0 net/ipv6/ip6_input.c:438\n ip6_input_finish net/ipv6/ip6_input.c:483 [inline]\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492\n ip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586\n dst_input include/net/dst.h:460 [inline]\n ip6_rcv_finish+0x955/0x970 net/ipv6/ip6_input.c:79\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ipv6_rcv+0xde/0x390 net/ipv6/ip6_input.c:310\n __netif_receive_skb_one_core net/core/dev.c:5538 [inline]\n __netif_receive_skb+0x1da/0xa00 net/core/dev.c:5652\n netif_receive_skb_internal net/core/dev.c:5738 [inline]\n netif_receive_skb+0x58/0x660 net/core/dev.c:5798\n tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1549\n tun_get_user+0x5566/0x69e0 drivers/net/tun.c:2002\n tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048\n call_write_iter include/linux/fs.h:2108 [inline]\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0xb63/0x1520 fs/read_write.c:590\n ksys_write+0x20f/0x4c0 fs/read_write.c:643\n __do_sys_write fs/read_write.c:655 [inline]\n __se_sys_write fs/read_write.c:652 [inline]\n __x64_sys_write+0x93/0xe0 fs/read_write.c:652\n do_syscall_64+0xd5/0x1f0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3804 [inline]\n slab_alloc_node mm/slub.c:3845 [inline]\n kmem_cache_alloc_node+0x613/0xc50 mm/slub.c:3888\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:577\n __alloc_skb+0x35b/0x7a0 net/core/skbuff.c:668\n alloc_skb include/linux/skbuff.h:1318 [inline]\n alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6504\n sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2795\n tun_alloc_skb drivers/net/tun.c:1525 [inline]\n tun_get_user+0x209a/0x69e0 drivers/net/tun.c:1846\n tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048\n call_write_iter include/linux/fs.h:2108 [inline]\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0xb63/0x1520 fs/read_write.c:590\n ksys_write+0x20f/0x4c0 fs/read_write.c:643\n __do_sys_write fs/read_write.c:655 [inline]\n __se_sys_write fs/read_write.c:652 [inline]\n __x64_sys_write+0x93/0xe0 fs/read_write.c:652\n do_syscall_64+0xd5/0x1f0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nCPU: 1 PID: 5045 Comm: syz-executor114 Not tainted 6.9.0-rc1-syzkaller-00021-g962490525cff #0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35888",
"url": "https://www.suse.com/security/cve/CVE-2024-35888"
},
{
"category": "external",
"summary": "SUSE Bug 1224518 for CVE-2024-35888",
"url": "https://bugzilla.suse.com/1224518"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-35888"
},
{
"cve": "CVE-2024-35980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35980"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: tlb: Fix TLBI RANGE operand\n\nKVM/arm64 relies on TLBI RANGE feature to flush TLBs when the dirty\npages are collected by VMM and the page table entries become write\nprotected during live migration. Unfortunately, the operand passed\nto the TLBI RANGE instruction isn\u0027t correctly sorted out due to the\ncommit 117940aa6e5f (\"KVM: arm64: Define kvm_tlb_flush_vmid_range()\").\nIt leads to crash on the destination VM after live migration because\nTLBs aren\u0027t flushed completely and some of the dirty pages are missed.\n\nFor example, I have a VM where 8GB memory is assigned, starting from\n0x40000000 (1GB). Note that the host has 4KB as the base page size.\nIn the middile of migration, kvm_tlb_flush_vmid_range() is executed\nto flush TLBs. It passes MAX_TLBI_RANGE_PAGES as the argument to\n__kvm_tlb_flush_vmid_range() and __flush_s2_tlb_range_op(). SCALE#3\nand NUM#31, corresponding to MAX_TLBI_RANGE_PAGES, isn\u0027t supported\nby __TLBI_RANGE_NUM(). In this specific case, -1 has been returned\nfrom __TLBI_RANGE_NUM() for SCALE#3/2/1/0 and rejected by the loop\nin the __flush_tlb_range_op() until the variable @scale underflows\nand becomes -9, 0xffff708000040000 is set as the operand. The operand\nis wrong since it\u0027s sorted out by __TLBI_VADDR_RANGE() according to\ninvalid @scale and @num.\n\nFix it by extending __TLBI_RANGE_NUM() to support the combination of\nSCALE#3 and NUM#31. With the changes, [-1 31] instead of [-1 30] can\nbe returned from the macro, meaning the TLBs for 0x200000 pages in the\nabove example can be flushed in one shoot with SCALE#3 and NUM#31. The\nmacro TLBI_RANGE_MASK is dropped since no one uses it any more. The\ncomments are also adjusted accordingly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35980",
"url": "https://www.suse.com/security/cve/CVE-2024-35980"
},
{
"category": "external",
"summary": "SUSE Bug 1224574 for CVE-2024-35980",
"url": "https://bugzilla.suse.com/1224574"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-35980"
},
{
"cve": "CVE-2024-36000",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36000"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: fix missing hugetlb_lock for resv uncharge\n\nThere is a recent report on UFFDIO_COPY over hugetlb:\n\nhttps://lore.kernel.org/all/000000000000ee06de0616177560@google.com/\n\n350:\tlockdep_assert_held(\u0026hugetlb_lock);\n\nShould be an issue in hugetlb but triggered in an userfault context, where\nit goes into the unlikely path where two threads modifying the resv map\ntogether. Mike has a fix in that path for resv uncharge but it looks like\nthe locking criteria was overlooked: hugetlb_cgroup_uncharge_folio_rsvd()\nwill update the cgroup pointer, so it requires to be called with the lock\nheld.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36000",
"url": "https://www.suse.com/security/cve/CVE-2024-36000"
},
{
"category": "external",
"summary": "SUSE Bug 1224548 for CVE-2024-36000",
"url": "https://bugzilla.suse.com/1224548"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-36000"
},
{
"cve": "CVE-2024-36031",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36031"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nkeys: Fix overwrite of key expiration on instantiation\n\nThe expiry time of a key is unconditionally overwritten during\ninstantiation, defaulting to turn it permanent. This causes a problem\nfor DNS resolution as the expiration set by user-space is overwritten to\nTIME64_MAX, disabling further DNS updates. Fix this by restoring the\ncondition that key_set_expiry is only called when the pre-parser sets a\nspecific expiry.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36031",
"url": "https://www.suse.com/security/cve/CVE-2024-36031"
},
{
"category": "external",
"summary": "SUSE Bug 1225713 for CVE-2024-36031",
"url": "https://bugzilla.suse.com/1225713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-36031"
},
{
"cve": "CVE-2024-36244",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36244"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: taprio: extend minimum interval restriction to entire cycle too\n\nIt is possible for syzbot to side-step the restriction imposed by the\nblamed commit in the Fixes: tag, because the taprio UAPI permits a\ncycle-time different from (and potentially shorter than) the sum of\nentry intervals.\n\nWe need one more restriction, which is that the cycle time itself must\nbe larger than N * ETH_ZLEN bit times, where N is the number of schedule\nentries. This restriction needs to apply regardless of whether the cycle\ntime came from the user or was the implicit, auto-calculated value, so\nwe move the existing \"cycle == 0\" check outside the \"if \"(!new-\u003ecycle_time)\"\nbranch. This way covers both conditions and scenarios.\n\nAdd a selftest which illustrates the issue triggered by syzbot.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36244",
"url": "https://www.suse.com/security/cve/CVE-2024-36244"
},
{
"category": "external",
"summary": "SUSE Bug 1226797 for CVE-2024-36244",
"url": "https://bugzilla.suse.com/1226797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "low"
}
],
"title": "CVE-2024-36244"
},
{
"cve": "CVE-2024-36484",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36484"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: relax socket state check at accept time.\n\nChristoph reported the following splat:\n\nWARNING: CPU: 1 PID: 772 at net/ipv4/af_inet.c:761 __inet_accept+0x1f4/0x4a0\nModules linked in:\nCPU: 1 PID: 772 Comm: syz-executor510 Not tainted 6.9.0-rc7-g7da7119fe22b #56\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014\nRIP: 0010:__inet_accept+0x1f4/0x4a0 net/ipv4/af_inet.c:759\nCode: 04 38 84 c0 0f 85 87 00 00 00 41 c7 04 24 03 00 00 00 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 ec b7 da fd \u003c0f\u003e 0b e9 7f fe ff ff e8 e0 b7 da fd 0f 0b e9 fe fe ff ff 89 d9 80\nRSP: 0018:ffffc90000c2fc58 EFLAGS: 00010293\nRAX: ffffffff836bdd14 RBX: 0000000000000000 RCX: ffff888104668000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: dffffc0000000000 R08: ffffffff836bdb89 R09: fffff52000185f64\nR10: dffffc0000000000 R11: fffff52000185f64 R12: dffffc0000000000\nR13: 1ffff92000185f98 R14: ffff88810754d880 R15: ffff8881007b7800\nFS: 000000001c772880(0000) GS:ffff88811b280000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fb9fcf2e178 CR3: 00000001045d2002 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n inet_accept+0x138/0x1d0 net/ipv4/af_inet.c:786\n do_accept+0x435/0x620 net/socket.c:1929\n __sys_accept4_file net/socket.c:1969 [inline]\n __sys_accept4+0x9b/0x110 net/socket.c:1999\n __do_sys_accept net/socket.c:2016 [inline]\n __se_sys_accept net/socket.c:2013 [inline]\n __x64_sys_accept+0x7d/0x90 net/socket.c:2013\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x58/0x100 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x4315f9\nCode: fd ff 48 81 c4 80 00 00 00 e9 f1 fe ff ff 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 0f 83 ab b4 fd ff c3 66 2e 0f 1f 84 00 00 00 00\nRSP: 002b:00007ffdb26d9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002b\nRAX: ffffffffffffffda RBX: 0000000000400300 RCX: 00000000004315f9\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004\nRBP: 00000000006e1018 R08: 0000000000400300 R09: 0000000000400300\nR10: 0000000000400300 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000040cdf0 R14: 000000000040ce80 R15: 0000000000000055\n \u003c/TASK\u003e\n\nThe reproducer invokes shutdown() before entering the listener status.\nAfter commit 94062790aedb (\"tcp: defer shutdown(SEND_SHUTDOWN) for\nTCP_SYN_RECV sockets\"), the above causes the child to reach the accept\nsyscall in FIN_WAIT1 status.\n\nEric noted we can relax the existing assertion in __inet_accept()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36484",
"url": "https://www.suse.com/security/cve/CVE-2024-36484"
},
{
"category": "external",
"summary": "SUSE Bug 1226872 for CVE-2024-36484",
"url": "https://bugzilla.suse.com/1226872"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-36484"
},
{
"cve": "CVE-2024-36883",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36883"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix out-of-bounds access in ops_init\n\nnet_alloc_generic is called by net_alloc, which is called without any\nlocking. It reads max_gen_ptrs, which is changed under pernet_ops_rwsem. It\nis read twice, first to allocate an array, then to set s.len, which is\nlater used to limit the bounds of the array access.\n\nIt is possible that the array is allocated and another thread is\nregistering a new pernet ops, increments max_gen_ptrs, which is then used\nto set s.len with a larger than allocated length for the variable array.\n\nFix it by reading max_gen_ptrs only once in net_alloc_generic. If\nmax_gen_ptrs is later incremented, it will be caught in net_assign_generic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36883",
"url": "https://www.suse.com/security/cve/CVE-2024-36883"
},
{
"category": "external",
"summary": "SUSE Bug 1225725 for CVE-2024-36883",
"url": "https://bugzilla.suse.com/1225725"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-36883"
},
{
"cve": "CVE-2024-36886",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36886"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix UAF in error path\n\nSam Page (sam4k) working with Trend Micro Zero Day Initiative reported\na UAF in the tipc_buf_append() error path:\n\nBUG: KASAN: slab-use-after-free in kfree_skb_list_reason+0x47e/0x4c0\nlinux/net/core/skbuff.c:1183\nRead of size 8 at addr ffff88804d2a7c80 by task poc/8034\n\nCPU: 1 PID: 8034 Comm: poc Not tainted 6.8.2 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.16.0-debian-1.16.0-5 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack linux/lib/dump_stack.c:88\n dump_stack_lvl+0xd9/0x1b0 linux/lib/dump_stack.c:106\n print_address_description linux/mm/kasan/report.c:377\n print_report+0xc4/0x620 linux/mm/kasan/report.c:488\n kasan_report+0xda/0x110 linux/mm/kasan/report.c:601\n kfree_skb_list_reason+0x47e/0x4c0 linux/net/core/skbuff.c:1183\n skb_release_data+0x5af/0x880 linux/net/core/skbuff.c:1026\n skb_release_all linux/net/core/skbuff.c:1094\n __kfree_skb linux/net/core/skbuff.c:1108\n kfree_skb_reason+0x12d/0x210 linux/net/core/skbuff.c:1144\n kfree_skb linux/./include/linux/skbuff.h:1244\n tipc_buf_append+0x425/0xb50 linux/net/tipc/msg.c:186\n tipc_link_input+0x224/0x7c0 linux/net/tipc/link.c:1324\n tipc_link_rcv+0x76e/0x2d70 linux/net/tipc/link.c:1824\n tipc_rcv+0x45f/0x10f0 linux/net/tipc/node.c:2159\n tipc_udp_recv+0x73b/0x8f0 linux/net/tipc/udp_media.c:390\n udp_queue_rcv_one_skb+0xad2/0x1850 linux/net/ipv4/udp.c:2108\n udp_queue_rcv_skb+0x131/0xb00 linux/net/ipv4/udp.c:2186\n udp_unicast_rcv_skb+0x165/0x3b0 linux/net/ipv4/udp.c:2346\n __udp4_lib_rcv+0x2594/0x3400 linux/net/ipv4/udp.c:2422\n ip_protocol_deliver_rcu+0x30c/0x4e0 linux/net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x2e4/0x520 linux/net/ipv4/ip_input.c:233\n NF_HOOK linux/./include/linux/netfilter.h:314\n NF_HOOK linux/./include/linux/netfilter.h:308\n ip_local_deliver+0x18e/0x1f0 linux/net/ipv4/ip_input.c:254\n dst_input linux/./include/net/dst.h:461\n ip_rcv_finish linux/net/ipv4/ip_input.c:449\n NF_HOOK linux/./include/linux/netfilter.h:314\n NF_HOOK linux/./include/linux/netfilter.h:308\n ip_rcv+0x2c5/0x5d0 linux/net/ipv4/ip_input.c:569\n __netif_receive_skb_one_core+0x199/0x1e0 linux/net/core/dev.c:5534\n __netif_receive_skb+0x1f/0x1c0 linux/net/core/dev.c:5648\n process_backlog+0x101/0x6b0 linux/net/core/dev.c:5976\n __napi_poll.constprop.0+0xba/0x550 linux/net/core/dev.c:6576\n napi_poll linux/net/core/dev.c:6645\n net_rx_action+0x95a/0xe90 linux/net/core/dev.c:6781\n __do_softirq+0x21f/0x8e7 linux/kernel/softirq.c:553\n do_softirq linux/kernel/softirq.c:454\n do_softirq+0xb2/0xf0 linux/kernel/softirq.c:441\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n __local_bh_enable_ip+0x100/0x120 linux/kernel/softirq.c:381\n local_bh_enable linux/./include/linux/bottom_half.h:33\n rcu_read_unlock_bh linux/./include/linux/rcupdate.h:851\n __dev_queue_xmit+0x871/0x3ee0 linux/net/core/dev.c:4378\n dev_queue_xmit linux/./include/linux/netdevice.h:3169\n neigh_hh_output linux/./include/net/neighbour.h:526\n neigh_output linux/./include/net/neighbour.h:540\n ip_finish_output2+0x169f/0x2550 linux/net/ipv4/ip_output.c:235\n __ip_finish_output linux/net/ipv4/ip_output.c:313\n __ip_finish_output+0x49e/0x950 linux/net/ipv4/ip_output.c:295\n ip_finish_output+0x31/0x310 linux/net/ipv4/ip_output.c:323\n NF_HOOK_COND linux/./include/linux/netfilter.h:303\n ip_output+0x13b/0x2a0 linux/net/ipv4/ip_output.c:433\n dst_output linux/./include/net/dst.h:451\n ip_local_out linux/net/ipv4/ip_output.c:129\n ip_send_skb+0x3e5/0x560 linux/net/ipv4/ip_output.c:1492\n udp_send_skb+0x73f/0x1530 linux/net/ipv4/udp.c:963\n udp_sendmsg+0x1a36/0x2b40 linux/net/ipv4/udp.c:1250\n inet_sendmsg+0x105/0x140 linux/net/ipv4/af_inet.c:850\n sock_sendmsg_nosec linux/net/socket.c:730\n __sock_sendmsg linux/net/socket.c:745\n __sys_sendto+0x42c/0x4e0 linux/net/socket.c:2191\n __do_sys_sendto linux/net/socket.c:2203\n __se_sys_sendto linux/net/socket.c:2199\n __x64_sys_sendto+0xe0/0x1c0 linux/net/socket.c:2199\n do_syscall_x64 linux/arch/x86/entry/common.c:52\n do_syscall_\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36886",
"url": "https://www.suse.com/security/cve/CVE-2024-36886"
},
{
"category": "external",
"summary": "SUSE Bug 1225730 for CVE-2024-36886",
"url": "https://bugzilla.suse.com/1225730"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-36886",
"url": "https://bugzilla.suse.com/1225742"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-36886"
},
{
"cve": "CVE-2024-36905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36905"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets\n\nTCP_SYN_RECV state is really special, it is only used by\ncross-syn connections, mostly used by fuzzers.\n\nIn the following crash [1], syzbot managed to trigger a divide\nby zero in tcp_rcv_space_adjust()\n\nA socket makes the following state transitions,\nwithout ever calling tcp_init_transfer(),\nmeaning tcp_init_buffer_space() is also not called.\n\n TCP_CLOSE\nconnect()\n TCP_SYN_SENT\n TCP_SYN_RECV\nshutdown() -\u003e tcp_shutdown(sk, SEND_SHUTDOWN)\n TCP_FIN_WAIT1\n\nTo fix this issue, change tcp_shutdown() to not\nperform a TCP_SYN_RECV -\u003e TCP_FIN_WAIT1 transition,\nwhich makes no sense anyway.\n\nWhen tcp_rcv_state_process() later changes socket state\nfrom TCP_SYN_RECV to TCP_ESTABLISH, then look at\nsk-\u003esk_shutdown to finally enter TCP_FIN_WAIT1 state,\nand send a FIN packet from a sane socket state.\n\nThis means tcp_send_fin() can now be called from BH\ncontext, and must use GFP_ATOMIC allocations.\n\n[1]\ndivide error: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 1 PID: 5084 Comm: syz-executor358 Not tainted 6.9.0-rc6-syzkaller-00022-g98369dccd2f8 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\n RIP: 0010:tcp_rcv_space_adjust+0x2df/0x890 net/ipv4/tcp_input.c:767\nCode: e3 04 4c 01 eb 48 8b 44 24 38 0f b6 04 10 84 c0 49 89 d5 0f 85 a5 03 00 00 41 8b 8e c8 09 00 00 89 e8 29 c8 48 0f af c3 31 d2 \u003c48\u003e f7 f1 48 8d 1c 43 49 8d 96 76 08 00 00 48 89 d0 48 c1 e8 03 48\nRSP: 0018:ffffc900031ef3f0 EFLAGS: 00010246\nRAX: 0c677a10441f8f42 RBX: 000000004fb95e7e RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: 0000000027d4b11f R08: ffffffff89e535a4 R09: 1ffffffff25e6ab7\nR10: dffffc0000000000 R11: ffffffff8135e920 R12: ffff88802a9f8d30\nR13: dffffc0000000000 R14: ffff88802a9f8d00 R15: 1ffff1100553f2da\nFS: 00005555775c0380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f1155bf2304 CR3: 000000002b9f2000 CR4: 0000000000350ef0\nCall Trace:\n \u003cTASK\u003e\n tcp_recvmsg_locked+0x106d/0x25a0 net/ipv4/tcp.c:2513\n tcp_recvmsg+0x25d/0x920 net/ipv4/tcp.c:2578\n inet6_recvmsg+0x16a/0x730 net/ipv6/af_inet6.c:680\n sock_recvmsg_nosec net/socket.c:1046 [inline]\n sock_recvmsg+0x109/0x280 net/socket.c:1068\n ____sys_recvmsg+0x1db/0x470 net/socket.c:2803\n ___sys_recvmsg net/socket.c:2845 [inline]\n do_recvmmsg+0x474/0xae0 net/socket.c:2939\n __sys_recvmmsg net/socket.c:3018 [inline]\n __do_sys_recvmmsg net/socket.c:3041 [inline]\n __se_sys_recvmmsg net/socket.c:3034 [inline]\n __x64_sys_recvmmsg+0x199/0x250 net/socket.c:3034\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7faeb6363db9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffcc1997168 EFLAGS: 00000246 ORIG_RAX: 000000000000012b\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007faeb6363db9\nRDX: 0000000000000001 RSI: 0000000020000bc0 RDI: 0000000000000005\nRBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000001c\nR10: 0000000000000122 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36905",
"url": "https://www.suse.com/security/cve/CVE-2024-36905"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-36905",
"url": "https://bugzilla.suse.com/1225742"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-36905"
},
{
"cve": "CVE-2024-36920",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36920"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Avoid memcpy field-spanning write WARNING\n\nWhen the \"storcli2 show\" command is executed for eHBA-9600, mpi3mr driver\nprints this WARNING message:\n\n memcpy: detected field-spanning write (size 128) of single field \"bsg_reply_buf-\u003ereply_buf\" at drivers/scsi/mpi3mr/mpi3mr_app.c:1658 (size 1)\n WARNING: CPU: 0 PID: 12760 at drivers/scsi/mpi3mr/mpi3mr_app.c:1658 mpi3mr_bsg_request+0x6b12/0x7f10 [mpi3mr]\n\nThe cause of the WARN is 128 bytes memcpy to the 1 byte size array \"__u8\nreplay_buf[1]\" in the struct mpi3mr_bsg_in_reply_buf. The array is intended\nto be a flexible length array, so the WARN is a false positive.\n\nTo suppress the WARN, remove the constant number \u00271\u0027 from the array\ndeclaration and clarify that it has flexible length. Also, adjust the\nmemory allocation size to match the change.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36920",
"url": "https://www.suse.com/security/cve/CVE-2024-36920"
},
{
"category": "external",
"summary": "SUSE Bug 1225768 for CVE-2024-36920",
"url": "https://bugzilla.suse.com/1225768"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-36920"
},
{
"cve": "CVE-2024-36927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36927"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: Fix uninit-value access in __ip_make_skb()\n\nKMSAN reported uninit-value access in __ip_make_skb() [1]. __ip_make_skb()\ntests HDRINCL to know if the skb has icmphdr. However, HDRINCL can cause a\nrace condition. If calling setsockopt(2) with IP_HDRINCL changes HDRINCL\nwhile __ip_make_skb() is running, the function will access icmphdr in the\nskb even if it is not included. This causes the issue reported by KMSAN.\n\nCheck FLOWI_FLAG_KNOWN_NH on fl4-\u003eflowi4_flags instead of testing HDRINCL\non the socket.\n\nAlso, fl4-\u003efl4_icmp_type and fl4-\u003efl4_icmp_code are not initialized. These\nare union in struct flowi4 and are implicitly initialized by\nflowi4_init_output(), but we should not rely on specific union layout.\n\nInitialize these explicitly in raw_sendmsg().\n\n[1]\nBUG: KMSAN: uninit-value in __ip_make_skb+0x2b74/0x2d20 net/ipv4/ip_output.c:1481\n __ip_make_skb+0x2b74/0x2d20 net/ipv4/ip_output.c:1481\n ip_finish_skb include/net/ip.h:243 [inline]\n ip_push_pending_frames+0x4c/0x5c0 net/ipv4/ip_output.c:1508\n raw_sendmsg+0x2381/0x2690 net/ipv4/raw.c:654\n inet_sendmsg+0x27b/0x2a0 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x274/0x3c0 net/socket.c:745\n __sys_sendto+0x62c/0x7b0 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x130/0x200 net/socket.c:2199\n do_syscall_64+0xd8/0x1f0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3804 [inline]\n slab_alloc_node mm/slub.c:3845 [inline]\n kmem_cache_alloc_node+0x5f6/0xc50 mm/slub.c:3888\n kmalloc_reserve+0x13c/0x4a0 net/core/skbuff.c:577\n __alloc_skb+0x35a/0x7c0 net/core/skbuff.c:668\n alloc_skb include/linux/skbuff.h:1318 [inline]\n __ip_append_data+0x49ab/0x68c0 net/ipv4/ip_output.c:1128\n ip_append_data+0x1e7/0x260 net/ipv4/ip_output.c:1365\n raw_sendmsg+0x22b1/0x2690 net/ipv4/raw.c:648\n inet_sendmsg+0x27b/0x2a0 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x274/0x3c0 net/socket.c:745\n __sys_sendto+0x62c/0x7b0 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x130/0x200 net/socket.c:2199\n do_syscall_64+0xd8/0x1f0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nCPU: 1 PID: 15709 Comm: syz-executor.7 Not tainted 6.8.0-11567-gb3603fcb79b1 #25\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-1.fc39 04/01/2014",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36927",
"url": "https://www.suse.com/security/cve/CVE-2024-36927"
},
{
"category": "external",
"summary": "SUSE Bug 1225813 for CVE-2024-36927",
"url": "https://bugzilla.suse.com/1225813"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-36927"
},
{
"cve": "CVE-2024-36954",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36954"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix a possible memleak in tipc_buf_append\n\n__skb_linearize() doesn\u0027t free the skb when it fails, so move\n\u0027*buf = NULL\u0027 after __skb_linearize(), so that the skb can be\nfreed on the err path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36954",
"url": "https://www.suse.com/security/cve/CVE-2024-36954"
},
{
"category": "external",
"summary": "SUSE Bug 1225764 for CVE-2024-36954",
"url": "https://bugzilla.suse.com/1225764"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-36954"
},
{
"cve": "CVE-2024-36968",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36968"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()\n\nl2cap_le_flowctl_init() can cause both div-by-zero and an integer\noverflow since hdev-\u003ele_mtu may not fall in the valid range.\n\nMove MTU from hci_dev to hci_conn to validate MTU and stop the connection\nprocess earlier if MTU is invalid.\nAlso, add a missing validation in read_buffer_size() and make it return\nan error value if the validation fails.\nNow hci_conn_add() returns ERR_PTR() as it can fail due to the both a\nkzalloc failure and invalid MTU value.\n\ndivide error: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 0 PID: 67 Comm: kworker/u5:0 Tainted: G W 6.9.0-rc5+ #20\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nWorkqueue: hci0 hci_rx_work\nRIP: 0010:l2cap_le_flowctl_init+0x19e/0x3f0 net/bluetooth/l2cap_core.c:547\nCode: e8 17 17 0c 00 66 41 89 9f 84 00 00 00 bf 01 00 00 00 41 b8 02 00 00 00 4c\n89 fe 4c 89 e2 89 d9 e8 27 17 0c 00 44 89 f0 31 d2 \u003c66\u003e f7 f3 89 c3 ff c3 4d 8d\nb7 88 00 00 00 4c 89 f0 48 c1 e8 03 42\nRSP: 0018:ffff88810bc0f858 EFLAGS: 00010246\nRAX: 00000000000002a0 RBX: 0000000000000000 RCX: dffffc0000000000\nRDX: 0000000000000000 RSI: ffff88810bc0f7c0 RDI: ffffc90002dcb66f\nRBP: ffff88810bc0f880 R08: aa69db2dda70ff01 R09: 0000ffaaaaaaaaaa\nR10: 0084000000ffaaaa R11: 0000000000000000 R12: ffff88810d65a084\nR13: dffffc0000000000 R14: 00000000000002a0 R15: ffff88810d65a000\nFS: 0000000000000000(0000) GS:ffff88811ac00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020000100 CR3: 0000000103268003 CR4: 0000000000770ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n l2cap_le_connect_req net/bluetooth/l2cap_core.c:4902 [inline]\n l2cap_le_sig_cmd net/bluetooth/l2cap_core.c:5420 [inline]\n l2cap_le_sig_channel net/bluetooth/l2cap_core.c:5486 [inline]\n l2cap_recv_frame+0xe59d/0x11710 net/bluetooth/l2cap_core.c:6809\n l2cap_recv_acldata+0x544/0x10a0 net/bluetooth/l2cap_core.c:7506\n hci_acldata_packet net/bluetooth/hci_core.c:3939 [inline]\n hci_rx_work+0x5e5/0xb20 net/bluetooth/hci_core.c:4176\n process_one_work kernel/workqueue.c:3254 [inline]\n process_scheduled_works+0x90f/0x1530 kernel/workqueue.c:3335\n worker_thread+0x926/0xe70 kernel/workqueue.c:3416\n kthread+0x2e3/0x380 kernel/kthread.c:388\n ret_from_fork+0x5c/0x90 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\nModules linked in:\n---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36968",
"url": "https://www.suse.com/security/cve/CVE-2024-36968"
},
{
"category": "external",
"summary": "SUSE Bug 1226130 for CVE-2024-36968",
"url": "https://bugzilla.suse.com/1226130"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-36968"
},
{
"cve": "CVE-2024-38576",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38576"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu: Fix buffer overflow in print_cpu_stall_info()\n\nThe rcuc-starvation output from print_cpu_stall_info() might overflow the\nbuffer if there is a huge difference in jiffies difference. The situation\nmight seem improbable, but computers sometimes get very confused about\ntime, which can result in full-sized integers, and, in this case,\nbuffer overflow.\n\nAlso, the unsigned jiffies difference is printed using %ld, which is\nnormally for signed integers. This is intentional for debugging purposes,\nbut it is not obvious from the code.\n\nThis commit therefore changes sprintf() to snprintf() and adds a\nclarifying comment about intention of %ld format.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38576",
"url": "https://www.suse.com/security/cve/CVE-2024-38576"
},
{
"category": "external",
"summary": "SUSE Bug 1226623 for CVE-2024-38576",
"url": "https://bugzilla.suse.com/1226623"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-38576"
},
{
"cve": "CVE-2024-38577",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38577"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow\n\nThere is a possibility of buffer overflow in\nshow_rcu_tasks_trace_gp_kthread() if counters, passed\nto sprintf() are huge. Counter numbers, needed for this\nare unrealistically high, but buffer overflow is still\npossible.\n\nUse snprintf() with buffer size instead of sprintf().\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38577",
"url": "https://www.suse.com/security/cve/CVE-2024-38577"
},
{
"category": "external",
"summary": "SUSE Bug 1226631 for CVE-2024-38577",
"url": "https://bugzilla.suse.com/1226631"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-38577"
},
{
"cve": "CVE-2024-38589",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38589"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetrom: fix possible dead-lock in nr_rt_ioctl()\n\nsyzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1]\n\nMake sure we always acquire nr_node_list_lock before nr_node_lock(nr_node)\n\n[1]\nWARNING: possible circular locking dependency detected\n6.9.0-rc7-syzkaller-02147-g654de42f3fc6 #0 Not tainted\n------------------------------------------------------\nsyz-executor350/5129 is trying to acquire lock:\n ffff8880186e2070 (\u0026nr_node-\u003enode_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n ffff8880186e2070 (\u0026nr_node-\u003enode_lock){+...}-{2:2}, at: nr_node_lock include/net/netrom.h:152 [inline]\n ffff8880186e2070 (\u0026nr_node-\u003enode_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:464 [inline]\n ffff8880186e2070 (\u0026nr_node-\u003enode_lock){+...}-{2:2}, at: nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697\n\nbut task is already holding lock:\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_rt_ioctl+0x10a/0x1090 net/netrom/nr_route.c:697\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-\u003e #1 (nr_node_list_lock){+...}-{2:2}:\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754\n __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\n _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178\n spin_lock_bh include/linux/spinlock.h:356 [inline]\n nr_remove_node net/netrom/nr_route.c:299 [inline]\n nr_del_node+0x4b4/0x820 net/netrom/nr_route.c:355\n nr_rt_ioctl+0xa95/0x1090 net/netrom/nr_route.c:683\n sock_do_ioctl+0x158/0x460 net/socket.c:1222\n sock_ioctl+0x629/0x8e0 net/socket.c:1341\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:904 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n-\u003e #0 (\u0026nr_node-\u003enode_lock){+...}-{2:2}:\n check_prev_add kernel/locking/lockdep.c:3134 [inline]\n check_prevs_add kernel/locking/lockdep.c:3253 [inline]\n validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869\n __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754\n __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\n _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178\n spin_lock_bh include/linux/spinlock.h:356 [inline]\n nr_node_lock include/net/netrom.h:152 [inline]\n nr_dec_obs net/netrom/nr_route.c:464 [inline]\n nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697\n sock_do_ioctl+0x158/0x460 net/socket.c:1222\n sock_ioctl+0x629/0x8e0 net/socket.c:1341\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:904 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nother info that might help us debug this:\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(nr_node_list_lock);\n lock(\u0026nr_node-\u003enode_lock);\n lock(nr_node_list_lock);\n lock(\u0026nr_node-\u003enode_lock);\n\n *** DEADLOCK ***\n\n1 lock held by syz-executor350/5129:\n #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]\n #0: ffffffff8f70\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38589",
"url": "https://www.suse.com/security/cve/CVE-2024-38589"
},
{
"category": "external",
"summary": "SUSE Bug 1226748 for CVE-2024-38589",
"url": "https://bugzilla.suse.com/1226748"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-38589"
},
{
"cve": "CVE-2024-38599",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38599"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njffs2: prevent xattr node from overflowing the eraseblock\n\nAdd a check to make sure that the requested xattr node size is no larger\nthan the eraseblock minus the cleanmarker.\n\nUnlike the usual inode nodes, the xattr nodes aren\u0027t split into parts\nand spread across multiple eraseblocks, which means that a xattr node\nmust not occupy more than one eraseblock. If the requested xattr value is\ntoo large, the xattr node can spill onto the next eraseblock, overwriting\nthe nodes and causing errors such as:\n\njffs2: argh. node added in wrong place at 0x0000b050(2)\njffs2: nextblock 0x0000a000, expected at 0000b00c\njffs2: error: (823) do_verify_xattr_datum: node CRC failed at 0x01e050,\nread=0xfc892c93, calc=0x000000\njffs2: notice: (823) jffs2_get_inode_nodes: Node header CRC failed\nat 0x01e00c. {848f,2fc4,0fef511f,59a3d171}\njffs2: Node at 0x0000000c with length 0x00001044 would run over the\nend of the erase block\njffs2: Perhaps the file system was created with the wrong erase size?\njffs2: jffs2_scan_eraseblock(): Magic bitmask 0x1985 not found\nat 0x00000010: 0x1044 instead\n\nThis breaks the filesystem and can lead to KASAN crashes such as:\n\nBUG: KASAN: slab-out-of-bounds in jffs2_sum_add_kvec+0x125e/0x15d0\nRead of size 4 at addr ffff88802c31e914 by task repro/830\nCPU: 0 PID: 830 Comm: repro Not tainted 6.9.0-rc3+ #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS Arch Linux 1.16.3-1-1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xc6/0x120\n print_report+0xc4/0x620\n ? __virt_addr_valid+0x308/0x5b0\n kasan_report+0xc1/0xf0\n ? jffs2_sum_add_kvec+0x125e/0x15d0\n ? jffs2_sum_add_kvec+0x125e/0x15d0\n jffs2_sum_add_kvec+0x125e/0x15d0\n jffs2_flash_direct_writev+0xa8/0xd0\n jffs2_flash_writev+0x9c9/0xef0\n ? __x64_sys_setxattr+0xc4/0x160\n ? do_syscall_64+0x69/0x140\n ? entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [...]\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38599",
"url": "https://www.suse.com/security/cve/CVE-2024-38599"
},
{
"category": "external",
"summary": "SUSE Bug 1223384 for CVE-2024-38599",
"url": "https://bugzilla.suse.com/1223384"
},
{
"category": "external",
"summary": "SUSE Bug 1226848 for CVE-2024-38599",
"url": "https://bugzilla.suse.com/1226848"
},
{
"category": "external",
"summary": "SUSE Bug 1227283 for CVE-2024-38599",
"url": "https://bugzilla.suse.com/1227283"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-38599"
},
{
"cve": "CVE-2024-40914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40914"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/huge_memory: don\u0027t unpoison huge_zero_folio\n\nWhen I did memory failure tests recently, below panic occurs:\n\n kernel BUG at include/linux/mm.h:1135!\n invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 9 PID: 137 Comm: kswapd1 Not tainted 6.9.0-rc4-00491-gd5ce28f156fe-dirty #14\n RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0\n RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246\n RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8\n RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0\n RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492\n R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000\n R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00\n FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0\n Call Trace:\n \u003cTASK\u003e\n do_shrink_slab+0x14f/0x6a0\n shrink_slab+0xca/0x8c0\n shrink_node+0x2d0/0x7d0\n balance_pgdat+0x33a/0x720\n kswapd+0x1f3/0x410\n kthread+0xd5/0x100\n ret_from_fork+0x2f/0x50\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n Modules linked in: mce_inject hwpoison_inject\n ---[ end trace 0000000000000000 ]---\n RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0\n RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246\n RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8\n RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0\n RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492\n R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000\n R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00\n FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0\n\nThe root cause is that HWPoison flag will be set for huge_zero_folio\nwithout increasing the folio refcnt. But then unpoison_memory() will\ndecrease the folio refcnt unexpectedly as it appears like a successfully\nhwpoisoned folio leading to VM_BUG_ON_PAGE(page_ref_count(page) == 0) when\nreleasing huge_zero_folio.\n\nSkip unpoisoning huge_zero_folio in unpoison_memory() to fix this issue. \nWe\u0027re not prepared to unpoison huge_zero_folio yet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40914",
"url": "https://www.suse.com/security/cve/CVE-2024-40914"
},
{
"category": "external",
"summary": "SUSE Bug 1227842 for CVE-2024-40914",
"url": "https://bugzilla.suse.com/1227842"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-40914"
},
{
"cve": "CVE-2024-41016",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41016"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()\n\nxattr in ocfs2 maybe \u0027non-indexed\u0027, which saved with additional space\nrequested. It\u0027s better to check if the memory is out of bound before\nmemcmp, although this possibility mainly comes from crafted poisonous\nimages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41016",
"url": "https://www.suse.com/security/cve/CVE-2024-41016"
},
{
"category": "external",
"summary": "SUSE Bug 1228410 for CVE-2024-41016",
"url": "https://bugzilla.suse.com/1228410"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-41016"
},
{
"cve": "CVE-2024-41023",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41023"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/deadline: Fix task_struct reference leak\n\nDuring the execution of the following stress test with linux-rt:\n\nstress-ng --cyclic 30 --timeout 30 --minimize --quiet\n\nkmemleak frequently reported a memory leak concerning the task_struct:\n\nunreferenced object 0xffff8881305b8000 (size 16136):\n comm \"stress-ng\", pid 614, jiffies 4294883961 (age 286.412s)\n object hex dump (first 32 bytes):\n 02 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .@..............\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n debug hex dump (first 16 bytes):\n 53 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 S...............\n backtrace:\n [\u003c00000000046b6790\u003e] dup_task_struct+0x30/0x540\n [\u003c00000000c5ca0f0b\u003e] copy_process+0x3d9/0x50e0\n [\u003c00000000ced59777\u003e] kernel_clone+0xb0/0x770\n [\u003c00000000a50befdc\u003e] __do_sys_clone+0xb6/0xf0\n [\u003c000000001dbf2008\u003e] do_syscall_64+0x5d/0xf0\n [\u003c00000000552900ff\u003e] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\nThe issue occurs in start_dl_timer(), which increments the task_struct\nreference count and sets a timer. The timer callback, dl_task_timer,\nis supposed to decrement the reference count upon expiration. However,\nif enqueue_task_dl() is called before the timer expires and cancels it,\nthe reference count is not decremented, leading to the leak.\n\nThis patch fixes the reference leak by ensuring the task_struct\nreference count is properly decremented when the timer is canceled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41023",
"url": "https://www.suse.com/security/cve/CVE-2024-41023"
},
{
"category": "external",
"summary": "SUSE Bug 1228430 for CVE-2024-41023",
"url": "https://bugzilla.suse.com/1228430"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-41023"
},
{
"cve": "CVE-2024-41031",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41031"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/filemap: skip to create PMD-sized page cache if needed\n\nOn ARM64, HPAGE_PMD_ORDER is 13 when the base page size is 64KB. The\nPMD-sized page cache can\u0027t be supported by xarray as the following error\nmessages indicate.\n\n------------[ cut here ]------------\nWARNING: CPU: 35 PID: 7484 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128\nModules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib \\\nnft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct \\\nnft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 \\\nip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm \\\nfuse xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 \\\nsha1_ce virtio_net net_failover virtio_console virtio_blk failover \\\ndimlib virtio_mmio\nCPU: 35 PID: 7484 Comm: test Kdump: loaded Tainted: G W 6.10.0-rc5-gavin+ #9\nHardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024\npstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\npc : xas_split_alloc+0xf8/0x128\nlr : split_huge_page_to_list_to_order+0x1c4/0x720\nsp : ffff800087a4f6c0\nx29: ffff800087a4f6c0 x28: ffff800087a4f720 x27: 000000001fffffff\nx26: 0000000000000c40 x25: 000000000000000d x24: ffff00010625b858\nx23: ffff800087a4f720 x22: ffffffdfc0780000 x21: 0000000000000000\nx20: 0000000000000000 x19: ffffffdfc0780000 x18: 000000001ff40000\nx17: 00000000ffffffff x16: 0000018000000000 x15: 51ec004000000000\nx14: 0000e00000000000 x13: 0000000000002000 x12: 0000000000000020\nx11: 51ec000000000000 x10: 51ece1c0ffff8000 x9 : ffffbeb961a44d28\nx8 : 0000000000000003 x7 : ffffffdfc0456420 x6 : ffff0000e1aa6eb8\nx5 : 20bf08b4fe778fca x4 : ffffffdfc0456420 x3 : 0000000000000c40\nx2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000\nCall trace:\n xas_split_alloc+0xf8/0x128\n split_huge_page_to_list_to_order+0x1c4/0x720\n truncate_inode_partial_folio+0xdc/0x160\n truncate_inode_pages_range+0x1b4/0x4a8\n truncate_pagecache_range+0x84/0xa0\n xfs_flush_unmap_range+0x70/0x90 [xfs]\n xfs_file_fallocate+0xfc/0x4d8 [xfs]\n vfs_fallocate+0x124/0x2e8\n ksys_fallocate+0x4c/0xa0\n __arm64_sys_fallocate+0x24/0x38\n invoke_syscall.constprop.0+0x7c/0xd8\n do_el0_svc+0xb4/0xd0\n el0_svc+0x44/0x1d8\n el0t_64_sync_handler+0x134/0x150\n el0t_64_sync+0x17c/0x180\n\nFix it by skipping to allocate PMD-sized page cache when its size is\nlarger than MAX_PAGECACHE_ORDER. For this specific case, we will fall to\nregular path where the readahead window is determined by BDI\u0027s sysfs file\n(read_ahead_kb).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41031",
"url": "https://www.suse.com/security/cve/CVE-2024-41031"
},
{
"category": "external",
"summary": "SUSE Bug 1228454 for CVE-2024-41031",
"url": "https://bugzilla.suse.com/1228454"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "low"
}
],
"title": "CVE-2024-41031"
},
{
"cve": "CVE-2024-41047",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41047"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Fix XDP program unloading while removing the driver\n\nThe commit 6533e558c650 (\"i40e: Fix reset path while removing\nthe driver\") introduced a new PF state \"__I40E_IN_REMOVE\" to block\nmodifying the XDP program while the driver is being removed.\nUnfortunately, such a change is useful only if the \".ndo_bpf()\"\ncallback was called out of the rmmod context because unloading the\nexisting XDP program is also a part of driver removing procedure.\nIn other words, from the rmmod context the driver is expected to\nunload the XDP program without reporting any errors. Otherwise,\nthe kernel warning with callstack is printed out to dmesg.\n\nExample failing scenario:\n 1. Load the i40e driver.\n 2. Load the XDP program.\n 3. Unload the i40e driver (using \"rmmod\" command).\n\nThe example kernel warning log:\n\n[ +0.004646] WARNING: CPU: 94 PID: 10395 at net/core/dev.c:9290 unregister_netdevice_many_notify+0x7a9/0x870\n[...]\n[ +0.010959] RIP: 0010:unregister_netdevice_many_notify+0x7a9/0x870\n[...]\n[ +0.002726] Call Trace:\n[ +0.002457] \u003cTASK\u003e\n[ +0.002119] ? __warn+0x80/0x120\n[ +0.003245] ? unregister_netdevice_many_notify+0x7a9/0x870\n[ +0.005586] ? report_bug+0x164/0x190\n[ +0.003678] ? handle_bug+0x3c/0x80\n[ +0.003503] ? exc_invalid_op+0x17/0x70\n[ +0.003846] ? asm_exc_invalid_op+0x1a/0x20\n[ +0.004200] ? unregister_netdevice_many_notify+0x7a9/0x870\n[ +0.005579] ? unregister_netdevice_many_notify+0x3cc/0x870\n[ +0.005586] unregister_netdevice_queue+0xf7/0x140\n[ +0.004806] unregister_netdev+0x1c/0x30\n[ +0.003933] i40e_vsi_release+0x87/0x2f0 [i40e]\n[ +0.004604] i40e_remove+0x1a1/0x420 [i40e]\n[ +0.004220] pci_device_remove+0x3f/0xb0\n[ +0.003943] device_release_driver_internal+0x19f/0x200\n[ +0.005243] driver_detach+0x48/0x90\n[ +0.003586] bus_remove_driver+0x6d/0xf0\n[ +0.003939] pci_unregister_driver+0x2e/0xb0\n[ +0.004278] i40e_exit_module+0x10/0x5f0 [i40e]\n[ +0.004570] __do_sys_delete_module.isra.0+0x197/0x310\n[ +0.005153] do_syscall_64+0x85/0x170\n[ +0.003684] ? syscall_exit_to_user_mode+0x69/0x220\n[ +0.004886] ? do_syscall_64+0x95/0x170\n[ +0.003851] ? exc_page_fault+0x7e/0x180\n[ +0.003932] entry_SYSCALL_64_after_hwframe+0x71/0x79\n[ +0.005064] RIP: 0033:0x7f59dc9347cb\n[ +0.003648] Code: 73 01 c3 48 8b 0d 65 16 0c 00 f7 d8 64 89 01 48 83\nc8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 b0 00 00 00 0f\n05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 35 16 0c 00 f7 d8 64 89 01 48\n[ +0.018753] RSP: 002b:00007ffffac99048 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0\n[ +0.007577] RAX: ffffffffffffffda RBX: 0000559b9bb2f6e0 RCX: 00007f59dc9347cb\n[ +0.007140] RDX: 0000000000000000 RSI: 0000000000000800 RDI: 0000559b9bb2f748\n[ +0.007146] RBP: 00007ffffac99070 R08: 1999999999999999 R09: 0000000000000000\n[ +0.007133] R10: 00007f59dc9a5ac0 R11: 0000000000000206 R12: 0000000000000000\n[ +0.007141] R13: 00007ffffac992d8 R14: 0000559b9bb2f6e0 R15: 0000000000000000\n[ +0.007151] \u003c/TASK\u003e\n[ +0.002204] ---[ end trace 0000000000000000 ]---\n\nFix this by checking if the XDP program is being loaded or unloaded.\nThen, block only loading a new program while \"__I40E_IN_REMOVE\" is set.\nAlso, move testing \"__I40E_IN_REMOVE\" flag to the beginning of XDP_SETUP\ncallback to avoid unnecessary operations and checks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41047",
"url": "https://www.suse.com/security/cve/CVE-2024-41047"
},
{
"category": "external",
"summary": "SUSE Bug 1228537 for CVE-2024-41047",
"url": "https://bugzilla.suse.com/1228537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-41047"
},
{
"cve": "CVE-2024-41082",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41082"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-fabrics: use reserved tag for reg read/write command\n\nIn some scenarios, if too many commands are issued by nvme command in\nthe same time by user tasks, this may exhaust all tags of admin_q. If\na reset (nvme reset or IO timeout) occurs before these commands finish,\nreconnect routine may fail to update nvme regs due to insufficient tags,\nwhich will cause kernel hang forever. In order to workaround this issue,\nmaybe we can let reg_read32()/reg_read64()/reg_write32() use reserved\ntags. This maybe safe for nvmf:\n\n1. For the disable ctrl path, we will not issue connect command\n2. For the enable ctrl / fw activate path, since connect and reg_xx()\n are called serially.\n\nSo the reserved tags may still be enough while reg_xx() use reserved tags.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41082",
"url": "https://www.suse.com/security/cve/CVE-2024-41082"
},
{
"category": "external",
"summary": "SUSE Bug 1228620 for CVE-2024-41082",
"url": "https://bugzilla.suse.com/1228620"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-41082"
},
{
"cve": "CVE-2024-42102",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42102"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again\"\n\nPatch series \"mm: Avoid possible overflows in dirty throttling\".\n\nDirty throttling logic assumes dirty limits in page units fit into\n32-bits. This patch series makes sure this is true (see patch 2/2 for\nmore details).\n\n\nThis patch (of 2):\n\nThis reverts commit 9319b647902cbd5cc884ac08a8a6d54ce111fc78.\n\nThe commit is broken in several ways. Firstly, the removed (u64) cast\nfrom the multiplication will introduce a multiplication overflow on 32-bit\narchs if wb_thresh * bg_thresh \u003e= 1\u003c\u003c32 (which is actually common - the\ndefault settings with 4GB of RAM will trigger this). Secondly, the\ndiv64_u64() is unnecessarily expensive on 32-bit archs. We have\ndiv64_ul() in case we want to be safe \u0026 cheap. Thirdly, if dirty\nthresholds are larger than 1\u003c\u003c32 pages, then dirty balancing is going to\nblow up in many other spectacular ways anyway so trying to fix one\npossible overflow is just moot.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42102",
"url": "https://www.suse.com/security/cve/CVE-2024-42102"
},
{
"category": "external",
"summary": "SUSE Bug 1222364 for CVE-2024-42102",
"url": "https://bugzilla.suse.com/1222364"
},
{
"category": "external",
"summary": "SUSE Bug 1233132 for CVE-2024-42102",
"url": "https://bugzilla.suse.com/1233132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-42102"
},
{
"cve": "CVE-2024-42145",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42145"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/core: Implement a limit on UMAD receive List\n\nThe existing behavior of ib_umad, which maintains received MAD\npackets in an unbounded list, poses a risk of uncontrolled growth.\nAs user-space applications extract packets from this list, the rate\nof extraction may not match the rate of incoming packets, leading\nto potential list overflow.\n\nTo address this, we introduce a limit to the size of the list. After\nconsidering typical scenarios, such as OpenSM processing, which can\nhandle approximately 100k packets per second, and the 1-second retry\ntimeout for most packets, we set the list size limit to 200k. Packets\nreceived beyond this limit are dropped, assuming they are likely timed\nout by the time they are handled by user-space.\n\nNotably, packets queued on the receive list due to reasons like\ntimed-out sends are preserved even when the list is full.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42145",
"url": "https://www.suse.com/security/cve/CVE-2024-42145"
},
{
"category": "external",
"summary": "SUSE Bug 1223384 for CVE-2024-42145",
"url": "https://bugzilla.suse.com/1223384"
},
{
"category": "external",
"summary": "SUSE Bug 1228743 for CVE-2024-42145",
"url": "https://bugzilla.suse.com/1228743"
},
{
"category": "external",
"summary": "SUSE Bug 1228744 for CVE-2024-42145",
"url": "https://bugzilla.suse.com/1228744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-42145"
},
{
"cve": "CVE-2024-44932",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44932"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix UAFs when destroying the queues\n\nThe second tagged commit started sometimes (very rarely, but possible)\nthrowing WARNs from\nnet/core/page_pool.c:page_pool_disable_direct_recycling().\nTurned out idpf frees interrupt vectors with embedded NAPIs *before*\nfreeing the queues making page_pools\u0027 NAPI pointers lead to freed\nmemory before these pools are destroyed by libeth.\nIt\u0027s not clear whether there are other accesses to the freed vectors\nwhen destroying the queues, but anyway, we usually free queue/interrupt\nvectors only when the queues are destroyed and the NAPIs are guaranteed\nto not be referenced anywhere.\n\nInvert the allocation and freeing logic making queue/interrupt vectors\nbe allocated first and freed last. Vectors don\u0027t require queues to be\npresent, so this is safe. Additionally, this change allows to remove\nthat useless queue-\u003eq_vector pointer cleanup, as vectors are still\nvalid when freeing the queues (+ both are freed within one function,\nso it\u0027s not clear why nullify the pointers at all).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44932",
"url": "https://www.suse.com/security/cve/CVE-2024-44932"
},
{
"category": "external",
"summary": "SUSE Bug 1229808 for CVE-2024-44932",
"url": "https://bugzilla.suse.com/1229808"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-44932"
},
{
"cve": "CVE-2024-44958",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44958"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/smt: Fix unbalance sched_smt_present dec/inc\n\nI got the following warn report while doing stress test:\n\njump label: negative count!\nWARNING: CPU: 3 PID: 38 at kernel/jump_label.c:263 static_key_slow_try_dec+0x9d/0xb0\nCall Trace:\n \u003cTASK\u003e\n __static_key_slow_dec_cpuslocked+0x16/0x70\n sched_cpu_deactivate+0x26e/0x2a0\n cpuhp_invoke_callback+0x3ad/0x10d0\n cpuhp_thread_fun+0x3f5/0x680\n smpboot_thread_fn+0x56d/0x8d0\n kthread+0x309/0x400\n ret_from_fork+0x41/0x70\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e\n\nBecause when cpuset_cpu_inactive() fails in sched_cpu_deactivate(),\nthe cpu offline failed, but sched_smt_present is decremented before\ncalling sched_cpu_deactivate(), it leads to unbalanced dec/inc, so\nfix it by incrementing sched_smt_present in the error path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44958",
"url": "https://www.suse.com/security/cve/CVE-2024-44958"
},
{
"category": "external",
"summary": "SUSE Bug 1230179 for CVE-2024-44958",
"url": "https://bugzilla.suse.com/1230179"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-44958"
},
{
"cve": "CVE-2024-44964",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44964"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix memory leaks and crashes while performing a soft reset\n\nThe second tagged commit introduced a UAF, as it removed restoring\nq_vector-\u003evport pointers after reinitializating the structures.\nThis is due to that all queue allocation functions are performed here\nwith the new temporary vport structure and those functions rewrite\nthe backpointers to the vport. Then, this new struct is freed and\nthe pointers start leading to nowhere.\n\nBut generally speaking, the current logic is very fragile. It claims\nto be more reliable when the system is low on memory, but in fact, it\nconsumes two times more memory as at the moment of running this\nfunction, there are two vports allocated with their queues and vectors.\nMoreover, it claims to prevent the driver from running into \"bad state\",\nbut in fact, any error during the rebuild leaves the old vport in the\npartially allocated state.\nFinally, if the interface is down when the function is called, it always\nallocates a new queue set, but when the user decides to enable the\ninterface later on, vport_open() allocates them once again, IOW there\u0027s\na clear memory leak here.\n\nJust don\u0027t allocate a new queue set when performing a reset, that solves\ncrashes and memory leaks. Readd the old queue number and reopen the\ninterface on rollback - that solves limbo states when the device is left\ndisabled and/or without HW queues enabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44964",
"url": "https://www.suse.com/security/cve/CVE-2024-44964"
},
{
"category": "external",
"summary": "SUSE Bug 1230220 for CVE-2024-44964",
"url": "https://bugzilla.suse.com/1230220"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-44964"
},
{
"cve": "CVE-2024-44995",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44995"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix a deadlock problem when config TC during resetting\n\nWhen config TC during the reset process, may cause a deadlock, the flow is\nas below:\n pf reset start\n |\n v\n ......\nsetup tc |\n | v\n v DOWN: napi_disable()\nnapi_disable()(skip) |\n | |\n v v\n ...... ......\n | |\n v |\nnapi_enable() |\n v\n UINIT: netif_napi_del()\n |\n v\n ......\n |\n v\n INIT: netif_napi_add()\n |\n v\n ...... global reset start\n | |\n v v\n UP: napi_enable()(skip) ......\n | |\n v v\n ...... napi_disable()\n\nIn reset process, the driver will DOWN the port and then UINIT, in this\ncase, the setup tc process will UP the port before UINIT, so cause the\nproblem. Adds a DOWN process in UINIT to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44995",
"url": "https://www.suse.com/security/cve/CVE-2024-44995"
},
{
"category": "external",
"summary": "SUSE Bug 1230231 for CVE-2024-44995",
"url": "https://bugzilla.suse.com/1230231"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-44995"
},
{
"cve": "CVE-2024-45016",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45016"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetem: fix return value if duplicate enqueue fails\n\nThere is a bug in netem_enqueue() introduced by\ncommit 5845f706388a (\"net: netem: fix skb length BUG_ON in __skb_to_sgvec\")\nthat can lead to a use-after-free.\n\nThis commit made netem_enqueue() always return NET_XMIT_SUCCESS\nwhen a packet is duplicated, which can cause the parent qdisc\u0027s q.qlen\nto be mistakenly incremented. When this happens qlen_notify() may be\nskipped on the parent during destruction, leaving a dangling pointer\nfor some classful qdiscs like DRR.\n\nThere are two ways for the bug happen:\n\n- If the duplicated packet is dropped by rootq-\u003eenqueue() and then\n the original packet is also dropped.\n- If rootq-\u003eenqueue() sends the duplicated packet to a different qdisc\n and the original packet is dropped.\n\nIn both cases NET_XMIT_SUCCESS is returned even though no packets\nare enqueued at the netem qdisc.\n\nThe fix is to defer the enqueue of the duplicate packet until after\nthe original packet has been guaranteed to return NET_XMIT_SUCCESS.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45016",
"url": "https://www.suse.com/security/cve/CVE-2024-45016"
},
{
"category": "external",
"summary": "SUSE Bug 1230429 for CVE-2024-45016",
"url": "https://bugzilla.suse.com/1230429"
},
{
"category": "external",
"summary": "SUSE Bug 1230998 for CVE-2024-45016",
"url": "https://bugzilla.suse.com/1230998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-45016"
},
{
"cve": "CVE-2024-45025",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45025"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE\n\ncopy_fd_bitmaps(new, old, count) is expected to copy the first\ncount/BITS_PER_LONG bits from old-\u003efull_fds_bits[] and fill\nthe rest with zeroes. What it does is copying enough words\n(BITS_TO_LONGS(count/BITS_PER_LONG)), then memsets the rest.\nThat works fine, *if* all bits past the cutoff point are\nclear. Otherwise we are risking garbage from the last word\nwe\u0027d copied.\n\nFor most of the callers that is true - expand_fdtable() has\ncount equal to old-\u003emax_fds, so there\u0027s no open descriptors\npast count, let alone fully occupied words in -\u003eopen_fds[],\nwhich is what bits in -\u003efull_fds_bits[] correspond to.\n\nThe other caller (dup_fd()) passes sane_fdtable_size(old_fdt, max_fds),\nwhich is the smallest multiple of BITS_PER_LONG that covers all\nopened descriptors below max_fds. In the common case (copying on\nfork()) max_fds is ~0U, so all opened descriptors will be below\nit and we are fine, by the same reasons why the call in expand_fdtable()\nis safe.\n\nUnfortunately, there is a case where max_fds is less than that\nand where we might, indeed, end up with junk in -\u003efull_fds_bits[] -\nclose_range(from, to, CLOSE_RANGE_UNSHARE) with\n\t* descriptor table being currently shared\n\t* \u0027to\u0027 being above the current capacity of descriptor table\n\t* \u0027from\u0027 being just under some chunk of opened descriptors.\nIn that case we end up with observably wrong behaviour - e.g. spawn\na child with CLONE_FILES, get all descriptors in range 0..127 open,\nthen close_range(64, ~0U, CLOSE_RANGE_UNSHARE) and watch dup(0) ending\nup with descriptor #128, despite #64 being observably not open.\n\nThe minimally invasive fix would be to deal with that in dup_fd().\nIf this proves to add measurable overhead, we can go that way, but\nlet\u0027s try to fix copy_fd_bitmaps() first.\n\n* new helper: bitmap_copy_and_expand(to, from, bits_to_copy, size).\n* make copy_fd_bitmaps() take the bitmap size in words, rather than\nbits; it\u0027s \u0027count\u0027 argument is always a multiple of BITS_PER_LONG,\nso we are not losing any information, and that way we can use the\nsame helper for all three bitmaps - compiler will see that count\nis a multiple of BITS_PER_LONG for the large ones, so it\u0027ll generate\nplain memcpy()+memset().\n\nReproducer added to tools/testing/selftests/core/close_range_test.c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45025",
"url": "https://www.suse.com/security/cve/CVE-2024-45025"
},
{
"category": "external",
"summary": "SUSE Bug 1230456 for CVE-2024-45025",
"url": "https://bugzilla.suse.com/1230456"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-45025"
},
{
"cve": "CVE-2024-46678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46678"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: change ipsec_lock from spin lock to mutex\n\nIn the cited commit, bond-\u003eipsec_lock is added to protect ipsec_list,\nhence xdo_dev_state_add and xdo_dev_state_delete are called inside\nthis lock. As ipsec_lock is a spin lock and such xfrmdev ops may sleep,\n\"scheduling while atomic\" will be triggered when changing bond\u0027s\nactive slave.\n\n[ 101.055189] BUG: scheduling while atomic: bash/902/0x00000200\n[ 101.055726] Modules linked in:\n[ 101.058211] CPU: 3 PID: 902 Comm: bash Not tainted 6.9.0-rc4+ #1\n[ 101.058760] Hardware name:\n[ 101.059434] Call Trace:\n[ 101.059436] \u003cTASK\u003e\n[ 101.060873] dump_stack_lvl+0x51/0x60\n[ 101.061275] __schedule_bug+0x4e/0x60\n[ 101.061682] __schedule+0x612/0x7c0\n[ 101.062078] ? __mod_timer+0x25c/0x370\n[ 101.062486] schedule+0x25/0xd0\n[ 101.062845] schedule_timeout+0x77/0xf0\n[ 101.063265] ? asm_common_interrupt+0x22/0x40\n[ 101.063724] ? __bpf_trace_itimer_state+0x10/0x10\n[ 101.064215] __wait_for_common+0x87/0x190\n[ 101.064648] ? usleep_range_state+0x90/0x90\n[ 101.065091] cmd_exec+0x437/0xb20 [mlx5_core]\n[ 101.065569] mlx5_cmd_do+0x1e/0x40 [mlx5_core]\n[ 101.066051] mlx5_cmd_exec+0x18/0x30 [mlx5_core]\n[ 101.066552] mlx5_crypto_create_dek_key+0xea/0x120 [mlx5_core]\n[ 101.067163] ? bonding_sysfs_store_option+0x4d/0x80 [bonding]\n[ 101.067738] ? kmalloc_trace+0x4d/0x350\n[ 101.068156] mlx5_ipsec_create_sa_ctx+0x33/0x100 [mlx5_core]\n[ 101.068747] mlx5e_xfrm_add_state+0x47b/0xaa0 [mlx5_core]\n[ 101.069312] bond_change_active_slave+0x392/0x900 [bonding]\n[ 101.069868] bond_option_active_slave_set+0x1c2/0x240 [bonding]\n[ 101.070454] __bond_opt_set+0xa6/0x430 [bonding]\n[ 101.070935] __bond_opt_set_notify+0x2f/0x90 [bonding]\n[ 101.071453] bond_opt_tryset_rtnl+0x72/0xb0 [bonding]\n[ 101.071965] bonding_sysfs_store_option+0x4d/0x80 [bonding]\n[ 101.072567] kernfs_fop_write_iter+0x10c/0x1a0\n[ 101.073033] vfs_write+0x2d8/0x400\n[ 101.073416] ? alloc_fd+0x48/0x180\n[ 101.073798] ksys_write+0x5f/0xe0\n[ 101.074175] do_syscall_64+0x52/0x110\n[ 101.074576] entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nAs bond_ipsec_add_sa_all and bond_ipsec_del_sa_all are only called\nfrom bond_change_active_slave, which requires holding the RTNL lock.\nAnd bond_ipsec_add_sa and bond_ipsec_del_sa are xfrm state\nxdo_dev_state_add and xdo_dev_state_delete APIs, which are in user\ncontext. So ipsec_lock doesn\u0027t have to be spin lock, change it to\nmutex, and thus the above issue can be resolved.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46678",
"url": "https://www.suse.com/security/cve/CVE-2024-46678"
},
{
"category": "external",
"summary": "SUSE Bug 1230550 for CVE-2024-46678",
"url": "https://bugzilla.suse.com/1230550"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46678"
},
{
"cve": "CVE-2024-46680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46680"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Fix random crash seen while removing driver\n\nThis fixes the random kernel crash seen while removing the driver, when\nrunning the load/unload test over multiple iterations.\n\n1) modprobe btnxpuart\n2) hciconfig hci0 reset\n3) hciconfig (check hci0 interface up with valid BD address)\n4) modprobe -r btnxpuart\nRepeat steps 1 to 4\n\nThe ps_wakeup() call in btnxpuart_close() schedules the psdata-\u003ework(),\nwhich gets scheduled after module is removed, causing a kernel crash.\n\nThis hidden issue got highlighted after enabling Power Save by default\nin 4183a7be7700 (Bluetooth: btnxpuart: Enable Power Save feature on\nstartup)\n\nThe new ps_cleanup() deasserts UART break immediately while closing\nserdev device, cancels any scheduled ps_work and destroys the ps_lock\nmutex.\n\n[ 85.884604] Unable to handle kernel paging request at virtual address ffffd4a61638f258\n[ 85.884624] Mem abort info:\n[ 85.884625] ESR = 0x0000000086000007\n[ 85.884628] EC = 0x21: IABT (current EL), IL = 32 bits\n[ 85.884633] SET = 0, FnV = 0\n[ 85.884636] EA = 0, S1PTW = 0\n[ 85.884638] FSC = 0x07: level 3 translation fault\n[ 85.884642] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000041dd0000\n[ 85.884646] [ffffd4a61638f258] pgd=1000000095fff003, p4d=1000000095fff003, pud=100000004823d003, pmd=100000004823e003, pte=0000000000000000\n[ 85.884662] Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP\n[ 85.890932] Modules linked in: algif_hash algif_skcipher af_alg overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 caam secvio error snd_soc_fsl_spdif snd_soc_fsl_micfil snd_soc_fsl_sai snd_soc_fsl_utils gpio_ir_recv rc_core fuse [last unloaded: btnxpuart(O)]\n[ 85.927297] CPU: 1 PID: 67 Comm: kworker/1:3 Tainted: G O 6.1.36+g937b1be4345a #1\n[ 85.936176] Hardware name: FSL i.MX8MM EVK board (DT)\n[ 85.936182] Workqueue: events 0xffffd4a61638f380\n[ 85.936198] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 85.952817] pc : 0xffffd4a61638f258\n[ 85.952823] lr : 0xffffd4a61638f258\n[ 85.952827] sp : ffff8000084fbd70\n[ 85.952829] x29: ffff8000084fbd70 x28: 0000000000000000 x27: 0000000000000000\n[ 85.963112] x26: ffffd4a69133f000 x25: ffff4bf1c8540990 x24: ffff4bf215b87305\n[ 85.963119] x23: ffff4bf215b87300 x22: ffff4bf1c85409d0 x21: ffff4bf1c8540970\n[ 85.977382] x20: 0000000000000000 x19: ffff4bf1c8540880 x18: 0000000000000000\n[ 85.977391] x17: 0000000000000000 x16: 0000000000000133 x15: 0000ffffe2217090\n[ 85.977399] x14: 0000000000000001 x13: 0000000000000133 x12: 0000000000000139\n[ 85.977407] x11: 0000000000000001 x10: 0000000000000a60 x9 : ffff8000084fbc50\n[ 85.977417] x8 : ffff4bf215b7d000 x7 : ffff4bf215b83b40 x6 : 00000000000003e8\n[ 85.977424] x5 : 00000000410fd030 x4 : 0000000000000000 x3 : 0000000000000000\n[ 85.977432] x2 : 0000000000000000 x1 : ffff4bf1c4265880 x0 : 0000000000000000\n[ 85.977443] Call trace:\n[ 85.977446] 0xffffd4a61638f258\n[ 85.977451] 0xffffd4a61638f3e8\n[ 85.977455] process_one_work+0x1d4/0x330\n[ 85.977464] worker_thread+0x6c/0x430\n[ 85.977471] kthread+0x108/0x10c\n[ 85.977476] ret_from_fork+0x10/0x20\n[ 85.977488] Code: bad PC value\n[ 85.977491] ---[ end trace 0000000000000000 ]---\n\nPreset since v6.9.11",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46680",
"url": "https://www.suse.com/security/cve/CVE-2024-46680"
},
{
"category": "external",
"summary": "SUSE Bug 1230557 for CVE-2024-46680",
"url": "https://bugzilla.suse.com/1230557"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46680"
},
{
"cve": "CVE-2024-46681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46681"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npktgen: use cpus_read_lock() in pg_net_init()\n\nI have seen the WARN_ON(smp_processor_id() != cpu) firing\nin pktgen_thread_worker() during tests.\n\nWe must use cpus_read_lock()/cpus_read_unlock()\naround the for_each_online_cpu(cpu) loop.\n\nWhile we are at it use WARN_ON_ONCE() to avoid a possible syslog flood.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46681",
"url": "https://www.suse.com/security/cve/CVE-2024-46681"
},
{
"category": "external",
"summary": "SUSE Bug 1230558 for CVE-2024-46681",
"url": "https://bugzilla.suse.com/1230558"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46681"
},
{
"cve": "CVE-2024-46721",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46721"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix possible NULL pointer dereference\n\nprofile-\u003eparent-\u003edents[AAFS_PROF_DIR] could be NULL only if its parent is made\nfrom __create_missing_ancestors(..) and \u0027ent-\u003eold\u0027 is NULL in\naa_replace_profiles(..).\nIn that case, it must return an error code and the code, -ENOENT represents\nits state that the path of its parent is not existed yet.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000030\nPGD 0 P4D 0\nPREEMPT SMP PTI\nCPU: 4 PID: 3362 Comm: apparmor_parser Not tainted 6.8.0-24-generic #24\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\nRIP: 0010:aafs_create.constprop.0+0x7f/0x130\nCode: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc \u003c4d\u003e 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae\nRSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0\nCall Trace:\n \u003cTASK\u003e\n ? show_regs+0x6d/0x80\n ? __die+0x24/0x80\n ? page_fault_oops+0x99/0x1b0\n ? kernelmode_fixup_or_oops+0xb2/0x140\n ? __bad_area_nosemaphore+0x1a5/0x2c0\n ? find_vma+0x34/0x60\n ? bad_area_nosemaphore+0x16/0x30\n ? do_user_addr_fault+0x2a2/0x6b0\n ? exc_page_fault+0x83/0x1b0\n ? asm_exc_page_fault+0x27/0x30\n ? aafs_create.constprop.0+0x7f/0x130\n ? aafs_create.constprop.0+0x51/0x130\n __aafs_profile_mkdir+0x3d6/0x480\n aa_replace_profiles+0x83f/0x1270\n policy_update+0xe3/0x180\n profile_load+0xbc/0x150\n ? rw_verify_area+0x47/0x140\n vfs_write+0x100/0x480\n ? __x64_sys_openat+0x55/0xa0\n ? syscall_exit_to_user_mode+0x86/0x260\n ksys_write+0x73/0x100\n __x64_sys_write+0x19/0x30\n x64_sys_call+0x7e/0x25c0\n do_syscall_64+0x7f/0x180\n entry_SYSCALL_64_after_hwframe+0x78/0x80\nRIP: 0033:0x7be9f211c574\nCode: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d d5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89\nRSP: 002b:00007ffd26f2b8c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 00005d504415e200 RCX: 00007be9f211c574\nRDX: 0000000000001fc1 RSI: 00005d504418bc80 RDI: 0000000000000004\nRBP: 0000000000001fc1 R08: 0000000000001fc1 R09: 0000000080000000\nR10: 0000000000000000 R11: 0000000000000202 R12: 00005d504418bc80\nR13: 0000000000000004 R14: 00007ffd26f2b9b0 R15: 00007ffd26f2ba30\n \u003c/TASK\u003e\nModules linked in: snd_seq_dummy snd_hrtimer qrtr snd_hda_codec_generic snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device i2c_i801 snd_timer i2c_smbus qxl snd soundcore drm_ttm_helper lpc_ich ttm joydev input_leds serio_raw mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs qemu_fw_cfg ip_tables x_tables autofs4 hid_generic usbhid hid ahci libahci psmouse virtio_rng xhci_pci xhci_pci_renesas\nCR2: 0000000000000030\n---[ end trace 0000000000000000 ]---\nRIP: 0010:aafs_create.constprop.0+0x7f/0x130\nCode: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc \u003c4d\u003e 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae\nRSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46721",
"url": "https://www.suse.com/security/cve/CVE-2024-46721"
},
{
"category": "external",
"summary": "SUSE Bug 1230710 for CVE-2024-46721",
"url": "https://bugzilla.suse.com/1230710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46721"
},
{
"cve": "CVE-2024-46754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46754"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Remove tst_run from lwt_seg6local_prog_ops.\n\nThe syzbot reported that the lwt_seg6 related BPF ops can be invoked\nvia bpf_test_run() without without entering input_action_end_bpf()\nfirst.\n\nMartin KaFai Lau said that self test for BPF_PROG_TYPE_LWT_SEG6LOCAL\nprobably didn\u0027t work since it was introduced in commit 04d4b274e2a\n(\"ipv6: sr: Add seg6local action End.BPF\"). The reason is that the\nper-CPU variable seg6_bpf_srh_states::srh is never assigned in the self\ntest case but each BPF function expects it.\n\nRemove test_run for BPF_PROG_TYPE_LWT_SEG6LOCAL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46754",
"url": "https://www.suse.com/security/cve/CVE-2024-46754"
},
{
"category": "external",
"summary": "SUSE Bug 1230801 for CVE-2024-46754",
"url": "https://bugzilla.suse.com/1230801"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46754"
},
{
"cve": "CVE-2024-46765",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46765"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: protect XDP configuration with a mutex\n\nThe main threat to data consistency in ice_xdp() is a possible asynchronous\nPF reset. It can be triggered by a user or by TX timeout handler.\n\nXDP setup and PF reset code access the same resources in the following\nsections:\n* ice_vsi_close() in ice_prepare_for_reset() - already rtnl-locked\n* ice_vsi_rebuild() for the PF VSI - not protected\n* ice_vsi_open() - already rtnl-locked\n\nWith an unfortunate timing, such accesses can result in a crash such as the\none below:\n\n[ +1.999878] ice 0000:b1:00.0: Registered XDP mem model MEM_TYPE_XSK_BUFF_POOL on Rx ring 14\n[ +2.002992] ice 0000:b1:00.0: Registered XDP mem model MEM_TYPE_XSK_BUFF_POOL on Rx ring 18\n[Mar15 18:17] ice 0000:b1:00.0 ens801f0np0: NETDEV WATCHDOG: CPU: 38: transmit queue 14 timed out 80692736 ms\n[ +0.000093] ice 0000:b1:00.0 ens801f0np0: tx_timeout: VSI_num: 6, Q 14, NTC: 0x0, HW_HEAD: 0x0, NTU: 0x0, INT: 0x4000001\n[ +0.000012] ice 0000:b1:00.0 ens801f0np0: tx_timeout recovery level 1, txqueue 14\n[ +0.394718] ice 0000:b1:00.0: PTP reset successful\n[ +0.006184] BUG: kernel NULL pointer dereference, address: 0000000000000098\n[ +0.000045] #PF: supervisor read access in kernel mode\n[ +0.000023] #PF: error_code(0x0000) - not-present page\n[ +0.000023] PGD 0 P4D 0\n[ +0.000018] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ +0.000023] CPU: 38 PID: 7540 Comm: kworker/38:1 Not tainted 6.8.0-rc7 #1\n[ +0.000031] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0014.082620210524 08/26/2021\n[ +0.000036] Workqueue: ice ice_service_task [ice]\n[ +0.000183] RIP: 0010:ice_clean_tx_ring+0xa/0xd0 [ice]\n[...]\n[ +0.000013] Call Trace:\n[ +0.000016] \u003cTASK\u003e\n[ +0.000014] ? __die+0x1f/0x70\n[ +0.000029] ? page_fault_oops+0x171/0x4f0\n[ +0.000029] ? schedule+0x3b/0xd0\n[ +0.000027] ? exc_page_fault+0x7b/0x180\n[ +0.000022] ? asm_exc_page_fault+0x22/0x30\n[ +0.000031] ? ice_clean_tx_ring+0xa/0xd0 [ice]\n[ +0.000194] ice_free_tx_ring+0xe/0x60 [ice]\n[ +0.000186] ice_destroy_xdp_rings+0x157/0x310 [ice]\n[ +0.000151] ice_vsi_decfg+0x53/0xe0 [ice]\n[ +0.000180] ice_vsi_rebuild+0x239/0x540 [ice]\n[ +0.000186] ice_vsi_rebuild_by_type+0x76/0x180 [ice]\n[ +0.000145] ice_rebuild+0x18c/0x840 [ice]\n[ +0.000145] ? delay_tsc+0x4a/0xc0\n[ +0.000022] ? delay_tsc+0x92/0xc0\n[ +0.000020] ice_do_reset+0x140/0x180 [ice]\n[ +0.000886] ice_service_task+0x404/0x1030 [ice]\n[ +0.000824] process_one_work+0x171/0x340\n[ +0.000685] worker_thread+0x277/0x3a0\n[ +0.000675] ? preempt_count_add+0x6a/0xa0\n[ +0.000677] ? _raw_spin_lock_irqsave+0x23/0x50\n[ +0.000679] ? __pfx_worker_thread+0x10/0x10\n[ +0.000653] kthread+0xf0/0x120\n[ +0.000635] ? __pfx_kthread+0x10/0x10\n[ +0.000616] ret_from_fork+0x2d/0x50\n[ +0.000612] ? __pfx_kthread+0x10/0x10\n[ +0.000604] ret_from_fork_asm+0x1b/0x30\n[ +0.000604] \u003c/TASK\u003e\n\nThe previous way of handling this through returning -EBUSY is not viable,\nparticularly when destroying AF_XDP socket, because the kernel proceeds\nwith removal anyway.\n\nThere is plenty of code between those calls and there is no need to create\na large critical section that covers all of them, same as there is no need\nto protect ice_vsi_rebuild() with rtnl_lock().\n\nAdd xdp_state_lock mutex to protect ice_vsi_rebuild() and ice_xdp().\n\nLeaving unprotected sections in between would result in two states that\nhave to be considered:\n1. when the VSI is closed, but not yet rebuild\n2. when VSI is already rebuild, but not yet open\n\nThe latter case is actually already handled through !netif_running() case,\nwe just need to adjust flag checking a little. The former one is not as\ntrivial, because between ice_vsi_close() and ice_vsi_rebuild(), a lot of\nhardware interaction happens, this can make adding/deleting rings exit\nwith an error. Luckily, VSI rebuild is pending and can apply new\nconfiguration for us in a managed fashion.\n\nTherefore, add an additional VSI state flag ICE_VSI_REBUILD_PENDING to\nindicate that ice_x\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46765",
"url": "https://www.suse.com/security/cve/CVE-2024-46765"
},
{
"category": "external",
"summary": "SUSE Bug 1230807 for CVE-2024-46765",
"url": "https://bugzilla.suse.com/1230807"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46765"
},
{
"cve": "CVE-2024-46766",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46766"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: move netif_queue_set_napi to rtnl-protected sections\n\nCurrently, netif_queue_set_napi() is called from ice_vsi_rebuild() that is\nnot rtnl-locked when called from the reset. This creates the need to take\nthe rtnl_lock just for a single function and complicates the\nsynchronization with .ndo_bpf. At the same time, there no actual need to\nfill napi-to-queue information at this exact point.\n\nFill napi-to-queue information when opening the VSI and clear it when the\nVSI is being closed. Those routines are already rtnl-locked.\n\nAlso, rewrite napi-to-queue assignment in a way that prevents inclusion of\nXDP queues, as this leads to out-of-bounds writes, such as one below.\n\n[ +0.000004] BUG: KASAN: slab-out-of-bounds in netif_queue_set_napi+0x1c2/0x1e0\n[ +0.000012] Write of size 8 at addr ffff889881727c80 by task bash/7047\n[ +0.000006] CPU: 24 PID: 7047 Comm: bash Not tainted 6.10.0-rc2+ #2\n[ +0.000004] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0014.082620210524 08/26/2021\n[ +0.000003] Call Trace:\n[ +0.000003] \u003cTASK\u003e\n[ +0.000002] dump_stack_lvl+0x60/0x80\n[ +0.000007] print_report+0xce/0x630\n[ +0.000007] ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n[ +0.000007] ? __virt_addr_valid+0x1c9/0x2c0\n[ +0.000005] ? netif_queue_set_napi+0x1c2/0x1e0\n[ +0.000003] kasan_report+0xe9/0x120\n[ +0.000004] ? netif_queue_set_napi+0x1c2/0x1e0\n[ +0.000004] netif_queue_set_napi+0x1c2/0x1e0\n[ +0.000005] ice_vsi_close+0x161/0x670 [ice]\n[ +0.000114] ice_dis_vsi+0x22f/0x270 [ice]\n[ +0.000095] ice_pf_dis_all_vsi.constprop.0+0xae/0x1c0 [ice]\n[ +0.000086] ice_prepare_for_reset+0x299/0x750 [ice]\n[ +0.000087] pci_dev_save_and_disable+0x82/0xd0\n[ +0.000006] pci_reset_function+0x12d/0x230\n[ +0.000004] reset_store+0xa0/0x100\n[ +0.000006] ? __pfx_reset_store+0x10/0x10\n[ +0.000002] ? __pfx_mutex_lock+0x10/0x10\n[ +0.000004] ? __check_object_size+0x4c1/0x640\n[ +0.000007] kernfs_fop_write_iter+0x30b/0x4a0\n[ +0.000006] vfs_write+0x5d6/0xdf0\n[ +0.000005] ? fd_install+0x180/0x350\n[ +0.000005] ? __pfx_vfs_write+0x10/0xA10\n[ +0.000004] ? do_fcntl+0x52c/0xcd0\n[ +0.000004] ? kasan_save_track+0x13/0x60\n[ +0.000003] ? kasan_save_free_info+0x37/0x60\n[ +0.000006] ksys_write+0xfa/0x1d0\n[ +0.000003] ? __pfx_ksys_write+0x10/0x10\n[ +0.000002] ? __x64_sys_fcntl+0x121/0x180\n[ +0.000004] ? _raw_spin_lock+0x87/0xe0\n[ +0.000005] do_syscall_64+0x80/0x170\n[ +0.000007] ? _raw_spin_lock+0x87/0xe0\n[ +0.000004] ? __pfx__raw_spin_lock+0x10/0x10\n[ +0.000003] ? file_close_fd_locked+0x167/0x230\n[ +0.000005] ? syscall_exit_to_user_mode+0x7d/0x220\n[ +0.000005] ? do_syscall_64+0x8c/0x170\n[ +0.000004] ? do_syscall_64+0x8c/0x170\n[ +0.000003] ? do_syscall_64+0x8c/0x170\n[ +0.000003] ? fput+0x1a/0x2c0\n[ +0.000004] ? filp_close+0x19/0x30\n[ +0.000004] ? do_dup2+0x25a/0x4c0\n[ +0.000004] ? __x64_sys_dup2+0x6e/0x2e0\n[ +0.000002] ? syscall_exit_to_user_mode+0x7d/0x220\n[ +0.000004] ? do_syscall_64+0x8c/0x170\n[ +0.000003] ? __count_memcg_events+0x113/0x380\n[ +0.000005] ? handle_mm_fault+0x136/0x820\n[ +0.000005] ? do_user_addr_fault+0x444/0xa80\n[ +0.000004] ? clear_bhb_loop+0x25/0x80\n[ +0.000004] ? clear_bhb_loop+0x25/0x80\n[ +0.000002] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ +0.000005] RIP: 0033:0x7f2033593154",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46766",
"url": "https://www.suse.com/security/cve/CVE-2024-46766"
},
{
"category": "external",
"summary": "SUSE Bug 1230762 for CVE-2024-46766",
"url": "https://bugzilla.suse.com/1230762"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46766"
},
{
"cve": "CVE-2024-46770",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46770"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Add netif_device_attach/detach into PF reset flow\n\nEthtool callbacks can be executed while reset is in progress and try to\naccess deleted resources, e.g. getting coalesce settings can result in a\nNULL pointer dereference seen below.\n\nReproduction steps:\nOnce the driver is fully initialized, trigger reset:\n\t# echo 1 \u003e /sys/class/net/\u003cinterface\u003e/device/reset\nwhen reset is in progress try to get coalesce settings using ethtool:\n\t# ethtool -c \u003cinterface\u003e\n\nBUG: kernel NULL pointer dereference, address: 0000000000000020\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] PREEMPT SMP PTI\nCPU: 11 PID: 19713 Comm: ethtool Tainted: G S 6.10.0-rc7+ #7\nRIP: 0010:ice_get_q_coalesce+0x2e/0xa0 [ice]\nRSP: 0018:ffffbab1e9bcf6a8 EFLAGS: 00010206\nRAX: 000000000000000c RBX: ffff94512305b028 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffff9451c3f2e588 RDI: ffff9451c3f2e588\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\nR10: ffff9451c3f2e580 R11: 000000000000001f R12: ffff945121fa9000\nR13: ffffbab1e9bcf760 R14: 0000000000000013 R15: ffffffff9e65dd40\nFS: 00007faee5fbe740(0000) GS:ffff94546fd80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000020 CR3: 0000000106c2e005 CR4: 00000000001706f0\nCall Trace:\n\u003cTASK\u003e\nice_get_coalesce+0x17/0x30 [ice]\ncoalesce_prepare_data+0x61/0x80\nethnl_default_doit+0xde/0x340\ngenl_family_rcv_msg_doit+0xf2/0x150\ngenl_rcv_msg+0x1b3/0x2c0\nnetlink_rcv_skb+0x5b/0x110\ngenl_rcv+0x28/0x40\nnetlink_unicast+0x19c/0x290\nnetlink_sendmsg+0x222/0x490\n__sys_sendto+0x1df/0x1f0\n__x64_sys_sendto+0x24/0x30\ndo_syscall_64+0x82/0x160\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7faee60d8e27\n\nCalling netif_device_detach() before reset makes the net core not call\nthe driver when ethtool command is issued, the attempt to execute an\nethtool command during reset will result in the following message:\n\n netlink error: No such device\n\ninstead of NULL pointer dereference. Once reset is done and\nice_rebuild() is executing, the netif_device_attach() is called to allow\nfor ethtool operations to occur again in a safe manner.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46770",
"url": "https://www.suse.com/security/cve/CVE-2024-46770"
},
{
"category": "external",
"summary": "SUSE Bug 1230763 for CVE-2024-46770",
"url": "https://bugzilla.suse.com/1230763"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46770"
},
{
"cve": "CVE-2024-46775",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46775"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Validate function returns\n\n[WHAT \u0026 HOW]\nFunction return values must be checked before data can be used\nin subsequent functions.\n\nThis fixes 4 CHECKED_RETURN issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46775",
"url": "https://www.suse.com/security/cve/CVE-2024-46775"
},
{
"category": "external",
"summary": "SUSE Bug 1230774 for CVE-2024-46775",
"url": "https://bugzilla.suse.com/1230774"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46775"
},
{
"cve": "CVE-2024-46777",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46777"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Avoid excessive partition lengths\n\nAvoid mounting filesystems where the partition would overflow the\n32-bits used for block number. Also refuse to mount filesystems where\nthe partition length is so large we cannot safely index bits in a\nblock bitmap.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46777",
"url": "https://www.suse.com/security/cve/CVE-2024-46777"
},
{
"category": "external",
"summary": "SUSE Bug 1230773 for CVE-2024-46777",
"url": "https://bugzilla.suse.com/1230773"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46777"
},
{
"cve": "CVE-2024-46788",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46788"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/osnoise: Use a cpumask to know what threads are kthreads\n\nThe start_kthread() and stop_thread() code was not always called with the\ninterface_lock held. This means that the kthread variable could be\nunexpectedly changed causing the kthread_stop() to be called on it when it\nshould not have been, leading to:\n\n while true; do\n rtla timerlat top -u -q \u0026 PID=$!;\n sleep 5;\n kill -INT $PID;\n sleep 0.001;\n kill -TERM $PID;\n wait $PID;\n done\n\nCausing the following OOPS:\n\n Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN PTI\n KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\n CPU: 5 UID: 0 PID: 885 Comm: timerlatu/5 Not tainted 6.11.0-rc4-test-00002-gbc754cc76d1b-dirty #125 a533010b71dab205ad2f507188ce8c82203b0254\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n RIP: 0010:hrtimer_active+0x58/0x300\n Code: 48 c1 ee 03 41 54 48 01 d1 48 01 d6 55 53 48 83 ec 20 80 39 00 0f 85 30 02 00 00 49 8b 6f 30 4c 8d 75 10 4c 89 f0 48 c1 e8 03 \u003c0f\u003e b6 3c 10 4c 89 f0 83 e0 07 83 c0 03 40 38 f8 7c 09 40 84 ff 0f\n RSP: 0018:ffff88811d97f940 EFLAGS: 00010202\n RAX: 0000000000000002 RBX: ffff88823c6b5b28 RCX: ffffed10478d6b6b\n RDX: dffffc0000000000 RSI: ffffed10478d6b6c RDI: ffff88823c6b5b28\n RBP: 0000000000000000 R08: ffff88823c6b5b58 R09: ffff88823c6b5b60\n R10: ffff88811d97f957 R11: 0000000000000010 R12: 00000000000a801d\n R13: ffff88810d8b35d8 R14: 0000000000000010 R15: ffff88823c6b5b28\n FS: 0000000000000000(0000) GS:ffff88823c680000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000561858ad7258 CR3: 000000007729e001 CR4: 0000000000170ef0\n Call Trace:\n \u003cTASK\u003e\n ? die_addr+0x40/0xa0\n ? exc_general_protection+0x154/0x230\n ? asm_exc_general_protection+0x26/0x30\n ? hrtimer_active+0x58/0x300\n ? __pfx_mutex_lock+0x10/0x10\n ? __pfx_locks_remove_file+0x10/0x10\n hrtimer_cancel+0x15/0x40\n timerlat_fd_release+0x8e/0x1f0\n ? security_file_release+0x43/0x80\n __fput+0x372/0xb10\n task_work_run+0x11e/0x1f0\n ? _raw_spin_lock+0x85/0xe0\n ? __pfx_task_work_run+0x10/0x10\n ? poison_slab_object+0x109/0x170\n ? do_exit+0x7a0/0x24b0\n do_exit+0x7bd/0x24b0\n ? __pfx_migrate_enable+0x10/0x10\n ? __pfx_do_exit+0x10/0x10\n ? __pfx_read_tsc+0x10/0x10\n ? ktime_get+0x64/0x140\n ? _raw_spin_lock_irq+0x86/0xe0\n do_group_exit+0xb0/0x220\n get_signal+0x17ba/0x1b50\n ? vfs_read+0x179/0xa40\n ? timerlat_fd_read+0x30b/0x9d0\n ? __pfx_get_signal+0x10/0x10\n ? __pfx_timerlat_fd_read+0x10/0x10\n arch_do_signal_or_restart+0x8c/0x570\n ? __pfx_arch_do_signal_or_restart+0x10/0x10\n ? vfs_read+0x179/0xa40\n ? ksys_read+0xfe/0x1d0\n ? __pfx_ksys_read+0x10/0x10\n syscall_exit_to_user_mode+0xbc/0x130\n do_syscall_64+0x74/0x110\n ? __pfx___rseq_handle_notify_resume+0x10/0x10\n ? __pfx_ksys_read+0x10/0x10\n ? fpregs_restore_userregs+0xdb/0x1e0\n ? fpregs_restore_userregs+0xdb/0x1e0\n ? syscall_exit_to_user_mode+0x116/0x130\n ? do_syscall_64+0x74/0x110\n ? do_syscall_64+0x74/0x110\n ? do_syscall_64+0x74/0x110\n entry_SYSCALL_64_after_hwframe+0x71/0x79\n RIP: 0033:0x7ff0070eca9c\n Code: Unable to access opcode bytes at 0x7ff0070eca72.\n RSP: 002b:00007ff006dff8c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\n RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00007ff0070eca9c\n RDX: 0000000000000400 RSI: 00007ff006dff9a0 RDI: 0000000000000003\n RBP: 00007ff006dffde0 R08: 0000000000000000 R09: 00007ff000000ba0\n R10: 00007ff007004b08 R11: 0000000000000246 R12: 0000000000000003\n R13: 00007ff006dff9a0 R14: 0000000000000007 R15: 0000000000000008\n \u003c/TASK\u003e\n Modules linked in: snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hwdep snd_hda_core\n ---[ end trace 0000000000000000 ]---\n\nThis is because it would mistakenly call kthread_stop() on a user space\nthread making it \"exit\" before it actually exits.\n\nSince kthread\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46788",
"url": "https://www.suse.com/security/cve/CVE-2024-46788"
},
{
"category": "external",
"summary": "SUSE Bug 1230817 for CVE-2024-46788",
"url": "https://bugzilla.suse.com/1230817"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46788"
},
{
"cve": "CVE-2024-46797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46797"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/qspinlock: Fix deadlock in MCS queue\n\nIf an interrupt occurs in queued_spin_lock_slowpath() after we increment\nqnodesp-\u003ecount and before node-\u003elock is initialized, another CPU might\nsee stale lock values in get_tail_qnode(). If the stale lock value happens\nto match the lock on that CPU, then we write to the \"next\" pointer of\nthe wrong qnode. This causes a deadlock as the former CPU, once it becomes\nthe head of the MCS queue, will spin indefinitely until it\u0027s \"next\" pointer\nis set by its successor in the queue.\n\nRunning stress-ng on a 16 core (16EC/16VP) shared LPAR, results in\noccasional lockups similar to the following:\n\n $ stress-ng --all 128 --vm-bytes 80% --aggressive \\\n --maximize --oomable --verify --syslog \\\n --metrics --times --timeout 5m\n\n watchdog: CPU 15 Hard LOCKUP\n ......\n NIP [c0000000000b78f4] queued_spin_lock_slowpath+0x1184/0x1490\n LR [c000000001037c5c] _raw_spin_lock+0x6c/0x90\n Call Trace:\n 0xc000002cfffa3bf0 (unreliable)\n _raw_spin_lock+0x6c/0x90\n raw_spin_rq_lock_nested.part.135+0x4c/0xd0\n sched_ttwu_pending+0x60/0x1f0\n __flush_smp_call_function_queue+0x1dc/0x670\n smp_ipi_demux_relaxed+0xa4/0x100\n xive_muxed_ipi_action+0x20/0x40\n __handle_irq_event_percpu+0x80/0x240\n handle_irq_event_percpu+0x2c/0x80\n handle_percpu_irq+0x84/0xd0\n generic_handle_irq+0x54/0x80\n __do_irq+0xac/0x210\n __do_IRQ+0x74/0xd0\n 0x0\n do_IRQ+0x8c/0x170\n hardware_interrupt_common_virt+0x29c/0x2a0\n --- interrupt: 500 at queued_spin_lock_slowpath+0x4b8/0x1490\n ......\n NIP [c0000000000b6c28] queued_spin_lock_slowpath+0x4b8/0x1490\n LR [c000000001037c5c] _raw_spin_lock+0x6c/0x90\n --- interrupt: 500\n 0xc0000029c1a41d00 (unreliable)\n _raw_spin_lock+0x6c/0x90\n futex_wake+0x100/0x260\n do_futex+0x21c/0x2a0\n sys_futex+0x98/0x270\n system_call_exception+0x14c/0x2f0\n system_call_vectored_common+0x15c/0x2ec\n\nThe following code flow illustrates how the deadlock occurs.\nFor the sake of brevity, assume that both locks (A and B) are\ncontended and we call the queued_spin_lock_slowpath() function.\n\n CPU0 CPU1\n ---- ----\n spin_lock_irqsave(A) |\n spin_unlock_irqrestore(A) |\n spin_lock(B) |\n | |\n v |\n id = qnodesp-\u003ecount++; |\n (Note that nodes[0].lock == A) |\n | |\n v |\n Interrupt |\n (happens before \"nodes[0].lock = B\") |\n | |\n v |\n spin_lock_irqsave(A) |\n | |\n v |\n id = qnodesp-\u003ecount++ |\n nodes[1].lock = A |\n | |\n v |\n Tail of MCS queue |\n | spin_lock_irqsave(A)\n v |\n Head of MCS queue v\n | CPU0 is previous tail\n v |\n Spin indefinitely v\n (until \"nodes[1].next != NULL\") prev = get_tail_qnode(A, CPU0)\n |\n v\n prev == \u0026qnodes[CPU0].nodes[0]\n (as qnodes\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46797",
"url": "https://www.suse.com/security/cve/CVE-2024-46797"
},
{
"category": "external",
"summary": "SUSE Bug 1230831 for CVE-2024-46797",
"url": "https://bugzilla.suse.com/1230831"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46797"
},
{
"cve": "CVE-2024-46800",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46800"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsch/netem: fix use after free in netem_dequeue\n\nIf netem_dequeue() enqueues packet to inner qdisc and that qdisc\nreturns __NET_XMIT_STOLEN. The packet is dropped but\nqdisc_tree_reduce_backlog() is not called to update the parent\u0027s\nq.qlen, leading to the similar use-after-free as Commit\ne04991a48dbaf382 (\"netem: fix return value if duplicate enqueue\nfails\")\n\nCommands to trigger KASAN UaF:\n\nip link add type dummy\nip link set lo up\nip link set dummy0 up\ntc qdisc add dev lo parent root handle 1: drr\ntc filter add dev lo parent 1: basic classid 1:1\ntc class add dev lo classid 1:1 drr\ntc qdisc add dev lo parent 1:1 handle 2: netem\ntc qdisc add dev lo parent 2: handle 3: drr\ntc filter add dev lo parent 3: basic classid 3:1 action mirred egress\nredirect dev dummy0\ntc class add dev lo classid 3:1 drr\nping -c1 -W0.01 localhost # Trigger bug\ntc class del dev lo classid 1:1\ntc class add dev lo classid 1:1 drr\nping -c1 -W0.01 localhost # UaF",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46800",
"url": "https://www.suse.com/security/cve/CVE-2024-46800"
},
{
"category": "external",
"summary": "SUSE Bug 1230827 for CVE-2024-46800",
"url": "https://bugzilla.suse.com/1230827"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46800"
},
{
"cve": "CVE-2024-46802",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46802"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: added NULL check at start of dc_validate_stream\n\n[Why]\nprevent invalid memory access\n\n[How]\ncheck if dc and stream are NULL",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46802",
"url": "https://www.suse.com/security/cve/CVE-2024-46802"
},
{
"category": "external",
"summary": "SUSE Bug 1231111 for CVE-2024-46802",
"url": "https://bugzilla.suse.com/1231111"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46802"
},
{
"cve": "CVE-2024-46803",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46803"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Check debug trap enable before write dbg_ev_file\n\nIn interrupt context, write dbg_ev_file will be run by work queue. It\nwill cause write dbg_ev_file execution after debug_trap_disable, which\nwill cause NULL pointer access.\nv2: cancel work \"debug_event_workarea\" before set dbg_ev_file as NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46803",
"url": "https://www.suse.com/security/cve/CVE-2024-46803"
},
{
"category": "external",
"summary": "SUSE Bug 1231131 for CVE-2024-46803",
"url": "https://bugzilla.suse.com/1231131"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46803"
},
{
"cve": "CVE-2024-46804",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46804"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add array index check for hdcp ddc access\n\n[Why]\nCoverity reports OVERRUN warning. Do not check if array\nindex valid.\n\n[How]\nCheck msg_id valid and valid array index.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46804",
"url": "https://www.suse.com/security/cve/CVE-2024-46804"
},
{
"category": "external",
"summary": "SUSE Bug 1231132 for CVE-2024-46804",
"url": "https://bugzilla.suse.com/1231132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46804"
},
{
"cve": "CVE-2024-46805",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46805"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix the waring dereferencing hive\n\nCheck the amdgpu_hive_info *hive that maybe is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46805",
"url": "https://www.suse.com/security/cve/CVE-2024-46805"
},
{
"category": "external",
"summary": "SUSE Bug 1231135 for CVE-2024-46805",
"url": "https://bugzilla.suse.com/1231135"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46805"
},
{
"cve": "CVE-2024-46806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46806"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix the warning division or modulo by zero\n\nChecks the partition mode and returns an error for an invalid mode.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46806",
"url": "https://www.suse.com/security/cve/CVE-2024-46806"
},
{
"category": "external",
"summary": "SUSE Bug 1231136 for CVE-2024-46806",
"url": "https://bugzilla.suse.com/1231136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46806"
},
{
"cve": "CVE-2024-46807",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46807"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/amdgpu: Check tbo resource pointer\n\nValidate tbo resource pointer, skip if NULL",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46807",
"url": "https://www.suse.com/security/cve/CVE-2024-46807"
},
{
"category": "external",
"summary": "SUSE Bug 1231138 for CVE-2024-46807",
"url": "https://bugzilla.suse.com/1231138"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46807"
},
{
"cve": "CVE-2024-46809",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46809"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check BIOS images before it is used\n\nBIOS images may fail to load and null checks are added before they are\nused.\n\nThis fixes 6 NULL_RETURNS issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46809",
"url": "https://www.suse.com/security/cve/CVE-2024-46809"
},
{
"category": "external",
"summary": "SUSE Bug 1231148 for CVE-2024-46809",
"url": "https://bugzilla.suse.com/1231148"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46809"
},
{
"cve": "CVE-2024-46810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46810"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ\n\nMake sure the connector is fully initialized before signalling any\nHPD events via drm_kms_helper_hotplug_event(), otherwise this may\nlead to NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46810",
"url": "https://www.suse.com/security/cve/CVE-2024-46810"
},
{
"category": "external",
"summary": "SUSE Bug 1231178 for CVE-2024-46810",
"url": "https://bugzilla.suse.com/1231178"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46810"
},
{
"cve": "CVE-2024-46811",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46811"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box\n\n[Why]\nCoverity reports OVERRUN warning. soc.num_states could\nbe 40. But array range of bw_params-\u003eclk_table.entries is 8.\n\n[How]\nAssert if soc.num_states greater than 8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46811",
"url": "https://www.suse.com/security/cve/CVE-2024-46811"
},
{
"category": "external",
"summary": "SUSE Bug 1231179 for CVE-2024-46811",
"url": "https://bugzilla.suse.com/1231179"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46811"
},
{
"cve": "CVE-2024-46812",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46812"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration\n\n[Why]\nCoverity reports Memory - illegal accesses.\n\n[How]\nSkip inactive planes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46812",
"url": "https://www.suse.com/security/cve/CVE-2024-46812"
},
{
"category": "external",
"summary": "SUSE Bug 1231187 for CVE-2024-46812",
"url": "https://bugzilla.suse.com/1231187"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46812"
},
{
"cve": "CVE-2024-46813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46813"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check link_index before accessing dc-\u003elinks[]\n\n[WHY \u0026 HOW]\ndc-\u003elinks[] has max size of MAX_LINKS and NULL is return when trying to\naccess with out-of-bound index.\n\nThis fixes 3 OVERRUN and 1 RESOURCE_LEAK issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46813",
"url": "https://www.suse.com/security/cve/CVE-2024-46813"
},
{
"category": "external",
"summary": "SUSE Bug 1231191 for CVE-2024-46813",
"url": "https://bugzilla.suse.com/1231191"
},
{
"category": "external",
"summary": "SUSE Bug 1231192 for CVE-2024-46813",
"url": "https://bugzilla.suse.com/1231192"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-46813"
},
{
"cve": "CVE-2024-46814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46814"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check msg_id before processing transcation\n\n[WHY \u0026 HOW]\nHDCP_MESSAGE_ID_INVALID (-1) is not a valid msg_id nor is it a valid\narray index, and it needs checking before used.\n\nThis fixes 4 OVERRUN issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46814",
"url": "https://www.suse.com/security/cve/CVE-2024-46814"
},
{
"category": "external",
"summary": "SUSE Bug 1231193 for CVE-2024-46814",
"url": "https://bugzilla.suse.com/1231193"
},
{
"category": "external",
"summary": "SUSE Bug 1231194 for CVE-2024-46814",
"url": "https://bugzilla.suse.com/1231194"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-46814"
},
{
"cve": "CVE-2024-46815",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46815"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]\n\n[WHY \u0026 HOW]\nnum_valid_sets needs to be checked to avoid a negative index when\naccessing reader_wm_sets[num_valid_sets - 1].\n\nThis fixes an OVERRUN issue reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46815",
"url": "https://www.suse.com/security/cve/CVE-2024-46815"
},
{
"category": "external",
"summary": "SUSE Bug 1231195 for CVE-2024-46815",
"url": "https://bugzilla.suse.com/1231195"
},
{
"category": "external",
"summary": "SUSE Bug 1231196 for CVE-2024-46815",
"url": "https://bugzilla.suse.com/1231196"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-46815"
},
{
"cve": "CVE-2024-46816",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46816"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links\n\n[Why]\nCoverity report OVERRUN warning. There are\nonly max_links elements within dc-\u003elinks. link\ncount could up to AMDGPU_DM_MAX_DISPLAY_INDEX 31.\n\n[How]\nMake sure link count less than max_links.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46816",
"url": "https://www.suse.com/security/cve/CVE-2024-46816"
},
{
"category": "external",
"summary": "SUSE Bug 1231197 for CVE-2024-46816",
"url": "https://bugzilla.suse.com/1231197"
},
{
"category": "external",
"summary": "SUSE Bug 1231198 for CVE-2024-46816",
"url": "https://bugzilla.suse.com/1231198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-46816"
},
{
"cve": "CVE-2024-46817",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46817"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6\n\n[Why]\nCoverity reports OVERRUN warning. Should abort amdgpu_dm\ninitialize.\n\n[How]\nReturn failure to amdgpu_dm_init.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46817",
"url": "https://www.suse.com/security/cve/CVE-2024-46817"
},
{
"category": "external",
"summary": "SUSE Bug 1231200 for CVE-2024-46817",
"url": "https://bugzilla.suse.com/1231200"
},
{
"category": "external",
"summary": "SUSE Bug 1231201 for CVE-2024-46817",
"url": "https://bugzilla.suse.com/1231201"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-46817"
},
{
"cve": "CVE-2024-46818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46818"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check gpio_id before used as array index\n\n[WHY \u0026 HOW]\nGPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore\nshould be checked in advance.\n\nThis fixes 5 OVERRUN issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46818",
"url": "https://www.suse.com/security/cve/CVE-2024-46818"
},
{
"category": "external",
"summary": "SUSE Bug 1231203 for CVE-2024-46818",
"url": "https://bugzilla.suse.com/1231203"
},
{
"category": "external",
"summary": "SUSE Bug 1231204 for CVE-2024-46818",
"url": "https://bugzilla.suse.com/1231204"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-46818"
},
{
"cve": "CVE-2024-46819",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46819"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: the warning dereferencing obj for nbio_v7_4\n\nif ras_manager obj null, don\u0027t print NBIO err data",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46819",
"url": "https://www.suse.com/security/cve/CVE-2024-46819"
},
{
"category": "external",
"summary": "SUSE Bug 1231202 for CVE-2024-46819",
"url": "https://bugzilla.suse.com/1231202"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46819"
},
{
"cve": "CVE-2024-46821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46821"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Fix negative array index read\n\nAvoid using the negative values\nfor clk_idex as an index into an array pptable-\u003eDpmDescriptor.\n\nV2: fix clk_index return check (Tim Huang)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46821",
"url": "https://www.suse.com/security/cve/CVE-2024-46821"
},
{
"category": "external",
"summary": "SUSE Bug 1231169 for CVE-2024-46821",
"url": "https://bugzilla.suse.com/1231169"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46821"
},
{
"cve": "CVE-2024-46825",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46825"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check\n\nThe lookup function iwl_mvm_rcu_fw_link_id_to_link_conf() is\nnormally called with input from the firmware, so it should use\nIWL_FW_CHECK() instead of WARN_ON().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46825",
"url": "https://www.suse.com/security/cve/CVE-2024-46825"
},
{
"category": "external",
"summary": "SUSE Bug 1231170 for CVE-2024-46825",
"url": "https://bugzilla.suse.com/1231170"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46825"
},
{
"cve": "CVE-2024-46826",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46826"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nELF: fix kernel.randomize_va_space double read\n\nELF loader uses \"randomize_va_space\" twice. It is sysctl and can change\nat any moment, so 2 loads could see 2 different values in theory with\nunpredictable consequences.\n\nIssue exactly one load for consistent value across one exec.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46826",
"url": "https://www.suse.com/security/cve/CVE-2024-46826"
},
{
"category": "external",
"summary": "SUSE Bug 1231115 for CVE-2024-46826",
"url": "https://bugzilla.suse.com/1231115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46826"
},
{
"cve": "CVE-2024-46827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46827"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix firmware crash due to invalid peer nss\n\nCurrently, if the access point receives an association\nrequest containing an Extended HE Capabilities Information\nElement with an invalid MCS-NSS, it triggers a firmware\ncrash.\n\nThis issue arises when EHT-PHY capabilities shows support\nfor a bandwidth and MCS-NSS set for that particular\nbandwidth is filled by zeros and due to this, driver obtains\npeer_nss as 0 and sending this value to firmware causes\ncrash.\n\nAddress this issue by implementing a validation step for\nthe peer_nss value before passing it to the firmware. If\nthe value is greater than zero, proceed with forwarding\nit to the firmware. However, if the value is invalid,\nreject the association request to prevent potential\nfirmware crashes.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46827",
"url": "https://www.suse.com/security/cve/CVE-2024-46827"
},
{
"category": "external",
"summary": "SUSE Bug 1231171 for CVE-2024-46827",
"url": "https://bugzilla.suse.com/1231171"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46827"
},
{
"cve": "CVE-2024-46828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46828"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: sch_cake: fix bulk flow accounting logic for host fairness\n\nIn sch_cake, we keep track of the count of active bulk flows per host,\nwhen running in dst/src host fairness mode, which is used as the\nround-robin weight when iterating through flows. The count of active\nbulk flows is updated whenever a flow changes state.\n\nThis has a peculiar interaction with the hash collision handling: when a\nhash collision occurs (after the set-associative hashing), the state of\nthe hash bucket is simply updated to match the new packet that collided,\nand if host fairness is enabled, that also means assigning new per-host\nstate to the flow. For this reason, the bulk flow counters of the\nhost(s) assigned to the flow are decremented, before new state is\nassigned (and the counters, which may not belong to the same host\nanymore, are incremented again).\n\nBack when this code was introduced, the host fairness mode was always\nenabled, so the decrement was unconditional. When the configuration\nflags were introduced the *increment* was made conditional, but\nthe *decrement* was not. Which of course can lead to a spurious\ndecrement (and associated wrap-around to U16_MAX).\n\nAFAICT, when host fairness is disabled, the decrement and wrap-around\nhappens as soon as a hash collision occurs (which is not that common in\nitself, due to the set-associative hashing). However, in most cases this\nis harmless, as the value is only used when host fairness mode is\nenabled. So in order to trigger an array overflow, sch_cake has to first\nbe configured with host fairness disabled, and while running in this\nmode, a hash collision has to occur to cause the overflow. Then, the\nqdisc has to be reconfigured to enable host fairness, which leads to the\narray out-of-bounds because the wrapped-around value is retained and\nused as an array index. It seems that syzbot managed to trigger this,\nwhich is quite impressive in its own right.\n\nThis patch fixes the issue by introducing the same conditional check on\ndecrement as is used on increment.\n\nThe original bug predates the upstreaming of cake, but the commit listed\nin the Fixes tag touched that code, meaning that this patch won\u0027t apply\nbefore that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46828",
"url": "https://www.suse.com/security/cve/CVE-2024-46828"
},
{
"category": "external",
"summary": "SUSE Bug 1231114 for CVE-2024-46828",
"url": "https://bugzilla.suse.com/1231114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46828"
},
{
"cve": "CVE-2024-46830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46830"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Acquire kvm-\u003esrcu when handling KVM_SET_VCPU_EVENTS\n\nGrab kvm-\u003esrcu when processing KVM_SET_VCPU_EVENTS, as KVM will forcibly\nleave nested VMX/SVM if SMM mode is being toggled, and leaving nested VMX\nreads guest memory.\n\nNote, kvm_vcpu_ioctl_x86_set_vcpu_events() can also be called from KVM_RUN\nvia sync_regs(), which already holds SRCU. I.e. trying to precisely use\nkvm_vcpu_srcu_read_lock() around the problematic SMM code would cause\nproblems. Acquiring SRCU isn\u0027t all that expensive, so for simplicity,\ngrab it unconditionally for KVM_SET_VCPU_EVENTS.\n\n =============================\n WARNING: suspicious RCU usage\n 6.10.0-rc7-332d2c1d713e-next-vm #552 Not tainted\n -----------------------------\n include/linux/kvm_host.h:1027 suspicious rcu_dereference_check() usage!\n\n other info that might help us debug this:\n\n rcu_scheduler_active = 2, debug_locks = 1\n 1 lock held by repro/1071:\n #0: ffff88811e424430 (\u0026vcpu-\u003emutex){+.+.}-{3:3}, at: kvm_vcpu_ioctl+0x7d/0x970 [kvm]\n\n stack backtrace:\n CPU: 15 PID: 1071 Comm: repro Not tainted 6.10.0-rc7-332d2c1d713e-next-vm #552\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x7f/0x90\n lockdep_rcu_suspicious+0x13f/0x1a0\n kvm_vcpu_gfn_to_memslot+0x168/0x190 [kvm]\n kvm_vcpu_read_guest+0x3e/0x90 [kvm]\n nested_vmx_load_msr+0x6b/0x1d0 [kvm_intel]\n load_vmcs12_host_state+0x432/0xb40 [kvm_intel]\n vmx_leave_nested+0x30/0x40 [kvm_intel]\n kvm_vcpu_ioctl_x86_set_vcpu_events+0x15d/0x2b0 [kvm]\n kvm_arch_vcpu_ioctl+0x1107/0x1750 [kvm]\n ? mark_held_locks+0x49/0x70\n ? kvm_vcpu_ioctl+0x7d/0x970 [kvm]\n ? kvm_vcpu_ioctl+0x497/0x970 [kvm]\n kvm_vcpu_ioctl+0x497/0x970 [kvm]\n ? lock_acquire+0xba/0x2d0\n ? find_held_lock+0x2b/0x80\n ? do_user_addr_fault+0x40c/0x6f0\n ? lock_release+0xb7/0x270\n __x64_sys_ioctl+0x82/0xb0\n do_syscall_64+0x6c/0x170\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n RIP: 0033:0x7ff11eb1b539\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46830",
"url": "https://www.suse.com/security/cve/CVE-2024-46830"
},
{
"category": "external",
"summary": "SUSE Bug 1231116 for CVE-2024-46830",
"url": "https://bugzilla.suse.com/1231116"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46830"
},
{
"cve": "CVE-2024-46831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46831"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: microchip: vcap: Fix use-after-free error in kunit test\n\nThis is a clear use-after-free error. We remove it, and rely on checking\nthe return code of vcap_del_rule.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46831",
"url": "https://www.suse.com/security/cve/CVE-2024-46831"
},
{
"category": "external",
"summary": "SUSE Bug 1231117 for CVE-2024-46831",
"url": "https://bugzilla.suse.com/1231117"
},
{
"category": "external",
"summary": "SUSE Bug 1236242 for CVE-2024-46831",
"url": "https://bugzilla.suse.com/1236242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-46831"
},
{
"cve": "CVE-2024-46834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46834"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: fail closed if we can\u0027t get max channel used in indirection tables\n\nCommit 0d1b7d6c9274 (\"bnxt: fix crashes when reducing ring count with\nactive RSS contexts\") proves that allowing indirection table to contain\nchannels with out of bounds IDs may lead to crashes. Currently the\nmax channel check in the core gets skipped if driver can\u0027t fetch\nthe indirection table or when we can\u0027t allocate memory.\n\nBoth of those conditions should be extremely rare but if they do\nhappen we should try to be safe and fail the channel change.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46834",
"url": "https://www.suse.com/security/cve/CVE-2024-46834"
},
{
"category": "external",
"summary": "SUSE Bug 1231096 for CVE-2024-46834",
"url": "https://bugzilla.suse.com/1231096"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46834"
},
{
"cve": "CVE-2024-46835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46835"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix smatch static checker warning\n\nadev-\u003egfx.imu.funcs could be NULL",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46835",
"url": "https://www.suse.com/security/cve/CVE-2024-46835"
},
{
"category": "external",
"summary": "SUSE Bug 1231098 for CVE-2024-46835",
"url": "https://bugzilla.suse.com/1231098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46835"
},
{
"cve": "CVE-2024-46836",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46836"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: aspeed_udc: validate endpoint index for ast udc\n\nWe should verify the bound of the array to assure that host\nmay not manipulate the index to point past endpoint array.\n\nFound by static analysis.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46836",
"url": "https://www.suse.com/security/cve/CVE-2024-46836"
},
{
"category": "external",
"summary": "SUSE Bug 1231092 for CVE-2024-46836",
"url": "https://bugzilla.suse.com/1231092"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46836"
},
{
"cve": "CVE-2024-46840",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46840"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: clean up our handling of refs == 0 in snapshot delete\n\nIn reada we BUG_ON(refs == 0), which could be unkind since we aren\u0027t\nholding a lock on the extent leaf and thus could get a transient\nincorrect answer. In walk_down_proc we also BUG_ON(refs == 0), which\ncould happen if we have extent tree corruption. Change that to return\n-EUCLEAN. In do_walk_down() we catch this case and handle it correctly,\nhowever we return -EIO, which -EUCLEAN is a more appropriate error code.\nFinally in walk_up_proc we have the same BUG_ON(refs == 0), so convert\nthat to proper error handling. Also adjust the error message so we can\nactually do something with the information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46840",
"url": "https://www.suse.com/security/cve/CVE-2024-46840"
},
{
"category": "external",
"summary": "SUSE Bug 1231105 for CVE-2024-46840",
"url": "https://bugzilla.suse.com/1231105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46840"
},
{
"cve": "CVE-2024-46841",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46841"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don\u0027t BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()\n\nWe handle errors here properly, ENOMEM isn\u0027t fatal, return the error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46841",
"url": "https://www.suse.com/security/cve/CVE-2024-46841"
},
{
"category": "external",
"summary": "SUSE Bug 1231094 for CVE-2024-46841",
"url": "https://bugzilla.suse.com/1231094"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46841"
},
{
"cve": "CVE-2024-46842",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46842"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info\n\nThe MBX_TIMEOUT return code is not handled in lpfc_get_sfp_info and the\nroutine unconditionally frees submitted mailbox commands regardless of\nreturn status. The issue is that for MBX_TIMEOUT cases, when firmware\nreturns SFP information at a later time, that same mailbox memory region\nreferences previously freed memory in its cmpl routine.\n\nFix by adding checks for the MBX_TIMEOUT return code. During mailbox\nresource cleanup, check the mbox flag to make sure that the wait did not\ntimeout. If the MBOX_WAKE flag is not set, then do not free the resources\nbecause it will be freed when firmware completes the mailbox at a later\ntime in its cmpl routine.\n\nAlso, increase the timeout from 30 to 60 seconds to accommodate boot\nscripts requiring longer timeouts.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46842",
"url": "https://www.suse.com/security/cve/CVE-2024-46842"
},
{
"category": "external",
"summary": "SUSE Bug 1231101 for CVE-2024-46842",
"url": "https://bugzilla.suse.com/1231101"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46842"
},
{
"cve": "CVE-2024-46843",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46843"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Remove SCSI host only if added\n\nIf host tries to remove ufshcd driver from a UFS device it would cause a\nkernel panic if ufshcd_async_scan fails during ufshcd_probe_hba before\nadding a SCSI host with scsi_add_host and MCQ is enabled since SCSI host\nhas been defered after MCQ configuration introduced by commit 0cab4023ec7b\n(\"scsi: ufs: core: Defer adding host to SCSI if MCQ is supported\").\n\nTo guarantee that SCSI host is removed only if it has been added, set the\nscsi_host_added flag to true after adding a SCSI host and check whether it\nis set or not before removing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46843",
"url": "https://www.suse.com/security/cve/CVE-2024-46843"
},
{
"category": "external",
"summary": "SUSE Bug 1231100 for CVE-2024-46843",
"url": "https://bugzilla.suse.com/1231100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46843"
},
{
"cve": "CVE-2024-46845",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46845"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/timerlat: Only clear timer if a kthread exists\n\nThe timerlat tracer can use user space threads to check for osnoise and\ntimer latency. If the program using this is killed via a SIGTERM, the\nthreads are shutdown one at a time and another tracing instance can start\nup resetting the threads before they are fully closed. That causes the\nhrtimer assigned to the kthread to be shutdown and freed twice when the\ndying thread finally closes the file descriptors, causing a use-after-free\nbug.\n\nOnly cancel the hrtimer if the associated thread is still around. Also add\nthe interface_lock around the resetting of the tlat_var-\u003ekthread.\n\nNote, this is just a quick fix that can be backported to stable. A real\nfix is to have a better synchronization between the shutdown of old\nthreads and the starting of new ones.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46845",
"url": "https://www.suse.com/security/cve/CVE-2024-46845"
},
{
"category": "external",
"summary": "SUSE Bug 1231076 for CVE-2024-46845",
"url": "https://bugzilla.suse.com/1231076"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46845"
},
{
"cve": "CVE-2024-46846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46846"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: rockchip: Resolve unbalanced runtime PM / system PM handling\n\nCommit e882575efc77 (\"spi: rockchip: Suspend and resume the bus during\nNOIRQ_SYSTEM_SLEEP_PM ops\") stopped respecting runtime PM status and\nsimply disabled clocks unconditionally when suspending the system. This\ncauses problems when the device is already runtime suspended when we go\nto sleep -- in which case we double-disable clocks and produce a\nWARNing.\n\nSwitch back to pm_runtime_force_{suspend,resume}(), because that still\nseems like the right thing to do, and the aforementioned commit makes no\nexplanation why it stopped using it.\n\nAlso, refactor some of the resume() error handling, because it\u0027s not\nactually a good idea to re-disable clocks on failure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46846",
"url": "https://www.suse.com/security/cve/CVE-2024-46846"
},
{
"category": "external",
"summary": "SUSE Bug 1231075 for CVE-2024-46846",
"url": "https://bugzilla.suse.com/1231075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46846"
},
{
"cve": "CVE-2024-46848",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46848"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/intel: Limit the period on Haswell\n\nRunning the ltp test cve-2015-3290 concurrently reports the following\nwarnings.\n\nperfevents: irq loop stuck!\n WARNING: CPU: 31 PID: 32438 at arch/x86/events/intel/core.c:3174\n intel_pmu_handle_irq+0x285/0x370\n Call Trace:\n \u003cNMI\u003e\n ? __warn+0xa4/0x220\n ? intel_pmu_handle_irq+0x285/0x370\n ? __report_bug+0x123/0x130\n ? intel_pmu_handle_irq+0x285/0x370\n ? __report_bug+0x123/0x130\n ? intel_pmu_handle_irq+0x285/0x370\n ? report_bug+0x3e/0xa0\n ? handle_bug+0x3c/0x70\n ? exc_invalid_op+0x18/0x50\n ? asm_exc_invalid_op+0x1a/0x20\n ? irq_work_claim+0x1e/0x40\n ? intel_pmu_handle_irq+0x285/0x370\n perf_event_nmi_handler+0x3d/0x60\n nmi_handle+0x104/0x330\n\nThanks to Thomas Gleixner\u0027s analysis, the issue is caused by the low\ninitial period (1) of the frequency estimation algorithm, which triggers\nthe defects of the HW, specifically erratum HSW11 and HSW143. (For the\ndetails, please refer https://lore.kernel.org/lkml/87plq9l5d2.ffs@tglx/)\n\nThe HSW11 requires a period larger than 100 for the INST_RETIRED.ALL\nevent, but the initial period in the freq mode is 1. The erratum is the\nsame as the BDM11, which has been supported in the kernel. A minimum\nperiod of 128 is enforced as well on HSW.\n\nHSW143 is regarding that the fixed counter 1 may overcount 32 with the\nHyper-Threading is enabled. However, based on the test, the hardware\nhas more issues than it tells. Besides the fixed counter 1, the message\n\u0027interrupt took too long\u0027 can be observed on any counter which was armed\nwith a period \u003c 32 and two events expired in the same NMI. A minimum\nperiod of 32 is enforced for the rest of the events.\nThe recommended workaround code of the HSW143 is not implemented.\nBecause it only addresses the issue for the fixed counter. It brings\nextra overhead through extra MSR writing. No related overcounting issue\nhas been reported so far.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46848",
"url": "https://www.suse.com/security/cve/CVE-2024-46848"
},
{
"category": "external",
"summary": "SUSE Bug 1231072 for CVE-2024-46848",
"url": "https://bugzilla.suse.com/1231072"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46848"
},
{
"cve": "CVE-2024-46849",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46849"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: meson: axg-card: fix \u0027use-after-free\u0027\n\nBuffer \u0027card-\u003edai_link\u0027 is reallocated in \u0027meson_card_reallocate_links()\u0027,\nso move \u0027pad\u0027 pointer initialization after this function when memory is\nalready reallocated.\n\nKasan bug report:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc\nRead of size 8 at addr ffff000000e8b260 by task modprobe/356\n\nCPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1\nCall trace:\n dump_backtrace+0x94/0xec\n show_stack+0x18/0x24\n dump_stack_lvl+0x78/0x90\n print_report+0xfc/0x5c0\n kasan_report+0xb8/0xfc\n __asan_load8+0x9c/0xb8\n axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card]\n meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils]\n platform_probe+0x8c/0xf4\n really_probe+0x110/0x39c\n __driver_probe_device+0xb8/0x18c\n driver_probe_device+0x108/0x1d8\n __driver_attach+0xd0/0x25c\n bus_for_each_dev+0xe0/0x154\n driver_attach+0x34/0x44\n bus_add_driver+0x134/0x294\n driver_register+0xa8/0x1e8\n __platform_driver_register+0x44/0x54\n axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card]\n do_one_initcall+0xdc/0x25c\n do_init_module+0x10c/0x334\n load_module+0x24c4/0x26cc\n init_module_from_file+0xd4/0x128\n __arm64_sys_finit_module+0x1f4/0x41c\n invoke_syscall+0x60/0x188\n el0_svc_common.constprop.0+0x78/0x13c\n do_el0_svc+0x30/0x40\n el0_svc+0x38/0x78\n el0t_64_sync_handler+0x100/0x12c\n el0t_64_sync+0x190/0x194",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46849",
"url": "https://www.suse.com/security/cve/CVE-2024-46849"
},
{
"category": "external",
"summary": "SUSE Bug 1231073 for CVE-2024-46849",
"url": "https://bugzilla.suse.com/1231073"
},
{
"category": "external",
"summary": "SUSE Bug 1231256 for CVE-2024-46849",
"url": "https://bugzilla.suse.com/1231256"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-46849"
},
{
"cve": "CVE-2024-46851",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46851"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct()\n\ndc_state_destruct() nulls the resource context of the DC state. The pipe\ncontext passed to dcn10_set_drr() is a member of this resource context.\n\nIf dc_state_destruct() is called parallel to the IRQ processing (which\ncalls dcn10_set_drr() at some point), we can end up using already nulled\nfunction callback fields of struct stream_resource.\n\nThe logic in dcn10_set_drr() already tries to avoid this, by checking tg\nagainst NULL. But if the nulling happens exactly after the NULL check and\nbefore the next access, then we get a race.\n\nAvoid this by copying tg first to a local variable, and then use this\nvariable for all the operations. This should work, as long as nobody\nfrees the resource pool where the timing generators live.\n\n(cherry picked from commit a3cc326a43bdc48fbdf53443e1027a03e309b643)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46851",
"url": "https://www.suse.com/security/cve/CVE-2024-46851"
},
{
"category": "external",
"summary": "SUSE Bug 1231081 for CVE-2024-46851",
"url": "https://bugzilla.suse.com/1231081"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46851"
},
{
"cve": "CVE-2024-46852",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46852"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf: heaps: Fix off-by-one in CMA heap fault handler\n\nUntil VM_DONTEXPAND was added in commit 1c1914d6e8c6 (\"dma-buf: heaps:\nDon\u0027t track CMA dma-buf pages under RssFile\") it was possible to obtain\na mapping larger than the buffer size via mremap and bypass the overflow\ncheck in dma_buf_mmap_internal. When using such a mapping to attempt to\nfault past the end of the buffer, the CMA heap fault handler also checks\nthe fault offset against the buffer size, but gets the boundary wrong by\n1. Fix the boundary check so that we don\u0027t read off the end of the pages\narray and insert an arbitrary page in the mapping.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46852",
"url": "https://www.suse.com/security/cve/CVE-2024-46852"
},
{
"category": "external",
"summary": "SUSE Bug 1231082 for CVE-2024-46852",
"url": "https://bugzilla.suse.com/1231082"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46852"
},
{
"cve": "CVE-2024-46853",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46853"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: nxp-fspi: fix the KASAN report out-of-bounds bug\n\nChange the memcpy length to fix the out-of-bounds issue when writing the\ndata that is not 4 byte aligned to TX FIFO.\n\nTo reproduce the issue, write 3 bytes data to NOR chip.\n\ndd if=3b of=/dev/mtd0\n[ 36.926103] ==================================================================\n[ 36.933409] BUG: KASAN: slab-out-of-bounds in nxp_fspi_exec_op+0x26ec/0x2838\n[ 36.940514] Read of size 4 at addr ffff00081037c2a0 by task dd/455\n[ 36.946721]\n[ 36.948235] CPU: 3 UID: 0 PID: 455 Comm: dd Not tainted 6.11.0-rc5-gc7b0e37c8434 #1070\n[ 36.956185] Hardware name: Freescale i.MX8QM MEK (DT)\n[ 36.961260] Call trace:\n[ 36.963723] dump_backtrace+0x90/0xe8\n[ 36.967414] show_stack+0x18/0x24\n[ 36.970749] dump_stack_lvl+0x78/0x90\n[ 36.974451] print_report+0x114/0x5cc\n[ 36.978151] kasan_report+0xa4/0xf0\n[ 36.981670] __asan_report_load_n_noabort+0x1c/0x28\n[ 36.986587] nxp_fspi_exec_op+0x26ec/0x2838\n[ 36.990800] spi_mem_exec_op+0x8ec/0xd30\n[ 36.994762] spi_mem_no_dirmap_read+0x190/0x1e0\n[ 36.999323] spi_mem_dirmap_write+0x238/0x32c\n[ 37.003710] spi_nor_write_data+0x220/0x374\n[ 37.007932] spi_nor_write+0x110/0x2e8\n[ 37.011711] mtd_write_oob_std+0x154/0x1f0\n[ 37.015838] mtd_write_oob+0x104/0x1d0\n[ 37.019617] mtd_write+0xb8/0x12c\n[ 37.022953] mtdchar_write+0x224/0x47c\n[ 37.026732] vfs_write+0x1e4/0x8c8\n[ 37.030163] ksys_write+0xec/0x1d0\n[ 37.033586] __arm64_sys_write+0x6c/0x9c\n[ 37.037539] invoke_syscall+0x6c/0x258\n[ 37.041327] el0_svc_common.constprop.0+0x160/0x22c\n[ 37.046244] do_el0_svc+0x44/0x5c\n[ 37.049589] el0_svc+0x38/0x78\n[ 37.052681] el0t_64_sync_handler+0x13c/0x158\n[ 37.057077] el0t_64_sync+0x190/0x194\n[ 37.060775]\n[ 37.062274] Allocated by task 455:\n[ 37.065701] kasan_save_stack+0x2c/0x54\n[ 37.069570] kasan_save_track+0x20/0x3c\n[ 37.073438] kasan_save_alloc_info+0x40/0x54\n[ 37.077736] __kasan_kmalloc+0xa0/0xb8\n[ 37.081515] __kmalloc_noprof+0x158/0x2f8\n[ 37.085563] mtd_kmalloc_up_to+0x120/0x154\n[ 37.089690] mtdchar_write+0x130/0x47c\n[ 37.093469] vfs_write+0x1e4/0x8c8\n[ 37.096901] ksys_write+0xec/0x1d0\n[ 37.100332] __arm64_sys_write+0x6c/0x9c\n[ 37.104287] invoke_syscall+0x6c/0x258\n[ 37.108064] el0_svc_common.constprop.0+0x160/0x22c\n[ 37.112972] do_el0_svc+0x44/0x5c\n[ 37.116319] el0_svc+0x38/0x78\n[ 37.119401] el0t_64_sync_handler+0x13c/0x158\n[ 37.123788] el0t_64_sync+0x190/0x194\n[ 37.127474]\n[ 37.128977] The buggy address belongs to the object at ffff00081037c2a0\n[ 37.128977] which belongs to the cache kmalloc-8 of size 8\n[ 37.141177] The buggy address is located 0 bytes inside of\n[ 37.141177] allocated 3-byte region [ffff00081037c2a0, ffff00081037c2a3)\n[ 37.153465]\n[ 37.154971] The buggy address belongs to the physical page:\n[ 37.160559] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x89037c\n[ 37.168596] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)\n[ 37.175149] page_type: 0xfdffffff(slab)\n[ 37.179021] raw: 0bfffe0000000000 ffff000800002500 dead000000000122 0000000000000000\n[ 37.186788] raw: 0000000000000000 0000000080800080 00000001fdffffff 0000000000000000\n[ 37.194553] page dumped because: kasan: bad access detected\n[ 37.200144]\n[ 37.201647] Memory state around the buggy address:\n[ 37.206460] ffff00081037c180: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc\n[ 37.213701] ffff00081037c200: fa fc fc fc 05 fc fc fc 03 fc fc fc 02 fc fc fc\n[ 37.220946] \u003effff00081037c280: 06 fc fc fc 03 fc fc fc fc fc fc fc fc fc fc fc\n[ 37.228186] ^\n[ 37.232473] ffff00081037c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[ 37.239718] ffff00081037c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[ 37.246962] ==============================================================\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46853",
"url": "https://www.suse.com/security/cve/CVE-2024-46853"
},
{
"category": "external",
"summary": "SUSE Bug 1231083 for CVE-2024-46853",
"url": "https://bugzilla.suse.com/1231083"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46853"
},
{
"cve": "CVE-2024-46854",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46854"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dpaa: Pad packets to ETH_ZLEN\n\nWhen sending packets under 60 bytes, up to three bytes of the buffer\nfollowing the data may be leaked. Avoid this by extending all packets to\nETH_ZLEN, ensuring nothing is leaked in the padding. This bug can be\nreproduced by running\n\n\t$ ping -s 11 destination",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46854",
"url": "https://www.suse.com/security/cve/CVE-2024-46854"
},
{
"category": "external",
"summary": "SUSE Bug 1231084 for CVE-2024-46854",
"url": "https://bugzilla.suse.com/1231084"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46854"
},
{
"cve": "CVE-2024-46855",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46855"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_socket: fix sk refcount leaks\n\nWe must put \u0027sk\u0027 reference before returning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46855",
"url": "https://www.suse.com/security/cve/CVE-2024-46855"
},
{
"category": "external",
"summary": "SUSE Bug 1231085 for CVE-2024-46855",
"url": "https://bugzilla.suse.com/1231085"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46855"
},
{
"cve": "CVE-2024-46857",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46857"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix bridge mode operations when there are no VFs\n\nCurrently, trying to set the bridge mode attribute when numvfs=0 leads to a\ncrash:\n\nbridge link set dev eth2 hwmode vepa\n\n[ 168.967392] BUG: kernel NULL pointer dereference, address: 0000000000000030\n[...]\n[ 168.969989] RIP: 0010:mlx5_add_flow_rules+0x1f/0x300 [mlx5_core]\n[...]\n[ 168.976037] Call Trace:\n[ 168.976188] \u003cTASK\u003e\n[ 168.978620] _mlx5_eswitch_set_vepa_locked+0x113/0x230 [mlx5_core]\n[ 168.979074] mlx5_eswitch_set_vepa+0x7f/0xa0 [mlx5_core]\n[ 168.979471] rtnl_bridge_setlink+0xe9/0x1f0\n[ 168.979714] rtnetlink_rcv_msg+0x159/0x400\n[ 168.980451] netlink_rcv_skb+0x54/0x100\n[ 168.980675] netlink_unicast+0x241/0x360\n[ 168.980918] netlink_sendmsg+0x1f6/0x430\n[ 168.981162] ____sys_sendmsg+0x3bb/0x3f0\n[ 168.982155] ___sys_sendmsg+0x88/0xd0\n[ 168.985036] __sys_sendmsg+0x59/0xa0\n[ 168.985477] do_syscall_64+0x79/0x150\n[ 168.987273] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 168.987773] RIP: 0033:0x7f8f7950f917\n\n(esw-\u003efdb_table.legacy.vepa_fdb is null)\n\nThe bridge mode is only relevant when there are multiple functions per\nport. Therefore, prevent setting and getting this setting when there are no\nVFs.\n\nNote that after this change, there are no settings to change on the PF\ninterface using `bridge link` when there are no VFs, so the interface no\nlonger appears in the `bridge link` output.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46857",
"url": "https://www.suse.com/security/cve/CVE-2024-46857"
},
{
"category": "external",
"summary": "SUSE Bug 1231087 for CVE-2024-46857",
"url": "https://bugzilla.suse.com/1231087"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46857"
},
{
"cve": "CVE-2024-46859",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46859"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: panasonic-laptop: Fix SINF array out of bounds accesses\n\nThe panasonic laptop code in various places uses the SINF array with index\nvalues of 0 - SINF_CUR_BRIGHT(0x0d) without checking that the SINF array\nis big enough.\n\nNot all panasonic laptops have this many SINF array entries, for example\nthe Toughbook CF-18 model only has 10 SINF array entries. So it only\nsupports the AC+DC brightness entries and mute.\n\nCheck that the SINF array has a minimum size which covers all AC+DC\nbrightness entries and refuse to load if the SINF array is smaller.\n\nFor higher SINF indexes hide the sysfs attributes when the SINF array\ndoes not contain an entry for that attribute, avoiding show()/store()\naccessing the array out of bounds and add bounds checking to the probe()\nand resume() code accessing these.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46859",
"url": "https://www.suse.com/security/cve/CVE-2024-46859"
},
{
"category": "external",
"summary": "SUSE Bug 1231089 for CVE-2024-46859",
"url": "https://bugzilla.suse.com/1231089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46859"
},
{
"cve": "CVE-2024-46860",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46860"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change\n\nWhen disabling wifi mt7921_ipv6_addr_change() is called as a notifier.\nAt this point mvif-\u003ephy is already NULL so we cannot use it here.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46860",
"url": "https://www.suse.com/security/cve/CVE-2024-46860"
},
{
"category": "external",
"summary": "SUSE Bug 1231093 for CVE-2024-46860",
"url": "https://bugzilla.suse.com/1231093"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46860"
},
{
"cve": "CVE-2024-46861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46861"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: do not stop RX on failing RX callback\n\nRX callbacks can fail for multiple reasons:\n\n* Payload too short\n* Payload formatted incorrecly (e.g. bad NCM framing)\n* Lack of memory\n\nNone of these should cause the driver to seize up.\n\nMake such failures non-critical and continue processing further\nincoming URBs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46861",
"url": "https://www.suse.com/security/cve/CVE-2024-46861"
},
{
"category": "external",
"summary": "SUSE Bug 1231102 for CVE-2024-46861",
"url": "https://bugzilla.suse.com/1231102"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46861"
},
{
"cve": "CVE-2024-46864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46864"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/hyperv: fix kexec crash due to VP assist page corruption\n\ncommit 9636be85cc5b (\"x86/hyperv: Fix hyperv_pcpu_input_arg handling when\nCPUs go online/offline\") introduces a new cpuhp state for hyperv\ninitialization.\n\ncpuhp_setup_state() returns the state number if state is\nCPUHP_AP_ONLINE_DYN or CPUHP_BP_PREPARE_DYN and 0 for all other states.\nFor the hyperv case, since a new cpuhp state was introduced it would\nreturn 0. However, in hv_machine_shutdown(), the cpuhp_remove_state() call\nis conditioned upon \"hyperv_init_cpuhp \u003e 0\". This will never be true and\nso hv_cpu_die() won\u0027t be called on all CPUs. This means the VP assist page\nwon\u0027t be reset. When the kexec kernel tries to setup the VP assist page\nagain, the hypervisor corrupts the memory region of the old VP assist page\ncausing a panic in case the kexec kernel is using that memory elsewhere.\nThis was originally fixed in commit dfe94d4086e4 (\"x86/hyperv: Fix kexec\npanic/hang issues\").\n\nGet rid of hyperv_init_cpuhp entirely since we are no longer using a\ndynamic cpuhp state and use CPUHP_AP_HYPERV_ONLINE directly with\ncpuhp_remove_state().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46864",
"url": "https://www.suse.com/security/cve/CVE-2024-46864"
},
{
"category": "external",
"summary": "SUSE Bug 1231108 for CVE-2024-46864",
"url": "https://bugzilla.suse.com/1231108"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46864"
},
{
"cve": "CVE-2024-46870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46870"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Disable DMCUB timeout for DCN35\n\n[Why]\nDMCUB can intermittently take longer than expected to process commands.\n\nOld ASIC policy was to continue while logging a diagnostic error - which\nworks fine for ASIC without IPS, but with IPS this could lead to a race\ncondition where we attempt to access DCN state while it\u0027s inaccessible,\nleading to a system hang when the NIU port is not disabled or register\naccesses that timeout and the display configuration in an undefined\nstate.\n\n[How]\nWe need to investigate why these accesses take longer than expected, but\nfor now we should disable the timeout on DCN35 to avoid this race\ncondition. Since the waits happen only at lower interrupt levels the\nrisk of taking too long at higher IRQ and causing a system watchdog\ntimeout are minimal.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46870",
"url": "https://www.suse.com/security/cve/CVE-2024-46870"
},
{
"category": "external",
"summary": "SUSE Bug 1231435 for CVE-2024-46870",
"url": "https://bugzilla.suse.com/1231435"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46870"
},
{
"cve": "CVE-2024-46871",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46871"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX\n\n[Why \u0026 How]\nIt actually exposes \u00276\u0027 types in enum dmub_notification_type. Not 5. Using smaller\nnumber to create array dmub_callback \u0026 dmub_thread_offload has potential to access\nitem out of array bound. Fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46871",
"url": "https://www.suse.com/security/cve/CVE-2024-46871"
},
{
"category": "external",
"summary": "SUSE Bug 1231434 for CVE-2024-46871",
"url": "https://bugzilla.suse.com/1231434"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-46871"
},
{
"cve": "CVE-2024-47658",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47658"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: stm32/cryp - call finalize with bh disabled\n\nThe finalize operation in interrupt mode produce a produces a spinlock\nrecursion warning. The reason is the fact that BH must be disabled\nduring this process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47658",
"url": "https://www.suse.com/security/cve/CVE-2024-47658"
},
{
"category": "external",
"summary": "SUSE Bug 1231436 for CVE-2024-47658",
"url": "https://bugzilla.suse.com/1231436"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47658"
},
{
"cve": "CVE-2024-47660",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47660"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfsnotify: clear PARENT_WATCHED flags lazily\n\nIn some setups directories can have many (usually negative) dentries.\nHence __fsnotify_update_child_dentry_flags() function can take a\nsignificant amount of time. Since the bulk of this function happens\nunder inode-\u003ei_lock this causes a significant contention on the lock\nwhen we remove the watch from the directory as the\n__fsnotify_update_child_dentry_flags() call from fsnotify_recalc_mask()\nraces with __fsnotify_update_child_dentry_flags() calls from\n__fsnotify_parent() happening on children. This can lead upto softlockup\nreports reported by users.\n\nFix the problem by calling fsnotify_update_children_dentry_flags() to\nset PARENT_WATCHED flags only when parent starts watching children.\n\nWhen parent stops watching children, clear false positive PARENT_WATCHED\nflags lazily in __fsnotify_parent() for each accessed child.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47660",
"url": "https://www.suse.com/security/cve/CVE-2024-47660"
},
{
"category": "external",
"summary": "SUSE Bug 1231439 for CVE-2024-47660",
"url": "https://bugzilla.suse.com/1231439"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "low"
}
],
"title": "CVE-2024-47660"
},
{
"cve": "CVE-2024-47661",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47661"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid overflow from uint32_t to uint8_t\n\n[WHAT \u0026 HOW]\ndmub_rb_cmd\u0027s ramping_boundary has size of uint8_t and it is assigned\n0xFFFF. Fix it by changing it to uint8_t with value of 0xFF.\n\nThis fixes 2 INTEGER_OVERFLOW issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47661",
"url": "https://www.suse.com/security/cve/CVE-2024-47661"
},
{
"category": "external",
"summary": "SUSE Bug 1231496 for CVE-2024-47661",
"url": "https://bugzilla.suse.com/1231496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47661"
},
{
"cve": "CVE-2024-47662",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47662"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Remove register from DCN35 DMCUB diagnostic collection\n\n[Why]\nThese registers should not be read from driver and triggering the\nsecurity violation when DMCUB work times out and diagnostics are\ncollected blocks Z8 entry.\n\n[How]\nRemove the register read from DCN35.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47662",
"url": "https://www.suse.com/security/cve/CVE-2024-47662"
},
{
"category": "external",
"summary": "SUSE Bug 1231440 for CVE-2024-47662",
"url": "https://bugzilla.suse.com/1231440"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47662"
},
{
"cve": "CVE-2024-47663",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47663"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: iio: frequency: ad9834: Validate frequency parameter value\n\nIn ad9834_write_frequency() clk_get_rate() can return 0. In such case\nad9834_calc_freqreg() call will lead to division by zero. Checking\n\u0027if (fout \u003e (clk_freq / 2))\u0027 doesn\u0027t protect in case of \u0027fout\u0027 is 0.\nad9834_write_frequency() is called from ad9834_write(), where fout is\ntaken from text buffer, which can contain any value.\n\nModify parameters checking.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47663",
"url": "https://www.suse.com/security/cve/CVE-2024-47663"
},
{
"category": "external",
"summary": "SUSE Bug 1231441 for CVE-2024-47663",
"url": "https://bugzilla.suse.com/1231441"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47663"
},
{
"cve": "CVE-2024-47664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47664"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware\n\nIf the value of max_speed_hz is 0, it may cause a division by zero\nerror in hisi_calc_effective_speed().\nThe value of max_speed_hz is provided by firmware.\nFirmware is generally considered as a trusted domain. However, as\ndivision by zero errors can cause system failure, for defense measure,\nthe value of max_speed is validated here. So 0 is regarded as invalid\nand an error code is returned.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47664",
"url": "https://www.suse.com/security/cve/CVE-2024-47664"
},
{
"category": "external",
"summary": "SUSE Bug 1231442 for CVE-2024-47664",
"url": "https://bugzilla.suse.com/1231442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47664"
},
{
"cve": "CVE-2024-47665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47665"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup\n\nDefinitely condition dma_get_cache_alignment * defined value \u003e 256\nduring driver initialization is not reason to BUG_ON(). Turn that to\ngraceful error out with -EINVAL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47665",
"url": "https://www.suse.com/security/cve/CVE-2024-47665"
},
{
"category": "external",
"summary": "SUSE Bug 1231452 for CVE-2024-47665",
"url": "https://bugzilla.suse.com/1231452"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47665"
},
{
"cve": "CVE-2024-47666",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47666"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm80xx: Set phy-\u003eenable_completion only when we wait for it\n\npm8001_phy_control() populates the enable_completion pointer with a stack\naddress, sends a PHY_LINK_RESET / PHY_HARD_RESET, waits 300 ms, and\nreturns. The problem arises when a phy control response comes late. After\n300 ms the pm8001_phy_control() function returns and the passed\nenable_completion stack address is no longer valid. Late phy control\nresponse invokes complete() on a dangling enable_completion pointer which\nleads to a kernel crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47666",
"url": "https://www.suse.com/security/cve/CVE-2024-47666"
},
{
"category": "external",
"summary": "SUSE Bug 1231453 for CVE-2024-47666",
"url": "https://bugzilla.suse.com/1231453"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47666"
},
{
"cve": "CVE-2024-47667",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47667"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)\n\nErrata #i2037 in AM65x/DRA80xM Processors Silicon Revision 1.0\n(SPRZ452D_July 2018_Revised December 2019 [1]) mentions when an\ninbound PCIe TLP spans more than two internal AXI 128-byte bursts,\nthe bus may corrupt the packet payload and the corrupt data may\ncause associated applications or the processor to hang.\n\nThe workaround for Errata #i2037 is to limit the maximum read\nrequest size and maximum payload size to 128 bytes. Add workaround\nfor Errata #i2037 here.\n\nThe errata and workaround is applicable only to AM65x SR 1.0 and\nlater versions of the silicon will have this fixed.\n\n[1] -\u003e https://www.ti.com/lit/er/sprz452i/sprz452i.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47667",
"url": "https://www.suse.com/security/cve/CVE-2024-47667"
},
{
"category": "external",
"summary": "SUSE Bug 1231481 for CVE-2024-47667",
"url": "https://bugzilla.suse.com/1231481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47667"
},
{
"cve": "CVE-2024-47668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()\n\nIf we need to increase the tree depth, allocate a new node, and then\nrace with another thread that increased the tree depth before us, we\u0027ll\nstill have a preallocated node that might be used later.\n\nIf we then use that node for a new non-root node, it\u0027ll still have a\npointer to the old root instead of being zeroed - fix this by zeroing it\nin the cmpxchg failure path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47668",
"url": "https://www.suse.com/security/cve/CVE-2024-47668"
},
{
"category": "external",
"summary": "SUSE Bug 1231502 for CVE-2024-47668",
"url": "https://bugzilla.suse.com/1231502"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47668"
},
{
"cve": "CVE-2024-47669",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47669"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix state management in error path of log writing function\n\nAfter commit a694291a6211 (\"nilfs2: separate wait function from\nnilfs_segctor_write\") was applied, the log writing function\nnilfs_segctor_do_construct() was able to issue I/O requests continuously\neven if user data blocks were split into multiple logs across segments,\nbut two potential flaws were introduced in its error handling.\n\nFirst, if nilfs_segctor_begin_construction() fails while creating the\nsecond or subsequent logs, the log writing function returns without\ncalling nilfs_segctor_abort_construction(), so the writeback flag set on\npages/folios will remain uncleared. This causes page cache operations to\nhang waiting for the writeback flag. For example,\ntruncate_inode_pages_final(), which is called via nilfs_evict_inode() when\nan inode is evicted from memory, will hang.\n\nSecond, the NILFS_I_COLLECTED flag set on normal inodes remain uncleared. \nAs a result, if the next log write involves checkpoint creation, that\u0027s\nfine, but if a partial log write is performed that does not, inodes with\nNILFS_I_COLLECTED set are erroneously removed from the \"sc_dirty_files\"\nlist, and their data and b-tree blocks may not be written to the device,\ncorrupting the block mapping.\n\nFix these issues by uniformly calling nilfs_segctor_abort_construction()\non failure of each step in the loop in nilfs_segctor_do_construct(),\nhaving it clean up logs and segment usages according to progress, and\ncorrecting the conditions for calling nilfs_redirty_inodes() to ensure\nthat the NILFS_I_COLLECTED flag is cleared.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47669",
"url": "https://www.suse.com/security/cve/CVE-2024-47669"
},
{
"category": "external",
"summary": "SUSE Bug 1231474 for CVE-2024-47669",
"url": "https://bugzilla.suse.com/1231474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47669"
},
{
"cve": "CVE-2024-47670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47670"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: add bounds checking to ocfs2_xattr_find_entry()\n\nAdd a paranoia check to make sure it doesn\u0027t stray beyond valid memory\nregion containing ocfs2 xattr entries when scanning for a match. It will\nprevent out-of-bound access in case of crafted images.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47670",
"url": "https://www.suse.com/security/cve/CVE-2024-47670"
},
{
"category": "external",
"summary": "SUSE Bug 1231537 for CVE-2024-47670",
"url": "https://bugzilla.suse.com/1231537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47670"
},
{
"cve": "CVE-2024-47671",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47671"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: usbtmc: prevent kernel-usb-infoleak\n\nThe syzbot reported a kernel-usb-infoleak in usbtmc_write,\nwe need to clear the structure before filling fields.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47671",
"url": "https://www.suse.com/security/cve/CVE-2024-47671"
},
{
"category": "external",
"summary": "SUSE Bug 1231541 for CVE-2024-47671",
"url": "https://bugzilla.suse.com/1231541"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47671"
},
{
"cve": "CVE-2024-47672",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47672"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don\u0027t wait for tx queues if firmware is dead\n\nThere is a WARNING in iwl_trans_wait_tx_queues_empty() (that was\nrecently converted from just a message), that can be hit if we\nwait for TX queues to become empty after firmware died. Clearly,\nwe can\u0027t expect anything from the firmware after it\u0027s declared dead.\n\nDon\u0027t call iwl_trans_wait_tx_queues_empty() in this case. While it could\nbe a good idea to stop the flow earlier, the flush functions do some\nmaintenance work that is not related to the firmware, so keep that part\nof the code running even when the firmware is not running.\n\n[edit commit message]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47672",
"url": "https://www.suse.com/security/cve/CVE-2024-47672"
},
{
"category": "external",
"summary": "SUSE Bug 1231540 for CVE-2024-47672",
"url": "https://bugzilla.suse.com/1231540"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47672"
},
{
"cve": "CVE-2024-47673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47673"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: pause TCM when the firmware is stopped\n\nNot doing so will make us send a host command to the transport while the\nfirmware is not alive, which will trigger a WARNING.\n\nbad state = 0\nWARNING: CPU: 2 PID: 17434 at drivers/net/wireless/intel/iwlwifi/iwl-trans.c:115 iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi]\nRIP: 0010:iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi]\nCall Trace:\n \u003cTASK\u003e\n iwl_mvm_send_cmd+0x40/0xc0 [iwlmvm]\n iwl_mvm_config_scan+0x198/0x260 [iwlmvm]\n iwl_mvm_recalc_tcm+0x730/0x11d0 [iwlmvm]\n iwl_mvm_tcm_work+0x1d/0x30 [iwlmvm]\n process_one_work+0x29e/0x640\n worker_thread+0x2df/0x690\n ? rescuer_thread+0x540/0x540\n kthread+0x192/0x1e0\n ? set_kthread_struct+0x90/0x90\n ret_from_fork+0x22/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47673",
"url": "https://www.suse.com/security/cve/CVE-2024-47673"
},
{
"category": "external",
"summary": "SUSE Bug 1231539 for CVE-2024-47673",
"url": "https://bugzilla.suse.com/1231539"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47673"
},
{
"cve": "CVE-2024-47674",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47674"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: avoid leaving partial pfn mappings around in error case\n\nAs Jann points out, PFN mappings are special, because unlike normal\nmemory mappings, there is no lifetime information associated with the\nmapping - it is just a raw mapping of PFNs with no reference counting of\na \u0027struct page\u0027.\n\nThat\u0027s all very much intentional, but it does mean that it\u0027s easy to\nmess up the cleanup in case of errors. Yes, a failed mmap() will always\neventually clean up any partial mappings, but without any explicit\nlifetime in the page table mapping itself, it\u0027s very easy to do the\nerror handling in the wrong order.\n\nIn particular, it\u0027s easy to mistakenly free the physical backing store\nbefore the page tables are actually cleaned up and (temporarily) have\nstale dangling PTE entries.\n\nTo make this situation less error-prone, just make sure that any partial\npfn mapping is torn down early, before any other error handling.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47674",
"url": "https://www.suse.com/security/cve/CVE-2024-47674"
},
{
"category": "external",
"summary": "SUSE Bug 1231673 for CVE-2024-47674",
"url": "https://bugzilla.suse.com/1231673"
},
{
"category": "external",
"summary": "SUSE Bug 1231676 for CVE-2024-47674",
"url": "https://bugzilla.suse.com/1231676"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-47674"
},
{
"cve": "CVE-2024-47675",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47675"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix use-after-free in bpf_uprobe_multi_link_attach()\n\nIf bpf_link_prime() fails, bpf_uprobe_multi_link_attach() goes to the\nerror_free label and frees the array of bpf_uprobe\u0027s without calling\nbpf_uprobe_unregister().\n\nThis leaks bpf_uprobe-\u003euprobe and worse, this frees bpf_uprobe-\u003econsumer\nwithout removing it from the uprobe-\u003econsumers list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47675",
"url": "https://www.suse.com/security/cve/CVE-2024-47675"
},
{
"category": "external",
"summary": "SUSE Bug 1231926 for CVE-2024-47675",
"url": "https://bugzilla.suse.com/1231926"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47675"
},
{
"cve": "CVE-2024-47679",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47679"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfs: fix race between evice_inodes() and find_inode()\u0026iput()\n\nHi, all\n\nRecently I noticed a bug[1] in btrfs, after digged it into\nand I believe it\u0027a race in vfs.\n\nLet\u0027s assume there\u0027s a inode (ie ino 261) with i_count 1 is\ncalled by iput(), and there\u0027s a concurrent thread calling\ngeneric_shutdown_super().\n\ncpu0: cpu1:\niput() // i_count is 1\n -\u003espin_lock(inode)\n -\u003edec i_count to 0\n -\u003eiput_final() generic_shutdown_super()\n -\u003e__inode_add_lru() -\u003eevict_inodes()\n // cause some reason[2] -\u003eif (atomic_read(inode-\u003ei_count)) continue;\n // return before // inode 261 passed the above check\n // list_lru_add_obj() // and then schedule out\n -\u003espin_unlock()\n// note here: the inode 261\n// was still at sb list and hash list,\n// and I_FREEING|I_WILL_FREE was not been set\n\nbtrfs_iget()\n // after some function calls\n -\u003efind_inode()\n // found the above inode 261\n -\u003espin_lock(inode)\n // check I_FREEING|I_WILL_FREE\n // and passed\n -\u003e__iget()\n -\u003espin_unlock(inode) // schedule back\n -\u003espin_lock(inode)\n // check (I_NEW|I_FREEING|I_WILL_FREE) flags,\n // passed and set I_FREEING\niput() -\u003espin_unlock(inode)\n -\u003espin_lock(inode)\t\t\t -\u003eevict()\n // dec i_count to 0\n -\u003eiput_final()\n -\u003espin_unlock()\n -\u003eevict()\n\nNow, we have two threads simultaneously evicting\nthe same inode, which may trigger the BUG(inode-\u003ei_state \u0026 I_CLEAR)\nstatement both within clear_inode() and iput().\n\nTo fix the bug, recheck the inode-\u003ei_count after holding i_lock.\nBecause in the most scenarios, the first check is valid, and\nthe overhead of spin_lock() can be reduced.\n\nIf there is any misunderstanding, please let me know, thanks.\n\n[1]: https://lore.kernel.org/linux-btrfs/000000000000eabe1d0619c48986@google.com/\n[2]: The reason might be 1. SB_ACTIVE was removed or 2. mapping_shrinkable()\nreturn false when I reproduced the bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47679",
"url": "https://www.suse.com/security/cve/CVE-2024-47679"
},
{
"category": "external",
"summary": "SUSE Bug 1231930 for CVE-2024-47679",
"url": "https://bugzilla.suse.com/1231930"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47679"
},
{
"cve": "CVE-2024-47681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47681"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7996: fix NULL pointer dereference in mt7996_mcu_sta_bfer_he\n\nFix the NULL pointer dereference in mt7996_mcu_sta_bfer_he\nroutine adding an sta interface to the mt7996 driver.\n\nFound by code review.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47681",
"url": "https://www.suse.com/security/cve/CVE-2024-47681"
},
{
"category": "external",
"summary": "SUSE Bug 1231855 for CVE-2024-47681",
"url": "https://bugzilla.suse.com/1231855"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47681"
},
{
"cve": "CVE-2024-47682",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47682"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: sd: Fix off-by-one error in sd_read_block_characteristics()\n\nFf the device returns page 0xb1 with length 8 (happens with qemu v2.x, for\nexample), sd_read_block_characteristics() may attempt an out-of-bounds\nmemory access when accessing the zoned field at offset 8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47682",
"url": "https://www.suse.com/security/cve/CVE-2024-47682"
},
{
"category": "external",
"summary": "SUSE Bug 1231856 for CVE-2024-47682",
"url": "https://bugzilla.suse.com/1231856"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47682"
},
{
"cve": "CVE-2024-47684",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47684"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: check skb is non-NULL in tcp_rto_delta_us()\n\nWe have some machines running stock Ubuntu 20.04.6 which is their 5.4.0-174-generic\nkernel that are running ceph and recently hit a null ptr dereference in\ntcp_rearm_rto(). Initially hitting it from the TLP path, but then later we also\nsaw it getting hit from the RACK case as well. Here are examples of the oops\nmessages we saw in each of those cases:\n\nJul 26 15:05:02 rx [11061395.780353] BUG: kernel NULL pointer dereference, address: 0000000000000020\nJul 26 15:05:02 rx [11061395.787572] #PF: supervisor read access in kernel mode\nJul 26 15:05:02 rx [11061395.792971] #PF: error_code(0x0000) - not-present page\nJul 26 15:05:02 rx [11061395.798362] PGD 0 P4D 0\nJul 26 15:05:02 rx [11061395.801164] Oops: 0000 [#1] SMP NOPTI\nJul 26 15:05:02 rx [11061395.805091] CPU: 0 PID: 9180 Comm: msgr-worker-1 Tainted: G W 5.4.0-174-generic #193-Ubuntu\nJul 26 15:05:02 rx [11061395.814996] Hardware name: Supermicro SMC 2x26 os-gen8 64C NVME-Y 256G/H12SSW-NTR, BIOS 2.5.V1.2U.NVMe.UEFI 05/09/2023\nJul 26 15:05:02 rx [11061395.825952] RIP: 0010:tcp_rearm_rto+0xe4/0x160\nJul 26 15:05:02 rx [11061395.830656] Code: 87 ca 04 00 00 00 5b 41 5c 41 5d 5d c3 c3 49 8b bc 24 40 06 00 00 eb 8d 48 bb cf f7 53 e3 a5 9b c4 20 4c 89 ef e8 0c fe 0e 00 \u003c48\u003e 8b 78 20 48 c1 ef 03 48 89 f8 41 8b bc 24 80 04 00 00 48 f7 e3\nJul 26 15:05:02 rx [11061395.849665] RSP: 0018:ffffb75d40003e08 EFLAGS: 00010246\nJul 26 15:05:02 rx [11061395.855149] RAX: 0000000000000000 RBX: 20c49ba5e353f7cf RCX: 0000000000000000\nJul 26 15:05:02 rx [11061395.862542] RDX: 0000000062177c30 RSI: 000000000000231c RDI: ffff9874ad283a60\nJul 26 15:05:02 rx [11061395.869933] RBP: ffffb75d40003e20 R08: 0000000000000000 R09: ffff987605e20aa8\nJul 26 15:05:02 rx [11061395.877318] R10: ffffb75d40003f00 R11: ffffb75d4460f740 R12: ffff9874ad283900\nJul 26 15:05:02 rx [11061395.884710] R13: ffff9874ad283a60 R14: ffff9874ad283980 R15: ffff9874ad283d30\nJul 26 15:05:02 rx [11061395.892095] FS: 00007f1ef4a2e700(0000) GS:ffff987605e00000(0000) knlGS:0000000000000000\nJul 26 15:05:02 rx [11061395.900438] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nJul 26 15:05:02 rx [11061395.906435] CR2: 0000000000000020 CR3: 0000003e450ba003 CR4: 0000000000760ef0\nJul 26 15:05:02 rx [11061395.913822] PKRU: 55555554\nJul 26 15:05:02 rx [11061395.916786] Call Trace:\nJul 26 15:05:02 rx [11061395.919488]\nJul 26 15:05:02 rx [11061395.921765] ? show_regs.cold+0x1a/0x1f\nJul 26 15:05:02 rx [11061395.925859] ? __die+0x90/0xd9\nJul 26 15:05:02 rx [11061395.929169] ? no_context+0x196/0x380\nJul 26 15:05:02 rx [11061395.933088] ? ip6_protocol_deliver_rcu+0x4e0/0x4e0\nJul 26 15:05:02 rx [11061395.938216] ? ip6_sublist_rcv_finish+0x3d/0x50\nJul 26 15:05:02 rx [11061395.943000] ? __bad_area_nosemaphore+0x50/0x1a0\nJul 26 15:05:02 rx [11061395.947873] ? bad_area_nosemaphore+0x16/0x20\nJul 26 15:05:02 rx [11061395.952486] ? do_user_addr_fault+0x267/0x450\nJul 26 15:05:02 rx [11061395.957104] ? ipv6_list_rcv+0x112/0x140\nJul 26 15:05:02 rx [11061395.961279] ? __do_page_fault+0x58/0x90\nJul 26 15:05:02 rx [11061395.965458] ? do_page_fault+0x2c/0xe0\nJul 26 15:05:02 rx [11061395.969465] ? page_fault+0x34/0x40\nJul 26 15:05:02 rx [11061395.973217] ? tcp_rearm_rto+0xe4/0x160\nJul 26 15:05:02 rx [11061395.977313] ? tcp_rearm_rto+0xe4/0x160\nJul 26 15:05:02 rx [11061395.981408] tcp_send_loss_probe+0x10b/0x220\nJul 26 15:05:02 rx [11061395.985937] tcp_write_timer_handler+0x1b4/0x240\nJul 26 15:05:02 rx [11061395.990809] tcp_write_timer+0x9e/0xe0\nJul 26 15:05:02 rx [11061395.994814] ? tcp_write_timer_handler+0x240/0x240\nJul 26 15:05:02 rx [11061395.999866] call_timer_fn+0x32/0x130\nJul 26 15:05:02 rx [11061396.003782] __run_timers.part.0+0x180/0x280\nJul 26 15:05:02 rx [11061396.008309] ? recalibrate_cpu_khz+0x10/0x10\nJul 26 15:05:02 rx [11061396.012841] ? native_x2apic_icr_write+0x30/0x30\nJul 26 15:05:02 rx [11061396.017718] ? lapic_next_even\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47684",
"url": "https://www.suse.com/security/cve/CVE-2024-47684"
},
{
"category": "external",
"summary": "SUSE Bug 1231987 for CVE-2024-47684",
"url": "https://bugzilla.suse.com/1231987"
},
{
"category": "external",
"summary": "SUSE Bug 1231993 for CVE-2024-47684",
"url": "https://bugzilla.suse.com/1231993"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-47684"
},
{
"cve": "CVE-2024-47685",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47685"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()\n\nsyzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending\ngarbage on the four reserved tcp bits (th-\u003eres1)\n\nUse skb_put_zero() to clear the whole TCP header,\nas done in nf_reject_ip_tcphdr_put()\n\nBUG: KMSAN: uninit-value in nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255\n nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255\n nf_send_reset6+0xd84/0x15b0 net/ipv6/netfilter/nf_reject_ipv6.c:344\n nft_reject_inet_eval+0x3c1/0x880 net/netfilter/nft_reject_inet.c:48\n expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]\n nft_do_chain+0x438/0x22a0 net/netfilter/nf_tables_core.c:288\n nft_do_chain_inet+0x41a/0x4f0 net/netfilter/nft_chain_filter.c:161\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\n nf_hook include/linux/netfilter.h:269 [inline]\n NF_HOOK include/linux/netfilter.h:312 [inline]\n ipv6_rcv+0x29b/0x390 net/ipv6/ip6_input.c:310\n __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\n __netif_receive_skb+0x1da/0xa00 net/core/dev.c:5775\n process_backlog+0x4ad/0xa50 net/core/dev.c:6108\n __napi_poll+0xe7/0x980 net/core/dev.c:6772\n napi_poll net/core/dev.c:6841 [inline]\n net_rx_action+0xa5a/0x19b0 net/core/dev.c:6963\n handle_softirqs+0x1ce/0x800 kernel/softirq.c:554\n __do_softirq+0x14/0x1a kernel/softirq.c:588\n do_softirq+0x9a/0x100 kernel/softirq.c:455\n __local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:382\n local_bh_enable include/linux/bottom_half.h:33 [inline]\n rcu_read_unlock_bh include/linux/rcupdate.h:908 [inline]\n __dev_queue_xmit+0x2692/0x5610 net/core/dev.c:4450\n dev_queue_xmit include/linux/netdevice.h:3105 [inline]\n neigh_resolve_output+0x9ca/0xae0 net/core/neighbour.c:1565\n neigh_output include/net/neighbour.h:542 [inline]\n ip6_finish_output2+0x2347/0x2ba0 net/ipv6/ip6_output.c:141\n __ip6_finish_output net/ipv6/ip6_output.c:215 [inline]\n ip6_finish_output+0xbb8/0x14b0 net/ipv6/ip6_output.c:226\n NF_HOOK_COND include/linux/netfilter.h:303 [inline]\n ip6_output+0x356/0x620 net/ipv6/ip6_output.c:247\n dst_output include/net/dst.h:450 [inline]\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ip6_xmit+0x1ba6/0x25d0 net/ipv6/ip6_output.c:366\n inet6_csk_xmit+0x442/0x530 net/ipv6/inet6_connection_sock.c:135\n __tcp_transmit_skb+0x3b07/0x4880 net/ipv4/tcp_output.c:1466\n tcp_transmit_skb net/ipv4/tcp_output.c:1484 [inline]\n tcp_connect+0x35b6/0x7130 net/ipv4/tcp_output.c:4143\n tcp_v6_connect+0x1bcc/0x1e40 net/ipv6/tcp_ipv6.c:333\n __inet_stream_connect+0x2ef/0x1730 net/ipv4/af_inet.c:679\n inet_stream_connect+0x6a/0xd0 net/ipv4/af_inet.c:750\n __sys_connect_file net/socket.c:2061 [inline]\n __sys_connect+0x606/0x690 net/socket.c:2078\n __do_sys_connect net/socket.c:2088 [inline]\n __se_sys_connect net/socket.c:2085 [inline]\n __x64_sys_connect+0x91/0xe0 net/socket.c:2085\n x64_sys_call+0x27a5/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:43\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was stored to memory at:\n nf_reject_ip6_tcphdr_put+0x60c/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:249\n nf_send_reset6+0xd84/0x15b0 net/ipv6/netfilter/nf_reject_ipv6.c:344\n nft_reject_inet_eval+0x3c1/0x880 net/netfilter/nft_reject_inet.c:48\n expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]\n nft_do_chain+0x438/0x22a0 net/netfilter/nf_tables_core.c:288\n nft_do_chain_inet+0x41a/0x4f0 net/netfilter/nft_chain_filter.c:161\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\n nf_hook include/linux/netfilter.h:269 [inline]\n NF_HOOK include/linux/netfilter.h:312 [inline]\n ipv6_rcv+0x29b/0x390 net/ipv6/ip6_input.c:310\n __netif_receive_skb_one_core\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47685",
"url": "https://www.suse.com/security/cve/CVE-2024-47685"
},
{
"category": "external",
"summary": "SUSE Bug 1231998 for CVE-2024-47685",
"url": "https://bugzilla.suse.com/1231998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47685"
},
{
"cve": "CVE-2024-47686",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47686"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nep93xx: clock: Fix off by one in ep93xx_div_recalc_rate()\n\nThe psc-\u003ediv[] array has psc-\u003enum_div elements. These values come from\nwhen we call clk_hw_register_div(). It\u0027s adc_divisors and\nARRAY_SIZE(adc_divisors)) and so on. So this condition needs to be \u003e=\ninstead of \u003e to prevent an out of bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47686",
"url": "https://www.suse.com/security/cve/CVE-2024-47686"
},
{
"category": "external",
"summary": "SUSE Bug 1232000 for CVE-2024-47686",
"url": "https://bugzilla.suse.com/1232000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "low"
}
],
"title": "CVE-2024-47686"
},
{
"cve": "CVE-2024-47687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47687"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa/mlx5: Fix invalid mr resource destroy\n\nCertain error paths from mlx5_vdpa_dev_add() can end up releasing mr\nresources which never got initialized in the first place.\n\nThis patch adds the missing check in mlx5_vdpa_destroy_mr_resources()\nto block releasing non-initialized mr resources.\n\nReference trace:\n\n mlx5_core 0000:08:00.2: mlx5_vdpa_dev_add:3274:(pid 2700) warning: No mac address provisioned?\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 140216067 P4D 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 8 PID: 2700 Comm: vdpa Kdump: loaded Not tainted 5.14.0-496.el9.x86_64 #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n RIP: 0010:vhost_iotlb_del_range+0xf/0xe0 [vhost_iotlb]\n Code: [...]\n RSP: 0018:ff1c823ac23077f0 EFLAGS: 00010246\n RAX: ffffffffc1a21a60 RBX: ffffffff899567a0 RCX: 0000000000000000\n RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ff1bda1f7c21e800 R08: 0000000000000000 R09: ff1c823ac2307670\n R10: ff1c823ac2307668 R11: ffffffff8a9e7b68 R12: 0000000000000000\n R13: 0000000000000000 R14: ff1bda1f43e341a0 R15: 00000000ffffffea\n FS: 00007f56eba7c740(0000) GS:ff1bda269f800000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 0000000104d90001 CR4: 0000000000771ef0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n\n ? show_trace_log_lvl+0x1c4/0x2df\n ? show_trace_log_lvl+0x1c4/0x2df\n ? mlx5_vdpa_free+0x3d/0x150 [mlx5_vdpa]\n ? __die_body.cold+0x8/0xd\n ? page_fault_oops+0x134/0x170\n ? __irq_work_queue_local+0x2b/0xc0\n ? irq_work_queue+0x2c/0x50\n ? exc_page_fault+0x62/0x150\n ? asm_exc_page_fault+0x22/0x30\n ? __pfx_mlx5_vdpa_free+0x10/0x10 [mlx5_vdpa]\n ? vhost_iotlb_del_range+0xf/0xe0 [vhost_iotlb]\n mlx5_vdpa_free+0x3d/0x150 [mlx5_vdpa]\n vdpa_release_dev+0x1e/0x50 [vdpa]\n device_release+0x31/0x90\n kobject_cleanup+0x37/0x130\n mlx5_vdpa_dev_add+0x2d2/0x7a0 [mlx5_vdpa]\n vdpa_nl_cmd_dev_add_set_doit+0x277/0x4c0 [vdpa]\n genl_family_rcv_msg_doit+0xd9/0x130\n genl_family_rcv_msg+0x14d/0x220\n ? __pfx_vdpa_nl_cmd_dev_add_set_doit+0x10/0x10 [vdpa]\n ? _copy_to_user+0x1a/0x30\n ? move_addr_to_user+0x4b/0xe0\n genl_rcv_msg+0x47/0xa0\n ? __import_iovec+0x46/0x150\n ? __pfx_genl_rcv_msg+0x10/0x10\n netlink_rcv_skb+0x54/0x100\n genl_rcv+0x24/0x40\n netlink_unicast+0x245/0x370\n netlink_sendmsg+0x206/0x440\n __sys_sendto+0x1dc/0x1f0\n ? do_read_fault+0x10c/0x1d0\n ? do_pte_missing+0x10d/0x190\n __x64_sys_sendto+0x20/0x30\n do_syscall_64+0x5c/0xf0\n ? __count_memcg_events+0x4f/0xb0\n ? mm_account_fault+0x6c/0x100\n ? handle_mm_fault+0x116/0x270\n ? do_user_addr_fault+0x1d6/0x6a0\n ? do_syscall_64+0x6b/0xf0\n ? clear_bhb_loop+0x25/0x80\n ? clear_bhb_loop+0x25/0x80\n ? clear_bhb_loop+0x25/0x80\n ? clear_bhb_loop+0x25/0x80\n ? clear_bhb_loop+0x25/0x80\n entry_SYSCALL_64_after_hwframe+0x78/0x80",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47687",
"url": "https://www.suse.com/security/cve/CVE-2024-47687"
},
{
"category": "external",
"summary": "SUSE Bug 1232003 for CVE-2024-47687",
"url": "https://bugzilla.suse.com/1232003"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47687"
},
{
"cve": "CVE-2024-47688",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47688"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: Fix a potential null-ptr-deref in module_add_driver()\n\nInject fault while probing of-fpga-region, if kasprintf() fails in\nmodule_add_driver(), the second sysfs_remove_link() in exit path will cause\nnull-ptr-deref as below because kernfs_name_hash() will call strlen() with\nNULL driver_name.\n\nFix it by releasing resources based on the exit path sequence.\n\n\t KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\n\t Mem abort info:\n\t ESR = 0x0000000096000005\n\t EC = 0x25: DABT (current EL), IL = 32 bits\n\t SET = 0, FnV = 0\n\t EA = 0, S1PTW = 0\n\t FSC = 0x05: level 1 translation fault\n\t Data abort info:\n\t ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n\t CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n\t GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n\t [dfffffc000000000] address between user and kernel address ranges\n\t Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n\t Dumping ftrace buffer:\n\t (ftrace buffer empty)\n\t Modules linked in: of_fpga_region(+) fpga_region fpga_bridge cfg80211 rfkill 8021q garp mrp stp llc ipv6 [last unloaded: of_fpga_region]\n\t CPU: 2 UID: 0 PID: 2036 Comm: modprobe Not tainted 6.11.0-rc2-g6a0e38264012 #295\n\t Hardware name: linux,dummy-virt (DT)\n\t pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n\t pc : strlen+0x24/0xb0\n\t lr : kernfs_name_hash+0x1c/0xc4\n\t sp : ffffffc081f97380\n\t x29: ffffffc081f97380 x28: ffffffc081f97b90 x27: ffffff80c821c2a0\n\t x26: ffffffedac0be418 x25: 0000000000000000 x24: ffffff80c09d2000\n\t x23: 0000000000000000 x22: 0000000000000000 x21: 0000000000000000\n\t x20: 0000000000000000 x19: 0000000000000000 x18: 0000000000001840\n\t x17: 0000000000000000 x16: 0000000000000000 x15: 1ffffff8103f2e42\n\t x14: 00000000f1f1f1f1 x13: 0000000000000004 x12: ffffffb01812d61d\n\t x11: 1ffffff01812d61c x10: ffffffb01812d61c x9 : dfffffc000000000\n\t x8 : 0000004fe7ed29e4 x7 : ffffff80c096b0e7 x6 : 0000000000000001\n\t x5 : ffffff80c096b0e0 x4 : 1ffffffdb990efa2 x3 : 0000000000000000\n\t x2 : 0000000000000000 x1 : dfffffc000000000 x0 : 0000000000000000\n\t Call trace:\n\t strlen+0x24/0xb0\n\t kernfs_name_hash+0x1c/0xc4\n\t kernfs_find_ns+0x118/0x2e8\n\t kernfs_remove_by_name_ns+0x80/0x100\n\t sysfs_remove_link+0x74/0xa8\n\t module_add_driver+0x278/0x394\n\t bus_add_driver+0x1f0/0x43c\n\t driver_register+0xf4/0x3c0\n\t __platform_driver_register+0x60/0x88\n\t of_fpga_region_init+0x20/0x1000 [of_fpga_region]\n\t do_one_initcall+0x110/0x788\n\t do_init_module+0x1dc/0x5c8\n\t load_module+0x3c38/0x4cac\n\t init_module_from_file+0xd4/0x128\n\t idempotent_init_module+0x2cc/0x528\n\t __arm64_sys_finit_module+0xac/0x100\n\t invoke_syscall+0x6c/0x258\n\t el0_svc_common.constprop.0+0x160/0x22c\n\t do_el0_svc+0x44/0x5c\n\t el0_svc+0x48/0xb8\n\t el0t_64_sync_handler+0x13c/0x158\n\t el0t_64_sync+0x190/0x194\n\t Code: f2fbffe1 a90157f4 12000802 aa0003f5 (38e16861)\n\t ---[ end trace 0000000000000000 ]---\n\t Kernel panic - not syncing: Oops: Fatal exception",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47688",
"url": "https://www.suse.com/security/cve/CVE-2024-47688"
},
{
"category": "external",
"summary": "SUSE Bug 1232009 for CVE-2024-47688",
"url": "https://bugzilla.suse.com/1232009"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47688"
},
{
"cve": "CVE-2024-47692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47692"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: return -EINVAL when namelen is 0\n\nWhen we have a corrupted main.sqlite in /var/lib/nfs/nfsdcld/, it may\nresult in namelen being 0, which will cause memdup_user() to return\nZERO_SIZE_PTR.\nWhen we access the name.data that has been assigned the value of\nZERO_SIZE_PTR in nfs4_client_to_reclaim(), null pointer dereference is\ntriggered.\n\n[ T1205] ==================================================================\n[ T1205] BUG: KASAN: null-ptr-deref in nfs4_client_to_reclaim+0xe9/0x260\n[ T1205] Read of size 1 at addr 0000000000000010 by task nfsdcld/1205\n[ T1205]\n[ T1205] CPU: 11 PID: 1205 Comm: nfsdcld Not tainted 5.10.0-00003-g2c1423731b8d #406\n[ T1205] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20190727_073836-buildvm-ppc64le-16.ppc.fedoraproject.org-3.fc31 04/01/2014\n[ T1205] Call Trace:\n[ T1205] dump_stack+0x9a/0xd0\n[ T1205] ? nfs4_client_to_reclaim+0xe9/0x260\n[ T1205] __kasan_report.cold+0x34/0x84\n[ T1205] ? nfs4_client_to_reclaim+0xe9/0x260\n[ T1205] kasan_report+0x3a/0x50\n[ T1205] nfs4_client_to_reclaim+0xe9/0x260\n[ T1205] ? nfsd4_release_lockowner+0x410/0x410\n[ T1205] cld_pipe_downcall+0x5ca/0x760\n[ T1205] ? nfsd4_cld_tracking_exit+0x1d0/0x1d0\n[ T1205] ? down_write_killable_nested+0x170/0x170\n[ T1205] ? avc_policy_seqno+0x28/0x40\n[ T1205] ? selinux_file_permission+0x1b4/0x1e0\n[ T1205] rpc_pipe_write+0x84/0xb0\n[ T1205] vfs_write+0x143/0x520\n[ T1205] ksys_write+0xc9/0x170\n[ T1205] ? __ia32_sys_read+0x50/0x50\n[ T1205] ? ktime_get_coarse_real_ts64+0xfe/0x110\n[ T1205] ? ktime_get_coarse_real_ts64+0xa2/0x110\n[ T1205] do_syscall_64+0x33/0x40\n[ T1205] entry_SYSCALL_64_after_hwframe+0x67/0xd1\n[ T1205] RIP: 0033:0x7fdbdb761bc7\n[ T1205] Code: 0f 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 514\n[ T1205] RSP: 002b:00007fff8c4b7248 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ T1205] RAX: ffffffffffffffda RBX: 000000000000042b RCX: 00007fdbdb761bc7\n[ T1205] RDX: 000000000000042b RSI: 00007fff8c4b75f0 RDI: 0000000000000008\n[ T1205] RBP: 00007fdbdb761bb0 R08: 0000000000000000 R09: 0000000000000001\n[ T1205] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000042b\n[ T1205] R13: 0000000000000008 R14: 00007fff8c4b75f0 R15: 0000000000000000\n[ T1205] ==================================================================\n\nFix it by checking namelen.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47692",
"url": "https://www.suse.com/security/cve/CVE-2024-47692"
},
{
"category": "external",
"summary": "SUSE Bug 1231857 for CVE-2024-47692",
"url": "https://bugzilla.suse.com/1231857"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47692"
},
{
"cve": "CVE-2024-47693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47693"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/core: Fix ib_cache_setup_one error flow cleanup\n\nWhen ib_cache_update return an error, we exit ib_cache_setup_one\ninstantly with no proper cleanup, even though before this we had\nalready successfully done gid_table_setup_one, that results in\nthe kernel WARN below.\n\nDo proper cleanup using gid_table_cleanup_one before returning\nthe err in order to fix the issue.\n\nWARNING: CPU: 4 PID: 922 at drivers/infiniband/core/cache.c:806 gid_table_release_one+0x181/0x1a0\nModules linked in:\nCPU: 4 UID: 0 PID: 922 Comm: c_repro Not tainted 6.11.0-rc1+ #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:gid_table_release_one+0x181/0x1a0\nCode: 44 8b 38 75 0c e8 2f cb 34 ff 4d 8b b5 28 05 00 00 e8 23 cb 34 ff 44 89 f9 89 da 4c 89 f6 48 c7 c7 d0 58 14 83 e8 4f de 21 ff \u003c0f\u003e 0b 4c 8b 75 30 e9 54 ff ff ff 48 8 3 c4 10 5b 5d 41 5c 41 5d 41\nRSP: 0018:ffffc90002b835b0 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff811c8527\nRDX: 0000000000000000 RSI: ffffffff811c8534 RDI: 0000000000000001\nRBP: ffff8881011b3d00 R08: ffff88810b3abe00 R09: 205d303839303631\nR10: 666572207972746e R11: 72746e6520444947 R12: 0000000000000001\nR13: ffff888106390000 R14: ffff8881011f2110 R15: 0000000000000001\nFS: 00007fecc3b70800(0000) GS:ffff88813bd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020000340 CR3: 000000010435a001 CR4: 00000000003706b0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? show_regs+0x94/0xa0\n ? __warn+0x9e/0x1c0\n ? gid_table_release_one+0x181/0x1a0\n ? report_bug+0x1f9/0x340\n ? gid_table_release_one+0x181/0x1a0\n ? handle_bug+0xa2/0x110\n ? exc_invalid_op+0x31/0xa0\n ? asm_exc_invalid_op+0x16/0x20\n ? __warn_printk+0xc7/0x180\n ? __warn_printk+0xd4/0x180\n ? gid_table_release_one+0x181/0x1a0\n ib_device_release+0x71/0xe0\n ? __pfx_ib_device_release+0x10/0x10\n device_release+0x44/0xd0\n kobject_put+0x135/0x3d0\n put_device+0x20/0x30\n rxe_net_add+0x7d/0xa0\n rxe_newlink+0xd7/0x190\n nldev_newlink+0x1b0/0x2a0\n ? __pfx_nldev_newlink+0x10/0x10\n rdma_nl_rcv_msg+0x1ad/0x2e0\n rdma_nl_rcv_skb.constprop.0+0x176/0x210\n netlink_unicast+0x2de/0x400\n netlink_sendmsg+0x306/0x660\n __sock_sendmsg+0x110/0x120\n ____sys_sendmsg+0x30e/0x390\n ___sys_sendmsg+0x9b/0xf0\n ? kstrtouint+0x6e/0xa0\n ? kstrtouint_from_user+0x7c/0xb0\n ? get_pid_task+0xb0/0xd0\n ? proc_fail_nth_write+0x5b/0x140\n ? __fget_light+0x9a/0x200\n ? preempt_count_add+0x47/0xa0\n __sys_sendmsg+0x61/0xd0\n do_syscall_64+0x50/0x110\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47693",
"url": "https://www.suse.com/security/cve/CVE-2024-47693"
},
{
"category": "external",
"summary": "SUSE Bug 1232013 for CVE-2024-47693",
"url": "https://bugzilla.suse.com/1232013"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47693"
},
{
"cve": "CVE-2024-47695",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47695"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds\n\nIn the function init_conns(), after the create_con() and create_cm() for\nloop if something fails. In the cleanup for loop after the destroy tag, we\naccess out of bound memory because cid is set to clt_path-\u003es.con_num.\n\nThis commits resets the cid to clt_path-\u003es.con_num - 1, to stay in bounds\nin the cleanup loop later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47695",
"url": "https://www.suse.com/security/cve/CVE-2024-47695"
},
{
"category": "external",
"summary": "SUSE Bug 1231931 for CVE-2024-47695",
"url": "https://bugzilla.suse.com/1231931"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47695"
},
{
"cve": "CVE-2024-47696",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47696"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency\n\nIn the commit aee2424246f9 (\"RDMA/iwcm: Fix a use-after-free related to\ndestroying CM IDs\"), the function flush_workqueue is invoked to flush the\nwork queue iwcm_wq.\n\nBut at that time, the work queue iwcm_wq was created via the function\nalloc_ordered_workqueue without the flag WQ_MEM_RECLAIM.\n\nBecause the current process is trying to flush the whole iwcm_wq, if\niwcm_wq doesn\u0027t have the flag WQ_MEM_RECLAIM, verify that the current\nprocess is not reclaiming memory or running on a workqueue which doesn\u0027t\nhave the flag WQ_MEM_RECLAIM as that can break forward-progress guarantee\nleading to a deadlock.\n\nThe call trace is as below:\n\n[ 125.350876][ T1430] Call Trace:\n[ 125.356281][ T1430] \u003cTASK\u003e\n[ 125.361285][ T1430] ? __warn (kernel/panic.c:693)\n[ 125.367640][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))\n[ 125.375689][ T1430] ? report_bug (lib/bug.c:180 lib/bug.c:219)\n[ 125.382505][ T1430] ? handle_bug (arch/x86/kernel/traps.c:239)\n[ 125.388987][ T1430] ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminator 1))\n[ 125.395831][ T1430] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621)\n[ 125.403125][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))\n[ 125.410984][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))\n[ 125.418764][ T1430] __flush_workqueue (kernel/workqueue.c:3970)\n[ 125.426021][ T1430] ? __pfx___might_resched (kernel/sched/core.c:10151)\n[ 125.433431][ T1430] ? destroy_cm_id (drivers/infiniband/core/iwcm.c:375) iw_cm\n[ 125.441209][ T1430] ? __pfx___flush_workqueue (kernel/workqueue.c:3910)\n[ 125.473900][ T1430] ? _raw_spin_lock_irqsave (arch/x86/include/asm/atomic.h:107 include/linux/atomic/atomic-arch-fallback.h:2170 include/linux/atomic/atomic-instrumented.h:1302 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:187 include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)\n[ 125.473909][ T1430] ? __pfx__raw_spin_lock_irqsave (kernel/locking/spinlock.c:161)\n[ 125.482537][ T1430] _destroy_id (drivers/infiniband/core/cma.c:2044) rdma_cm\n[ 125.495072][ T1430] nvme_rdma_free_queue (drivers/nvme/host/rdma.c:656 drivers/nvme/host/rdma.c:650) nvme_rdma\n[ 125.505827][ T1430] nvme_rdma_reset_ctrl_work (drivers/nvme/host/rdma.c:2180) nvme_rdma\n[ 125.505831][ T1430] process_one_work (kernel/workqueue.c:3231)\n[ 125.515122][ T1430] worker_thread (kernel/workqueue.c:3306 kernel/workqueue.c:3393)\n[ 125.515127][ T1430] ? __pfx_worker_thread (kernel/workqueue.c:3339)\n[ 125.531837][ T1430] kthread (kernel/kthread.c:389)\n[ 125.539864][ T1430] ? __pfx_kthread (kernel/kthread.c:342)\n[ 125.550628][ T1430] ret_from_fork (arch/x86/kernel/process.c:147)\n[ 125.558840][ T1430] ? __pfx_kthread (kernel/kthread.c:342)\n[ 125.558844][ T1430] ret_from_fork_asm (arch/x86/entry/entry_64.S:257)\n[ 125.566487][ T1430] \u003c/TASK\u003e\n[ 125.566488][ T1430] ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47696",
"url": "https://www.suse.com/security/cve/CVE-2024-47696"
},
{
"category": "external",
"summary": "SUSE Bug 1231864 for CVE-2024-47696",
"url": "https://bugzilla.suse.com/1231864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47696"
},
{
"cve": "CVE-2024-47697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error\n\nEnsure index in rtl2830_pid_filter does not exceed 31 to prevent\nout-of-bounds access.\n\ndev-\u003efilters is a 32-bit value, so set_bit and clear_bit functions should\nonly operate on indices from 0 to 31. If index is 32, it will attempt to\naccess a non-existent 33rd bit, leading to out-of-bounds access.\nChange the boundary check from index \u003e 32 to index \u003e= 32 to resolve this\nissue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47697",
"url": "https://www.suse.com/security/cve/CVE-2024-47697"
},
{
"category": "external",
"summary": "SUSE Bug 1231858 for CVE-2024-47697",
"url": "https://bugzilla.suse.com/1231858"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47697"
},
{
"cve": "CVE-2024-47698",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47698"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error\n\nEnsure index in rtl2832_pid_filter does not exceed 31 to prevent\nout-of-bounds access.\n\ndev-\u003efilters is a 32-bit value, so set_bit and clear_bit functions should\nonly operate on indices from 0 to 31. If index is 32, it will attempt to\naccess a non-existent 33rd bit, leading to out-of-bounds access.\nChange the boundary check from index \u003e 32 to index \u003e= 32 to resolve this\nissue.\n\n[hverkuil: added fixes tag, rtl2830_pid_filter -\u003e rtl2832_pid_filter in logmsg]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47698",
"url": "https://www.suse.com/security/cve/CVE-2024-47698"
},
{
"category": "external",
"summary": "SUSE Bug 1231859 for CVE-2024-47698",
"url": "https://bugzilla.suse.com/1231859"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47698"
},
{
"cve": "CVE-2024-47699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47699"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential null-ptr-deref in nilfs_btree_insert()\n\nPatch series \"nilfs2: fix potential issues with empty b-tree nodes\".\n\nThis series addresses three potential issues with empty b-tree nodes that\ncan occur with corrupted filesystem images, including one recently\ndiscovered by syzbot.\n\n\nThis patch (of 3):\n\nIf a b-tree is broken on the device, and the b-tree height is greater than\n2 (the level of the root node is greater than 1) even if the number of\nchild nodes of the b-tree root is 0, a NULL pointer dereference occurs in\nnilfs_btree_prepare_insert(), which is called from nilfs_btree_insert().\n\nThis is because, when the number of child nodes of the b-tree root is 0,\nnilfs_btree_do_lookup() does not set the block buffer head in any of\npath[x].bp_bh, leaving it as the initial value of NULL, but if the level\nof the b-tree root node is greater than 1, nilfs_btree_get_nonroot_node(),\nwhich accesses the buffer memory of path[x].bp_bh, is called.\n\nFix this issue by adding a check to nilfs_btree_root_broken(), which\nperforms sanity checks when reading the root node from the device, to\ndetect this inconsistency.\n\nThanks to Lizhi Xu for trying to solve the bug and clarifying the cause\nearly on.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47699",
"url": "https://www.suse.com/security/cve/CVE-2024-47699"
},
{
"category": "external",
"summary": "SUSE Bug 1231916 for CVE-2024-47699",
"url": "https://bugzilla.suse.com/1231916"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47699"
},
{
"cve": "CVE-2024-47701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47701"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid OOB when system.data xattr changes underneath the filesystem\n\nWhen looking up for an entry in an inlined directory, if e_value_offs is\nchanged underneath the filesystem by some change in the block device, it\nwill lead to an out-of-bounds access that KASAN detects as an UAF.\n\nEXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.\nloop0: detected capacity change from 2048 to 2047\n==================================================================\nBUG: KASAN: use-after-free in ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\nRead of size 1 at addr ffff88803e91130f by task syz-executor269/5103\n\nCPU: 0 UID: 0 PID: 5103 Comm: syz-executor269 Not tainted 6.11.0-rc4-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\n ext4_find_inline_entry+0x4be/0x5e0 fs/ext4/inline.c:1697\n __ext4_find_entry+0x2b4/0x1b30 fs/ext4/namei.c:1573\n ext4_lookup_entry fs/ext4/namei.c:1727 [inline]\n ext4_lookup+0x15f/0x750 fs/ext4/namei.c:1795\n lookup_one_qstr_excl+0x11f/0x260 fs/namei.c:1633\n filename_create+0x297/0x540 fs/namei.c:3980\n do_symlinkat+0xf9/0x3a0 fs/namei.c:4587\n __do_sys_symlinkat fs/namei.c:4610 [inline]\n __se_sys_symlinkat fs/namei.c:4607 [inline]\n __x64_sys_symlinkat+0x95/0xb0 fs/namei.c:4607\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f3e73ced469\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fff4d40c258 EFLAGS: 00000246 ORIG_RAX: 000000000000010a\nRAX: ffffffffffffffda RBX: 0032656c69662f2e RCX: 00007f3e73ced469\nRDX: 0000000020000200 RSI: 00000000ffffff9c RDI: 00000000200001c0\nRBP: 0000000000000000 R08: 00007fff4d40c290 R09: 00007fff4d40c290\nR10: 0023706f6f6c2f76 R11: 0000000000000246 R12: 00007fff4d40c27c\nR13: 0000000000000003 R14: 431bde82d7b634db R15: 00007fff4d40c2b0\n \u003c/TASK\u003e\n\nCalling ext4_xattr_ibody_find right after reading the inode with\next4_get_inode_loc will lead to a check of the validity of the xattrs,\navoiding this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47701",
"url": "https://www.suse.com/security/cve/CVE-2024-47701"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-47701",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1231920 for CVE-2024-47701",
"url": "https://bugzilla.suse.com/1231920"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47701"
},
{
"cve": "CVE-2024-47702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fail verification for sign-extension of packet data/data_end/data_meta\n\nsyzbot reported a kernel crash due to\n commit 1f1e864b6555 (\"bpf: Handle sign-extenstin ctx member accesses\").\nThe reason is due to sign-extension of 32-bit load for\npacket data/data_end/data_meta uapi field.\n\nThe original code looks like:\n r2 = *(s32 *)(r1 + 76) /* load __sk_buff-\u003edata */\n r3 = *(u32 *)(r1 + 80) /* load __sk_buff-\u003edata_end */\n r0 = r2\n r0 += 8\n if r3 \u003e r0 goto +1\n ...\nNote that __sk_buff-\u003edata load has 32-bit sign extension.\n\nAfter verification and convert_ctx_accesses(), the final asm code looks like:\n r2 = *(u64 *)(r1 +208)\n r2 = (s32)r2\n r3 = *(u64 *)(r1 +80)\n r0 = r2\n r0 += 8\n if r3 \u003e r0 goto pc+1\n ...\nNote that \u0027r2 = (s32)r2\u0027 may make the kernel __sk_buff-\u003edata address invalid\nwhich may cause runtime failure.\n\nCurrently, in C code, typically we have\n void *data = (void *)(long)skb-\u003edata;\n void *data_end = (void *)(long)skb-\u003edata_end;\n ...\nand it will generate\n r2 = *(u64 *)(r1 +208)\n r3 = *(u64 *)(r1 +80)\n r0 = r2\n r0 += 8\n if r3 \u003e r0 goto pc+1\n\nIf we allow sign-extension,\n void *data = (void *)(long)(int)skb-\u003edata;\n void *data_end = (void *)(long)skb-\u003edata_end;\n ...\nthe generated code looks like\n r2 = *(u64 *)(r1 +208)\n r2 \u003c\u003c= 32\n r2 s\u003e\u003e= 32\n r3 = *(u64 *)(r1 +80)\n r0 = r2\n r0 += 8\n if r3 \u003e r0 goto pc+1\nand this will cause verification failure since \"r2 \u003c\u003c= 32\" is not allowed\nas \"r2\" is a packet pointer.\n\nTo fix this issue for case\n r2 = *(s32 *)(r1 + 76) /* load __sk_buff-\u003edata */\nthis patch added additional checking in is_valid_access() callback\nfunction for packet data/data_end/data_meta access. If those accesses\nare with sign-extenstion, the verification will fail.\n\n [1] https://lore.kernel.org/bpf/000000000000c90eee061d236d37@google.com/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47702",
"url": "https://www.suse.com/security/cve/CVE-2024-47702"
},
{
"category": "external",
"summary": "SUSE Bug 1231924 for CVE-2024-47702",
"url": "https://bugzilla.suse.com/1231924"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47702"
},
{
"cve": "CVE-2024-47703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, lsm: Add check for BPF LSM return value\n\nA bpf prog returning a positive number attached to file_alloc_security\nhook makes kernel panic.\n\nThis happens because file system can not filter out the positive number\nreturned by the LSM prog using IS_ERR, and misinterprets this positive\nnumber as a file pointer.\n\nGiven that hook file_alloc_security never returned positive number\nbefore the introduction of BPF LSM, and other BPF LSM hooks may\nencounter similar issues, this patch adds LSM return value check\nin verifier, to ensure no unexpected value is returned.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47703",
"url": "https://www.suse.com/security/cve/CVE-2024-47703"
},
{
"category": "external",
"summary": "SUSE Bug 1231946 for CVE-2024-47703",
"url": "https://bugzilla.suse.com/1231946"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47703"
},
{
"cve": "CVE-2024-47704",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47704"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check link_res-\u003ehpo_dp_link_enc before using it\n\n[WHAT \u0026 HOW]\nFunctions dp_enable_link_phy and dp_disable_link_phy can pass link_res\nwithout initializing hpo_dp_link_enc and it is necessary to check for\nnull before dereferencing.\n\nThis fixes 2 FORWARD_NULL issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47704",
"url": "https://www.suse.com/security/cve/CVE-2024-47704"
},
{
"category": "external",
"summary": "SUSE Bug 1231944 for CVE-2024-47704",
"url": "https://bugzilla.suse.com/1231944"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47704"
},
{
"cve": "CVE-2024-47705",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47705"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix potential invalid pointer dereference in blk_add_partition\n\nThe blk_add_partition() function initially used a single if-condition\n(IS_ERR(part)) to check for errors when adding a partition. This was\nmodified to handle the specific case of -ENXIO separately, allowing the\nfunction to proceed without logging the error in this case. However,\nthis change unintentionally left a path where md_autodetect_dev()\ncould be called without confirming that part is a valid pointer.\n\nThis commit separates the error handling logic by splitting the\ninitial if-condition, improving code readability and handling specific\nerror scenarios explicitly. The function now distinguishes the general\nerror case from -ENXIO without altering the existing behavior of\nmd_autodetect_dev() calls.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47705",
"url": "https://www.suse.com/security/cve/CVE-2024-47705"
},
{
"category": "external",
"summary": "SUSE Bug 1231872 for CVE-2024-47705",
"url": "https://bugzilla.suse.com/1231872"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47705"
},
{
"cve": "CVE-2024-47706",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47706"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock, bfq: fix possible UAF for bfqq-\u003ebic with merge chain\n\n1) initial state, three tasks:\n\n\t\tProcess 1 Process 2\tProcess 3\n\t\t (BIC1) (BIC2)\t\t (BIC3)\n\t\t | ^ | ^\t\t | ^\n\t\t | | | |\t\t | |\n\t\t V | V |\t\t V |\n\t\t bfqq1 bfqq2\t\t bfqq3\nprocess ref:\t 1\t\t 1\t\t 1\n\n2) bfqq1 merged to bfqq2:\n\n\t\tProcess 1 Process 2\tProcess 3\n\t\t (BIC1) (BIC2)\t\t (BIC3)\n\t\t | |\t\t | ^\n\t\t \\--------------\\|\t\t | |\n\t\t V\t\t V |\n\t\t bfqq1---------\u003ebfqq2\t\t bfqq3\nprocess ref:\t 0\t\t 2\t\t 1\n\n3) bfqq2 merged to bfqq3:\n\n\t\tProcess 1 Process 2\tProcess 3\n\t\t (BIC1) (BIC2)\t\t (BIC3)\n\t here -\u003e ^ |\t\t |\n\t\t \\--------------\\ \\-------------\\|\n\t\t V\t\t V\n\t\t bfqq1---------\u003ebfqq2----------\u003ebfqq3\nprocess ref:\t 0\t\t 1\t\t 3\n\nIn this case, IO from Process 1 will get bfqq2 from BIC1 first, and then\nget bfqq3 through merge chain, and finially handle IO by bfqq3.\nHowerver, current code will think bfqq2 is owned by BIC1, like initial\nstate, and set bfqq2-\u003ebic to BIC1.\n\nbfq_insert_request\n-\u003e by Process 1\n bfqq = bfq_init_rq(rq)\n bfqq = bfq_get_bfqq_handle_split\n bfqq = bic_to_bfqq\n -\u003e get bfqq2 from BIC1\n bfqq-\u003eref++\n rq-\u003eelv.priv[0] = bic\n rq-\u003eelv.priv[1] = bfqq\n if (bfqq_process_refs(bfqq) == 1)\n bfqq-\u003ebic = bic\n -\u003e record BIC1 to bfqq2\n\n __bfq_insert_request\n new_bfqq = bfq_setup_cooperator\n -\u003e get bfqq3 from bfqq2-\u003enew_bfqq\n bfqq_request_freed(bfqq)\n new_bfqq-\u003eref++\n rq-\u003eelv.priv[1] = new_bfqq\n -\u003e handle IO by bfqq3\n\nFix the problem by checking bfqq is from merge chain fist. And this\nmight fix a following problem reported by our syzkaller(unreproducible):\n\n==================================================================\nBUG: KASAN: slab-use-after-free in bfq_do_early_stable_merge block/bfq-iosched.c:5692 [inline]\nBUG: KASAN: slab-use-after-free in bfq_do_or_sched_stable_merge block/bfq-iosched.c:5805 [inline]\nBUG: KASAN: slab-use-after-free in bfq_get_queue+0x25b0/0x2610 block/bfq-iosched.c:5889\nWrite of size 1 at addr ffff888123839eb8 by task kworker/0:1H/18595\n\nCPU: 0 PID: 18595 Comm: kworker/0:1H Tainted: G L 6.6.0-07439-gba2303cacfda #6\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\nWorkqueue: kblockd blk_mq_requeue_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x91/0xf0 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:364 [inline]\n print_report+0x10d/0x610 mm/kasan/report.c:475\n kasan_report+0x8e/0xc0 mm/kasan/report.c:588\n bfq_do_early_stable_merge block/bfq-iosched.c:5692 [inline]\n bfq_do_or_sched_stable_merge block/bfq-iosched.c:5805 [inline]\n bfq_get_queue+0x25b0/0x2610 block/bfq-iosched.c:5889\n bfq_get_bfqq_handle_split+0x169/0x5d0 block/bfq-iosched.c:6757\n bfq_init_rq block/bfq-iosched.c:6876 [inline]\n bfq_insert_request block/bfq-iosched.c:6254 [inline]\n bfq_insert_requests+0x1112/0x5cf0 block/bfq-iosched.c:6304\n blk_mq_insert_request+0x290/0x8d0 block/blk-mq.c:2593\n blk_mq_requeue_work+0x6bc/0xa70 block/blk-mq.c:1502\n process_one_work kernel/workqueue.c:2627 [inline]\n process_scheduled_works+0x432/0x13f0 kernel/workqueue.c:2700\n worker_thread+0x6f2/0x1160 kernel/workqueue.c:2781\n kthread+0x33c/0x440 kernel/kthread.c:388\n ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:305\n \u003c/TASK\u003e\n\nAllocated by task 20776:\n kasan_save_stack+0x20/0x40 mm/kasan/common.c:45\n kasan_set_track+0x25/0x30 mm/kasan/common.c:52\n __kasan_slab_alloc+0x87/0x90 mm/kasan/common.c:328\n kasan_slab_alloc include/linux/kasan.h:188 [inline]\n slab_post_alloc_hook mm/slab.h:763 [inline]\n slab_alloc_node mm/slub.c:3458 [inline]\n kmem_cache_alloc_node+0x1a4/0x6f0 mm/slub.c:3503\n ioc_create_icq block/blk-ioc.c:370 [inline]\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47706",
"url": "https://www.suse.com/security/cve/CVE-2024-47706"
},
{
"category": "external",
"summary": "SUSE Bug 1231942 for CVE-2024-47706",
"url": "https://bugzilla.suse.com/1231942"
},
{
"category": "external",
"summary": "SUSE Bug 1231943 for CVE-2024-47706",
"url": "https://bugzilla.suse.com/1231943"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-47706"
},
{
"cve": "CVE-2024-47707",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47707"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev()\n\nBlamed commit accidentally removed a check for rt-\u003ert6i_idev being NULL,\nas spotted by syzbot:\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 1 UID: 0 PID: 10998 Comm: syz-executor Not tainted 6.11.0-rc6-syzkaller-00208-g625403177711 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\n RIP: 0010:rt6_uncached_list_flush_dev net/ipv6/route.c:177 [inline]\n RIP: 0010:rt6_disable_ip+0x33e/0x7e0 net/ipv6/route.c:4914\nCode: 41 80 3c 04 00 74 0a e8 90 d0 9b f7 48 8b 7c 24 08 48 8b 07 48 89 44 24 10 4c 89 f0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df \u003c80\u003e 3c 08 00 74 08 4c 89 f7 e8 64 d0 9b f7 48 8b 44 24 18 49 39 06\nRSP: 0018:ffffc900047374e0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 1ffff1100fdf8f33 RCX: dffffc0000000000\nRDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88807efc78c0\nRBP: ffffc900047375d0 R08: 0000000000000003 R09: fffff520008e6e8c\nR10: dffffc0000000000 R11: fffff520008e6e8c R12: 1ffff1100fdf8f18\nR13: ffff88807efc7998 R14: 0000000000000000 R15: ffff88807efc7930\nFS: 0000000000000000(0000) GS:ffff8880b8900000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020002a80 CR3: 0000000022f62000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n addrconf_ifdown+0x15d/0x1bd0 net/ipv6/addrconf.c:3856\n addrconf_notify+0x3cb/0x1020\n notifier_call_chain+0x19f/0x3e0 kernel/notifier.c:93\n call_netdevice_notifiers_extack net/core/dev.c:2032 [inline]\n call_netdevice_notifiers net/core/dev.c:2046 [inline]\n unregister_netdevice_many_notify+0xd81/0x1c40 net/core/dev.c:11352\n unregister_netdevice_many net/core/dev.c:11414 [inline]\n unregister_netdevice_queue+0x303/0x370 net/core/dev.c:11289\n unregister_netdevice include/linux/netdevice.h:3129 [inline]\n __tun_detach+0x6b9/0x1600 drivers/net/tun.c:685\n tun_detach drivers/net/tun.c:701 [inline]\n tun_chr_close+0x108/0x1b0 drivers/net/tun.c:3510\n __fput+0x24a/0x8a0 fs/file_table.c:422\n task_work_run+0x24f/0x310 kernel/task_work.c:228\n exit_task_work include/linux/task_work.h:40 [inline]\n do_exit+0xa2f/0x27f0 kernel/exit.c:882\n do_group_exit+0x207/0x2c0 kernel/exit.c:1031\n __do_sys_exit_group kernel/exit.c:1042 [inline]\n __se_sys_exit_group kernel/exit.c:1040 [inline]\n __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1040\n x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f1acc77def9\nCode: Unable to access opcode bytes at 0x7f1acc77decf.\nRSP: 002b:00007ffeb26fa738 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1acc77def9\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043\nRBP: 00007f1acc7dd508 R08: 00007ffeb26f84d7 R09: 0000000000000003\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001\nR13: 0000000000000003 R14: 00000000ffffffff R15: 00007ffeb26fa8e0\n \u003c/TASK\u003e\nModules linked in:\n---[ end trace 0000000000000000 ]---\n RIP: 0010:rt6_uncached_list_flush_dev net/ipv6/route.c:177 [inline]\n RIP: 0010:rt6_disable_ip+0x33e/0x7e0 net/ipv6/route.c:4914\nCode: 41 80 3c 04 00 74 0a e8 90 d0 9b f7 48 8b 7c 24 08 48 8b 07 48 89 44 24 10 4c 89 f0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df \u003c80\u003e 3c 08 00 74 08 4c 89 f7 e8 64 d0 9b f7 48 8b 44 24 18 49 39 06\nRSP: 0018:ffffc900047374e0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 1ffff1100fdf8f33 RCX: dffffc0000000000\nRDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88807efc78c0\nR\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47707",
"url": "https://www.suse.com/security/cve/CVE-2024-47707"
},
{
"category": "external",
"summary": "SUSE Bug 1231935 for CVE-2024-47707",
"url": "https://bugzilla.suse.com/1231935"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47707"
},
{
"cve": "CVE-2024-47709",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47709"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: bcm: Clear bo-\u003ebcm_proc_read after remove_proc_entry().\n\nsyzbot reported a warning in bcm_release(). [0]\n\nThe blamed change fixed another warning that is triggered when\nconnect() is issued again for a socket whose connect()ed device has\nbeen unregistered.\n\nHowever, if the socket is just close()d without the 2nd connect(), the\nremaining bo-\u003ebcm_proc_read triggers unnecessary remove_proc_entry()\nin bcm_release().\n\nLet\u0027s clear bo-\u003ebcm_proc_read after remove_proc_entry() in bcm_notify().\n\n[0]\nname \u00274986\u0027\nWARNING: CPU: 0 PID: 5234 at fs/proc/generic.c:711 remove_proc_entry+0x2e7/0x5d0 fs/proc/generic.c:711\nModules linked in:\nCPU: 0 UID: 0 PID: 5234 Comm: syz-executor606 Not tainted 6.11.0-rc5-syzkaller-00178-g5517ae241919 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nRIP: 0010:remove_proc_entry+0x2e7/0x5d0 fs/proc/generic.c:711\nCode: ff eb 05 e8 cb 1e 5e ff 48 8b 5c 24 10 48 c7 c7 e0 f7 aa 8e e8 2a 38 8e 09 90 48 c7 c7 60 3a 1b 8c 48 89 de e8 da 42 20 ff 90 \u003c0f\u003e 0b 90 90 48 8b 44 24 18 48 c7 44 24 40 0e 36 e0 45 49 c7 04 07\nRSP: 0018:ffffc9000345fa20 EFLAGS: 00010246\nRAX: 2a2d0aee2eb64600 RBX: ffff888032f1f548 RCX: ffff888029431e00\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffc9000345fb08 R08: ffffffff8155b2f2 R09: 1ffff1101710519a\nR10: dffffc0000000000 R11: ffffed101710519b R12: ffff888011d38640\nR13: 0000000000000004 R14: 0000000000000000 R15: dffffc0000000000\nFS: 0000000000000000(0000) GS:ffff8880b8800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fcfb52722f0 CR3: 000000000e734000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n bcm_release+0x250/0x880 net/can/bcm.c:1578\n __sock_release net/socket.c:659 [inline]\n sock_close+0xbc/0x240 net/socket.c:1421\n __fput+0x24a/0x8a0 fs/file_table.c:422\n task_work_run+0x24f/0x310 kernel/task_work.c:228\n exit_task_work include/linux/task_work.h:40 [inline]\n do_exit+0xa2f/0x27f0 kernel/exit.c:882\n do_group_exit+0x207/0x2c0 kernel/exit.c:1031\n __do_sys_exit_group kernel/exit.c:1042 [inline]\n __se_sys_exit_group kernel/exit.c:1040 [inline]\n __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1040\n x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fcfb51ee969\nCode: Unable to access opcode bytes at 0x7fcfb51ee93f.\nRSP: 002b:00007ffce0109ca8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fcfb51ee969\nRDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001\nRBP: 00007fcfb526f3b0 R08: ffffffffffffffb8 R09: 0000555500000000\nR10: 0000555500000000 R11: 0000000000000246 R12: 00007fcfb526f3b0\nR13: 0000000000000000 R14: 00007fcfb5271ee0 R15: 00007fcfb51bf160\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47709",
"url": "https://www.suse.com/security/cve/CVE-2024-47709"
},
{
"category": "external",
"summary": "SUSE Bug 1232048 for CVE-2024-47709",
"url": "https://bugzilla.suse.com/1232048"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47709"
},
{
"cve": "CVE-2024-47710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47710"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsock_map: Add a cond_resched() in sock_hash_free()\n\nSeveral syzbot soft lockup reports all have in common sock_hash_free()\n\nIf a map with a large number of buckets is destroyed, we need to yield\nthe cpu when needed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47710",
"url": "https://www.suse.com/security/cve/CVE-2024-47710"
},
{
"category": "external",
"summary": "SUSE Bug 1232049 for CVE-2024-47710",
"url": "https://bugzilla.suse.com/1232049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47710"
},
{
"cve": "CVE-2024-47712",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47712"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param\n\nIn the `wilc_parse_join_bss_param` function, the TSF field of the `ies`\nstructure is accessed after the RCU read-side critical section is\nunlocked. According to RCU usage rules, this is illegal. Reusing this\npointer can lead to unpredictable behavior, including accessing memory\nthat has been updated or causing use-after-free issues.\n\nThis possible bug was identified using a static analysis tool developed\nby myself, specifically designed to detect RCU-related issues.\n\nTo address this, the TSF value is now stored in a local variable\n`ies_tsf` before the RCU lock is released. The `param-\u003etsf_lo` field is\nthen assigned using this local variable, ensuring that the TSF value is\nsafely accessed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47712",
"url": "https://www.suse.com/security/cve/CVE-2024-47712"
},
{
"category": "external",
"summary": "SUSE Bug 1232017 for CVE-2024-47712",
"url": "https://bugzilla.suse.com/1232017"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47712"
},
{
"cve": "CVE-2024-47713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47713"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop()\n\nSince \u0027__dev_queue_xmit()\u0027 should be called with interrupts enabled,\nthe following backtrace:\n\nieee80211_do_stop()\n ...\n spin_lock_irqsave(\u0026local-\u003equeue_stop_reason_lock, flags)\n ...\n ieee80211_free_txskb()\n ieee80211_report_used_skb()\n ieee80211_report_ack_skb()\n cfg80211_mgmt_tx_status_ext()\n nl80211_frame_tx_status()\n genlmsg_multicast_netns()\n genlmsg_multicast_netns_filtered()\n nlmsg_multicast_filtered()\n\t netlink_broadcast_filtered()\n\t do_one_broadcast()\n\t netlink_broadcast_deliver()\n\t __netlink_sendskb()\n\t netlink_deliver_tap()\n\t __netlink_deliver_tap_skb()\n\t dev_queue_xmit()\n\t __dev_queue_xmit() ; with IRQS disabled\n ...\n spin_unlock_irqrestore(\u0026local-\u003equeue_stop_reason_lock, flags)\n\nissues the warning (as reported by syzbot reproducer):\n\nWARNING: CPU: 2 PID: 5128 at kernel/softirq.c:362 __local_bh_enable_ip+0xc3/0x120\n\nFix this by implementing a two-phase skb reclamation in\n\u0027ieee80211_do_stop()\u0027, where actual work is performed\noutside of a section with interrupts disabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47713",
"url": "https://www.suse.com/security/cve/CVE-2024-47713"
},
{
"category": "external",
"summary": "SUSE Bug 1232016 for CVE-2024-47713",
"url": "https://bugzilla.suse.com/1232016"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47713"
},
{
"cve": "CVE-2024-47714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47714"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7996: use hweight16 to get correct tx antenna\n\nThe chainmask is u16 so using hweight8 cannot get correct tx_ant.\nWithout this patch, the tx_ant of band 2 would be -1 and lead to the\nfollowing issue:\nBUG: KASAN: stack-out-of-bounds in mt7996_mcu_add_sta+0x12e0/0x16e0 [mt7996e]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47714",
"url": "https://www.suse.com/security/cve/CVE-2024-47714"
},
{
"category": "external",
"summary": "SUSE Bug 1232018 for CVE-2024-47714",
"url": "https://bugzilla.suse.com/1232018"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47714"
},
{
"cve": "CVE-2024-47715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47715"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7915: fix oops on non-dbdc mt7986\n\nmt7915_band_config() sets band_idx = 1 on the main phy for mt7986\nwith MT7975_ONE_ADIE or MT7976_ONE_ADIE.\n\nCommit 0335c034e726 (\"wifi: mt76: fix race condition related to\nchecking tx queue fill status\") introduced a dereference of the\nphys array indirectly indexed by band_idx via wcid-\u003ephy_idx in\nmt76_wcid_cleanup(). This caused the following Oops on affected\nmt7986 devices:\n\n Unable to handle kernel read from unreadable memory at virtual address 0000000000000024\n Mem abort info:\n ESR = 0x0000000096000005\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x05: level 1 translation fault\n Data abort info:\n ISV = 0, ISS = 0x00000005\n CM = 0, WnR = 0\n user pgtable: 4k pages, 39-bit VAs, pgdp=0000000042545000\n [0000000000000024] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n Internal error: Oops: 0000000096000005 [#1] SMP\n Modules linked in: ... mt7915e mt76_connac_lib mt76 mac80211 cfg80211 ...\n CPU: 2 PID: 1631 Comm: hostapd Not tainted 5.15.150 #0\n Hardware name: ZyXEL EX5700 (Telenor) (DT)\n pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : mt76_wcid_cleanup+0x84/0x22c [mt76]\n lr : mt76_wcid_cleanup+0x64/0x22c [mt76]\n sp : ffffffc00a803700\n x29: ffffffc00a803700 x28: ffffff80008f7300 x27: ffffff80003f3c00\n x26: ffffff80000a7880 x25: ffffffc008c26e00 x24: 0000000000000001\n x23: ffffffc000a68114 x22: 0000000000000000 x21: ffffff8004172cc8\n x20: ffffffc00a803748 x19: ffffff8004152020 x18: 0000000000000000\n x17: 00000000000017c0 x16: ffffffc008ef5000 x15: 0000000000000be0\n x14: ffffff8004172e28 x13: ffffff8004172e28 x12: 0000000000000000\n x11: 0000000000000000 x10: ffffff8004172e30 x9 : ffffff8004172e28\n x8 : 0000000000000000 x7 : ffffff8004156020 x6 : 0000000000000000\n x5 : 0000000000000031 x4 : 0000000000000000 x3 : 0000000000000001\n x2 : 0000000000000000 x1 : ffffff80008f7300 x0 : 0000000000000024\n Call trace:\n mt76_wcid_cleanup+0x84/0x22c [mt76]\n __mt76_sta_remove+0x70/0xbc [mt76]\n mt76_sta_state+0x8c/0x1a4 [mt76]\n mt7915_eeprom_get_power_delta+0x11e4/0x23a0 [mt7915e]\n drv_sta_state+0x144/0x274 [mac80211]\n sta_info_move_state+0x1cc/0x2a4 [mac80211]\n sta_set_sinfo+0xaf8/0xc24 [mac80211]\n sta_info_destroy_addr_bss+0x4c/0x6c [mac80211]\n\n ieee80211_color_change_finish+0x1c08/0x1e70 [mac80211]\n cfg80211_check_station_change+0x1360/0x4710 [cfg80211]\n genl_family_rcv_msg_doit+0xb4/0x110\n genl_rcv_msg+0xd0/0x1bc\n netlink_rcv_skb+0x58/0x120\n genl_rcv+0x34/0x50\n netlink_unicast+0x1f0/0x2ec\n netlink_sendmsg+0x198/0x3d0\n ____sys_sendmsg+0x1b0/0x210\n ___sys_sendmsg+0x80/0xf0\n __sys_sendmsg+0x44/0xa0\n __arm64_sys_sendmsg+0x20/0x30\n invoke_syscall.constprop.0+0x4c/0xe0\n do_el0_svc+0x40/0xd0\n el0_svc+0x14/0x4c\n el0t_64_sync_handler+0x100/0x110\n el0t_64_sync+0x15c/0x160\n Code: d2800002 910092c0 52800023 f9800011 (885f7c01)\n ---[ end trace 7e42dd9a39ed2281 ]---\n\nFix by using mt76_dev_phy() which will map band_idx to the correct phy\nfor all hardware combinations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47715",
"url": "https://www.suse.com/security/cve/CVE-2024-47715"
},
{
"category": "external",
"summary": "SUSE Bug 1231860 for CVE-2024-47715",
"url": "https://bugzilla.suse.com/1231860"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47715"
},
{
"cve": "CVE-2024-47718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: always wait for both firmware loading attempts\n\nIn \u0027rtw_wait_firmware_completion()\u0027, always wait for both (regular and\nwowlan) firmware loading attempts. Otherwise if \u0027rtw_usb_intf_init()\u0027\nhas failed in \u0027rtw_usb_probe()\u0027, \u0027rtw_usb_disconnect()\u0027 may issue\n\u0027ieee80211_free_hw()\u0027 when one of \u0027rtw_load_firmware_cb()\u0027 (usually\nthe wowlan one) is still in progress, causing UAF detected by KASAN.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47718",
"url": "https://www.suse.com/security/cve/CVE-2024-47718"
},
{
"category": "external",
"summary": "SUSE Bug 1232015 for CVE-2024-47718",
"url": "https://bugzilla.suse.com/1232015"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47718"
},
{
"cve": "CVE-2024-47719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47719"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommufd: Protect against overflow of ALIGN() during iova allocation\n\nUserspace can supply an iova and uptr such that the target iova alignment\nbecomes really big and ALIGN() overflows which corrupts the selected area\nrange during allocation. CONFIG_IOMMUFD_TEST can detect this:\n\n WARNING: CPU: 1 PID: 5092 at drivers/iommu/iommufd/io_pagetable.c:268 iopt_alloc_area_pages drivers/iommu/iommufd/io_pagetable.c:268 [inline]\n WARNING: CPU: 1 PID: 5092 at drivers/iommu/iommufd/io_pagetable.c:268 iopt_map_pages+0xf95/0x1050 drivers/iommu/iommufd/io_pagetable.c:352\n Modules linked in:\n CPU: 1 PID: 5092 Comm: syz-executor294 Not tainted 6.10.0-rc5-syzkaller-00294-g3ffea9a7a6f7 #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024\n RIP: 0010:iopt_alloc_area_pages drivers/iommu/iommufd/io_pagetable.c:268 [inline]\n RIP: 0010:iopt_map_pages+0xf95/0x1050 drivers/iommu/iommufd/io_pagetable.c:352\n Code: fc e9 a4 f3 ff ff e8 1a 8b 4c fc 41 be e4 ff ff ff e9 8a f3 ff ff e8 0a 8b 4c fc 90 0f 0b 90 e9 37 f5 ff ff e8 fc 8a 4c fc 90 \u003c0f\u003e 0b 90 e9 68 f3 ff ff 48 c7 c1 ec 82 ad 8f 80 e1 07 80 c1 03 38\n RSP: 0018:ffffc90003ebf9e0 EFLAGS: 00010293\n RAX: ffffffff85499fa4 RBX: 00000000ffffffef RCX: ffff888079b49e00\n RDX: 0000000000000000 RSI: 00000000ffffffef RDI: 0000000000000000\n RBP: ffffc90003ebfc50 R08: ffffffff85499b30 R09: ffffffff85499942\n R10: 0000000000000002 R11: ffff888079b49e00 R12: ffff8880228e0010\n R13: 0000000000000000 R14: 1ffff920007d7f68 R15: ffffc90003ebfd00\n FS: 000055557d760380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00000000005fdeb8 CR3: 000000007404a000 CR4: 00000000003506f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n iommufd_ioas_copy+0x610/0x7b0 drivers/iommu/iommufd/ioas.c:274\n iommufd_fops_ioctl+0x4d9/0x5a0 drivers/iommu/iommufd/main.c:421\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCap the automatic alignment to the huge page size, which is probably a\nbetter idea overall. Huge automatic alignments can fragment and chew up\nthe available IOVA space without any reason.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47719",
"url": "https://www.suse.com/security/cve/CVE-2024-47719"
},
{
"category": "external",
"summary": "SUSE Bug 1231865 for CVE-2024-47719",
"url": "https://bugzilla.suse.com/1231865"
},
{
"category": "external",
"summary": "SUSE Bug 1231866 for CVE-2024-47719",
"url": "https://bugzilla.suse.com/1231866"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-47719"
},
{
"cve": "CVE-2024-47720",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47720"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func\n\nThis commit adds a null check for the set_output_gamma function pointer\nin the dcn30_set_output_transfer_func function. Previously,\nset_output_gamma was being checked for nullity at line 386, but then it\nwas being dereferenced without any nullity check at line 401. This\ncould potentially lead to a null pointer dereference error if\nset_output_gamma is indeed null.\n\nTo fix this, we now ensure that set_output_gamma is not null before\ndereferencing it. We do this by adding a nullity check for\nset_output_gamma before the call to set_output_gamma at line 401. If\nset_output_gamma is null, we log an error message and do not call the\nfunction.\n\nThis fix prevents a potential null pointer dereference error.\n\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:401 dcn30_set_output_transfer_func()\nerror: we previously assumed \u0027mpc-\u003efuncs-\u003eset_output_gamma\u0027 could be null (see line 386)\n\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c\n 373 bool dcn30_set_output_transfer_func(struct dc *dc,\n 374 struct pipe_ctx *pipe_ctx,\n 375 const struct dc_stream_state *stream)\n 376 {\n 377 int mpcc_id = pipe_ctx-\u003eplane_res.hubp-\u003einst;\n 378 struct mpc *mpc = pipe_ctx-\u003estream_res.opp-\u003ectx-\u003edc-\u003eres_pool-\u003empc;\n 379 const struct pwl_params *params = NULL;\n 380 bool ret = false;\n 381\n 382 /* program OGAM or 3DLUT only for the top pipe*/\n 383 if (pipe_ctx-\u003etop_pipe == NULL) {\n 384 /*program rmu shaper and 3dlut in MPC*/\n 385 ret = dcn30_set_mpc_shaper_3dlut(pipe_ctx, stream);\n 386 if (ret == false \u0026\u0026 mpc-\u003efuncs-\u003eset_output_gamma) {\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ If this is NULL\n\n 387 if (stream-\u003eout_transfer_func.type == TF_TYPE_HWPWL)\n 388 params = \u0026stream-\u003eout_transfer_func.pwl;\n 389 else if (pipe_ctx-\u003estream-\u003eout_transfer_func.type ==\n 390 TF_TYPE_DISTRIBUTED_POINTS \u0026\u0026\n 391 cm3_helper_translate_curve_to_hw_format(\n 392 \u0026stream-\u003eout_transfer_func,\n 393 \u0026mpc-\u003eblender_params, false))\n 394 params = \u0026mpc-\u003eblender_params;\n 395 /* there are no ROM LUTs in OUTGAM */\n 396 if (stream-\u003eout_transfer_func.type == TF_TYPE_PREDEFINED)\n 397 BREAK_TO_DEBUGGER();\n 398 }\n 399 }\n 400\n--\u003e 401 mpc-\u003efuncs-\u003eset_output_gamma(mpc, mpcc_id, params);\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Then it will crash\n\n 402 return ret;\n 403 }",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47720",
"url": "https://www.suse.com/security/cve/CVE-2024-47720"
},
{
"category": "external",
"summary": "SUSE Bug 1232043 for CVE-2024-47720",
"url": "https://bugzilla.suse.com/1232043"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47720"
},
{
"cve": "CVE-2024-47723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47723"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix out-of-bounds in dbNextAG() and diAlloc()\n\nIn dbNextAG() , there is no check for the case where bmp-\u003edb_numag is\ngreater or same than MAXAG due to a polluted image, which causes an\nout-of-bounds. Therefore, a bounds check should be added in dbMount().\n\nAnd in dbNextAG(), a check for the case where agpref is greater than\nbmp-\u003edb_numag should be added, so an out-of-bounds exception should be\nprevented.\n\nAdditionally, a check for the case where agno is greater or same than\nMAXAG should be added in diAlloc() to prevent out-of-bounds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47723",
"url": "https://www.suse.com/security/cve/CVE-2024-47723"
},
{
"category": "external",
"summary": "SUSE Bug 1232050 for CVE-2024-47723",
"url": "https://bugzilla.suse.com/1232050"
},
{
"category": "external",
"summary": "SUSE Bug 1232051 for CVE-2024-47723",
"url": "https://bugzilla.suse.com/1232051"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-47723"
},
{
"cve": "CVE-2024-47727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47727"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/tdx: Fix \"in-kernel MMIO\" check\n\nTDX only supports kernel-initiated MMIO operations. The handle_mmio()\nfunction checks if the #VE exception occurred in the kernel and rejects\nthe operation if it did not.\n\nHowever, userspace can deceive the kernel into performing MMIO on its\nbehalf. For example, if userspace can point a syscall to an MMIO address,\nsyscall does get_user() or put_user() on it, triggering MMIO #VE. The\nkernel will treat the #VE as in-kernel MMIO.\n\nEnsure that the target MMIO address is within the kernel before decoding\ninstruction.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47727",
"url": "https://www.suse.com/security/cve/CVE-2024-47727"
},
{
"category": "external",
"summary": "SUSE Bug 1232116 for CVE-2024-47727",
"url": "https://bugzilla.suse.com/1232116"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47727"
},
{
"cve": "CVE-2024-47728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47728"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error\n\nFor all non-tracing helpers which formerly had ARG_PTR_TO_{LONG,INT} as input\narguments, zero the value for the case of an error as otherwise it could leak\nmemory. For tracing, it is not needed given CAP_PERFMON can already read all\nkernel memory anyway hence bpf_get_func_arg() and bpf_get_func_ret() is skipped\nin here.\n\nAlso, the MTU helpers mtu_len pointer value is being written but also read.\nTechnically, the MEM_UNINIT should not be there in order to always force init.\nRemoving MEM_UNINIT needs more verifier rework though: MEM_UNINIT right now\nimplies two things actually: i) write into memory, ii) memory does not have\nto be initialized. If we lift MEM_UNINIT, it then becomes: i) read into memory,\nii) memory must be initialized. This means that for bpf_*_check_mtu() we\u0027re\nreadding the issue we\u0027re trying to fix, that is, it would then be able to\nwrite back into things like .rodata BPF maps. Follow-up work will rework the\nMEM_UNINIT semantics such that the intent can be better expressed. For now\njust clear the *mtu_len on error path which can be lifted later again.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47728",
"url": "https://www.suse.com/security/cve/CVE-2024-47728"
},
{
"category": "external",
"summary": "SUSE Bug 1232076 for CVE-2024-47728",
"url": "https://bugzilla.suse.com/1232076"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47728"
},
{
"cve": "CVE-2024-47730",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47730"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: hisilicon/qm - inject error before stopping queue\n\nThe master ooo cannot be completely closed when the\naccelerator core reports memory error. Therefore, the driver\nneeds to inject the qm error to close the master ooo. Currently,\nthe qm error is injected after stopping queue, memory may be\nreleased immediately after stopping queue, causing the device to\naccess the released memory. Therefore, error is injected to close master\nooo before stopping queue to ensure that the device does not access\nthe released memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47730",
"url": "https://www.suse.com/security/cve/CVE-2024-47730"
},
{
"category": "external",
"summary": "SUSE Bug 1232075 for CVE-2024-47730",
"url": "https://bugzilla.suse.com/1232075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47730"
},
{
"cve": "CVE-2024-47731",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47731"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/perf: Fix ali_drw_pmu driver interrupt status clearing\n\nThe alibaba_uncore_pmu driver forgot to clear all interrupt status\nin the interrupt processing function. After the PMU counter overflow\ninterrupt occurred, an interrupt storm occurred, causing the system\nto hang.\n\nTherefore, clear the correct interrupt status in the interrupt handling\nfunction to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47731",
"url": "https://www.suse.com/security/cve/CVE-2024-47731"
},
{
"category": "external",
"summary": "SUSE Bug 1232117 for CVE-2024-47731",
"url": "https://bugzilla.suse.com/1232117"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47731"
},
{
"cve": "CVE-2024-47732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47732"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: iaa - Fix potential use after free bug\n\nThe free_device_compression_mode(iaa_device, device_mode) function frees\n\"device_mode\" but it iss passed to iaa_compression_modes[i]-\u003efree() a few\nlines later resulting in a use after free.\n\nThe good news is that, so far as I can tell, nothing implements the\n-\u003efree() function and the use after free happens in dead code. But, with\nthis fix, when something does implement it, we\u0027ll be ready. :)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47732",
"url": "https://www.suse.com/security/cve/CVE-2024-47732"
},
{
"category": "external",
"summary": "SUSE Bug 1232109 for CVE-2024-47732",
"url": "https://bugzilla.suse.com/1232109"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47732"
},
{
"cve": "CVE-2024-47735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47735"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled\n\nFix missuse of spin_lock_irq()/spin_unlock_irq() when\nspin_lock_irqsave()/spin_lock_irqrestore() was hold.\n\nThis was discovered through the lock debugging, and the corresponding\nlog is as follows:\n\nraw_local_irq_restore() called with IRQs enabled\nWARNING: CPU: 96 PID: 2074 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x30/0x40\n...\nCall trace:\n warn_bogus_irq_restore+0x30/0x40\n _raw_spin_unlock_irqrestore+0x84/0xc8\n add_qp_to_list+0x11c/0x148 [hns_roce_hw_v2]\n hns_roce_create_qp_common.constprop.0+0x240/0x780 [hns_roce_hw_v2]\n hns_roce_create_qp+0x98/0x160 [hns_roce_hw_v2]\n create_qp+0x138/0x258\n ib_create_qp_kernel+0x50/0xe8\n create_mad_qp+0xa8/0x128\n ib_mad_port_open+0x218/0x448\n ib_mad_init_device+0x70/0x1f8\n add_client_context+0xfc/0x220\n enable_device_and_get+0xd0/0x140\n ib_register_device.part.0+0xf4/0x1c8\n ib_register_device+0x34/0x50\n hns_roce_register_device+0x174/0x3d0 [hns_roce_hw_v2]\n hns_roce_init+0xfc/0x2c0 [hns_roce_hw_v2]\n __hns_roce_hw_v2_init_instance+0x7c/0x1d0 [hns_roce_hw_v2]\n hns_roce_hw_v2_init_instance+0x9c/0x180 [hns_roce_hw_v2]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47735",
"url": "https://www.suse.com/security/cve/CVE-2024-47735"
},
{
"category": "external",
"summary": "SUSE Bug 1232111 for CVE-2024-47735",
"url": "https://bugzilla.suse.com/1232111"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47735"
},
{
"cve": "CVE-2024-47737",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47737"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: call cache_put if xdr_reserve_space returns NULL\n\nIf not enough buffer space available, but idmap_lookup has triggered\nlookup_fn which calls cache_get and returns successfully. Then we\nmissed to call cache_put here which pairs with cache_get.\n\nReviwed-by: Jeff Layton \u003cjlayton@kernel.org\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47737",
"url": "https://www.suse.com/security/cve/CVE-2024-47737"
},
{
"category": "external",
"summary": "SUSE Bug 1232056 for CVE-2024-47737",
"url": "https://bugzilla.suse.com/1232056"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47737"
},
{
"cve": "CVE-2024-47738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47738"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: don\u0027t use rate mask for offchannel TX either\n\nLike the commit ab9177d83c04 (\"wifi: mac80211: don\u0027t use rate mask for\nscanning\"), ignore incorrect settings to avoid no supported rate warning\nreported by syzbot.\n\nThe syzbot did bisect and found cause is commit 9df66d5b9f45 (\"cfg80211:\nfix default HE tx bitrate mask in 2G band\"), which however corrects\nbitmask of HE MCS and recognizes correctly settings of empty legacy rate\nplus HE MCS rate instead of returning -EINVAL.\n\nAs suggestions [1], follow the change of SCAN TX to consider this case of\noffchannel TX as well.\n\n[1] https://lore.kernel.org/linux-wireless/6ab2dc9c3afe753ca6fdcdd1421e7a1f47e87b84.camel@sipsolutions.net/T/#m2ac2a6d2be06a37c9c47a3d8a44b4f647ed4f024",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47738",
"url": "https://www.suse.com/security/cve/CVE-2024-47738"
},
{
"category": "external",
"summary": "SUSE Bug 1232114 for CVE-2024-47738",
"url": "https://bugzilla.suse.com/1232114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47738"
},
{
"cve": "CVE-2024-47739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47739"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npadata: use integer wrap around to prevent deadlock on seq_nr overflow\n\nWhen submitting more than 2^32 padata objects to padata_do_serial, the\ncurrent sorting implementation incorrectly sorts padata objects with\noverflowed seq_nr, causing them to be placed before existing objects in\nthe reorder list. This leads to a deadlock in the serialization process\nas padata_find_next cannot match padata-\u003eseq_nr and pd-\u003eprocessed\nbecause the padata instance with overflowed seq_nr will be selected\nnext.\n\nTo fix this, we use an unsigned integer wrap around to correctly sort\npadata objects in scenarios with integer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47739",
"url": "https://www.suse.com/security/cve/CVE-2024-47739"
},
{
"category": "external",
"summary": "SUSE Bug 1232124 for CVE-2024-47739",
"url": "https://bugzilla.suse.com/1232124"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47739"
},
{
"cve": "CVE-2024-47741",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47741"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix race setting file private on concurrent lseek using same fd\n\nWhen doing concurrent lseek(2) system calls against the same file\ndescriptor, using multiple threads belonging to the same process, we have\na short time window where a race happens and can result in a memory leak.\n\nThe race happens like this:\n\n1) A program opens a file descriptor for a file and then spawns two\n threads (with the pthreads library for example), lets call them\n task A and task B;\n\n2) Task A calls lseek with SEEK_DATA or SEEK_HOLE and ends up at\n file.c:find_desired_extent() while holding a read lock on the inode;\n\n3) At the start of find_desired_extent(), it extracts the file\u0027s\n private_data pointer into a local variable named \u0027private\u0027, which has\n a value of NULL;\n\n4) Task B also calls lseek with SEEK_DATA or SEEK_HOLE, locks the inode\n in shared mode and enters file.c:find_desired_extent(), where it also\n extracts file-\u003eprivate_data into its local variable \u0027private\u0027, which\n has a NULL value;\n\n5) Because it saw a NULL file private, task A allocates a private\n structure and assigns to the file structure;\n\n6) Task B also saw a NULL file private so it also allocates its own file\n private and then assigns it to the same file structure, since both\n tasks are using the same file descriptor.\n\n At this point we leak the private structure allocated by task A.\n\nBesides the memory leak, there\u0027s also the detail that both tasks end up\nusing the same cached state record in the private structure (struct\nbtrfs_file_private::llseek_cached_state), which can result in a\nuse-after-free problem since one task can free it while the other is\nstill using it (only one task took a reference count on it). Also, sharing\nthe cached state is not a good idea since it could result in incorrect\nresults in the future - right now it should not be a problem because it\nend ups being used only in extent-io-tree.c:count_range_bits() where we do\nrange validation before using the cached state.\n\nFix this by protecting the private assignment and check of a file while\nholding the inode\u0027s spinlock and keep track of the task that allocated\nthe private, so that it\u0027s used only by that task in order to prevent\nuser-after-free issues with the cached state record as well as potentially\nusing it incorrectly in the future.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47741",
"url": "https://www.suse.com/security/cve/CVE-2024-47741"
},
{
"category": "external",
"summary": "SUSE Bug 1231869 for CVE-2024-47741",
"url": "https://bugzilla.suse.com/1231869"
},
{
"category": "external",
"summary": "SUSE Bug 1231870 for CVE-2024-47741",
"url": "https://bugzilla.suse.com/1231870"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-47741"
},
{
"cve": "CVE-2024-47742",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47742"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware_loader: Block path traversal\n\nMost firmware names are hardcoded strings, or are constructed from fairly\nconstrained format strings where the dynamic parts are just some hex\nnumbers or such.\n\nHowever, there are a couple codepaths in the kernel where firmware file\nnames contain string components that are passed through from a device or\nsemi-privileged userspace; the ones I could find (not counting interfaces\nthat require root privileges) are:\n\n - lpfc_sli4_request_firmware_update() seems to construct the firmware\n filename from \"ModelName\", a string that was previously parsed out of\n some descriptor (\"Vital Product Data\") in lpfc_fill_vpd()\n - nfp_net_fw_find() seems to construct a firmware filename from a model\n name coming from nfp_hwinfo_lookup(pf-\u003ehwinfo, \"nffw.partno\"), which I\n think parses some descriptor that was read from the device.\n (But this case likely isn\u0027t exploitable because the format string looks\n like \"netronome/nic_%s\", and there shouldn\u0027t be any *folders* starting\n with \"netronome/nic_\". The previous case was different because there,\n the \"%s\" is *at the start* of the format string.)\n - module_flash_fw_schedule() is reachable from the\n ETHTOOL_MSG_MODULE_FW_FLASH_ACT netlink command, which is marked as\n GENL_UNS_ADMIN_PERM (meaning CAP_NET_ADMIN inside a user namespace is\n enough to pass the privilege check), and takes a userspace-provided\n firmware name.\n (But I think to reach this case, you need to have CAP_NET_ADMIN over a\n network namespace that a special kind of ethernet device is mapped into,\n so I think this is not a viable attack path in practice.)\n\nFix it by rejecting any firmware names containing \"..\" path components.\n\nFor what it\u0027s worth, I went looking and haven\u0027t found any USB device\ndrivers that use the firmware loader dangerously.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47742",
"url": "https://www.suse.com/security/cve/CVE-2024-47742"
},
{
"category": "external",
"summary": "SUSE Bug 1232126 for CVE-2024-47742",
"url": "https://bugzilla.suse.com/1232126"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47742"
},
{
"cve": "CVE-2024-47743",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47743"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKEYS: prevent NULL pointer dereference in find_asymmetric_key()\n\nIn find_asymmetric_key(), if all NULLs are passed in the id_{0,1,2}\narguments, the kernel will first emit WARN but then have an oops\nbecause id_2 gets dereferenced anyway.\n\nAdd the missing id_2 check and move WARN_ON() to the final else branch\nto avoid duplicate NULL checks.\n\nFound by Linux Verification Center (linuxtesting.org) with Svace static\nanalysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47743",
"url": "https://www.suse.com/security/cve/CVE-2024-47743"
},
{
"category": "external",
"summary": "SUSE Bug 1232129 for CVE-2024-47743",
"url": "https://bugzilla.suse.com/1232129"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47743"
},
{
"cve": "CVE-2024-47744",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47744"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock\n\nUse a dedicated mutex to guard kvm_usage_count to fix a potential deadlock\non x86 due to a chain of locks and SRCU synchronizations. Translating the\nbelow lockdep splat, CPU1 #6 will wait on CPU0 #1, CPU0 #8 will wait on\nCPU2 #3, and CPU2 #7 will wait on CPU1 #4 (if there\u0027s a writer, due to the\nfairness of r/w semaphores).\n\n CPU0 CPU1 CPU2\n1 lock(\u0026kvm-\u003eslots_lock);\n2 lock(\u0026vcpu-\u003emutex);\n3 lock(\u0026kvm-\u003esrcu);\n4 lock(cpu_hotplug_lock);\n5 lock(kvm_lock);\n6 lock(\u0026kvm-\u003eslots_lock);\n7 lock(cpu_hotplug_lock);\n8 sync(\u0026kvm-\u003esrcu);\n\nNote, there are likely more potential deadlocks in KVM x86, e.g. the same\npattern of taking cpu_hotplug_lock outside of kvm_lock likely exists with\n__kvmclock_cpufreq_notifier():\n\n cpuhp_cpufreq_online()\n |\n -\u003e cpufreq_online()\n |\n -\u003e cpufreq_gov_performance_limits()\n |\n -\u003e __cpufreq_driver_target()\n |\n -\u003e __target_index()\n |\n -\u003e cpufreq_freq_transition_begin()\n |\n -\u003e cpufreq_notify_transition()\n |\n -\u003e ... __kvmclock_cpufreq_notifier()\n\nBut, actually triggering such deadlocks is beyond rare due to the\ncombination of dependencies and timings involved. E.g. the cpufreq\nnotifier is only used on older CPUs without a constant TSC, mucking with\nthe NX hugepage mitigation while VMs are running is very uncommon, and\ndoing so while also onlining/offlining a CPU (necessary to generate\ncontention on cpu_hotplug_lock) would be even more unusual.\n\nThe most robust solution to the general cpu_hotplug_lock issue is likely\nto switch vm_list to be an RCU-protected list, e.g. so that x86\u0027s cpufreq\nnotifier doesn\u0027t to take kvm_lock. For now, settle for fixing the most\nblatant deadlock, as switching to an RCU-protected list is a much more\ninvolved change, but add a comment in locking.rst to call out that care\nneeds to be taken when walking holding kvm_lock and walking vm_list.\n\n ======================================================\n WARNING: possible circular locking dependency detected\n 6.10.0-smp--c257535a0c9d-pip #330 Tainted: G S O\n ------------------------------------------------------\n tee/35048 is trying to acquire lock:\n ff6a80eced71e0a8 (\u0026kvm-\u003eslots_lock){+.+.}-{3:3}, at: set_nx_huge_pages+0x179/0x1e0 [kvm]\n\n but task is already holding lock:\n ffffffffc07abb08 (kvm_lock){+.+.}-{3:3}, at: set_nx_huge_pages+0x14a/0x1e0 [kvm]\n\n which lock already depends on the new lock.\n\n the existing dependency chain (in reverse order) is:\n\n -\u003e #3 (kvm_lock){+.+.}-{3:3}:\n __mutex_lock+0x6a/0xb40\n mutex_lock_nested+0x1f/0x30\n kvm_dev_ioctl+0x4fb/0xe50 [kvm]\n __se_sys_ioctl+0x7b/0xd0\n __x64_sys_ioctl+0x21/0x30\n x64_sys_call+0x15d0/0x2e60\n do_syscall_64+0x83/0x160\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n -\u003e #2 (cpu_hotplug_lock){++++}-{0:0}:\n cpus_read_lock+0x2e/0xb0\n static_key_slow_inc+0x16/0x30\n kvm_lapic_set_base+0x6a/0x1c0 [kvm]\n kvm_set_apic_base+0x8f/0xe0 [kvm]\n kvm_set_msr_common+0x9ae/0xf80 [kvm]\n vmx_set_msr+0xa54/0xbe0 [kvm_intel]\n __kvm_set_msr+0xb6/0x1a0 [kvm]\n kvm_arch_vcpu_ioctl+0xeca/0x10c0 [kvm]\n kvm_vcpu_ioctl+0x485/0x5b0 [kvm]\n __se_sys_ioctl+0x7b/0xd0\n __x64_sys_ioctl+0x21/0x30\n x64_sys_call+0x15d0/0x2e60\n do_syscall_64+0x83/0x160\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n -\u003e #1 (\u0026kvm-\u003esrcu){.+.+}-{0:0}:\n __synchronize_srcu+0x44/0x1a0\n \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47744",
"url": "https://www.suse.com/security/cve/CVE-2024-47744"
},
{
"category": "external",
"summary": "SUSE Bug 1232132 for CVE-2024-47744",
"url": "https://bugzilla.suse.com/1232132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47744"
},
{
"cve": "CVE-2024-47745",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47745"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: call the security_mmap_file() LSM hook in remap_file_pages()\n\nThe remap_file_pages syscall handler calls do_mmap() directly, which\ndoesn\u0027t contain the LSM security check. And if the process has called\npersonality(READ_IMPLIES_EXEC) before and remap_file_pages() is called for\nRW pages, this will actually result in remapping the pages to RWX,\nbypassing a W^X policy enforced by SELinux.\n\nSo we should check prot by security_mmap_file LSM hook in the\nremap_file_pages syscall handler before do_mmap() is called. Otherwise, it\npotentially permits an attacker to bypass a W^X policy enforced by\nSELinux.\n\nThe bypass is similar to CVE-2016-10044, which bypass the same thing via\nAIO and can be found in [1].\n\nThe PoC:\n\n$ cat \u003e test.c\n\nint main(void) {\n\tsize_t pagesz = sysconf(_SC_PAGE_SIZE);\n\tint mfd = syscall(SYS_memfd_create, \"test\", 0);\n\tconst char *buf = mmap(NULL, 4 * pagesz, PROT_READ | PROT_WRITE,\n\t\tMAP_SHARED, mfd, 0);\n\tunsigned int old = syscall(SYS_personality, 0xffffffff);\n\tsyscall(SYS_personality, READ_IMPLIES_EXEC | old);\n\tsyscall(SYS_remap_file_pages, buf, pagesz, 0, 2, 0);\n\tsyscall(SYS_personality, old);\n\t// show the RWX page exists even if W^X policy is enforced\n\tint fd = open(\"/proc/self/maps\", O_RDONLY);\n\tunsigned char buf2[1024];\n\twhile (1) {\n\t\tint ret = read(fd, buf2, 1024);\n\t\tif (ret \u003c= 0) break;\n\t\twrite(1, buf2, ret);\n\t}\n\tclose(fd);\n}\n\n$ gcc test.c -o test\n$ ./test | grep rwx\n7f1836c34000-7f1836c35000 rwxs 00002000 00:01 2050 /memfd:test (deleted)\n\n[PM: subject line tweaks]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47745",
"url": "https://www.suse.com/security/cve/CVE-2024-47745"
},
{
"category": "external",
"summary": "SUSE Bug 1232135 for CVE-2024-47745",
"url": "https://bugzilla.suse.com/1232135"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47745"
},
{
"cve": "CVE-2024-47747",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47747"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition\n\nIn the ether3_probe function, a timer is initialized with a callback\nfunction ether3_ledoff, bound to \u0026prev(dev)-\u003etimer. Once the timer is\nstarted, there is a risk of a race condition if the module or device\nis removed, triggering the ether3_remove function to perform cleanup.\nThe sequence of operations that may lead to a UAF bug is as follows:\n\nCPU0 CPU1\n\n | ether3_ledoff\nether3_remove |\n free_netdev(dev); |\n put_devic |\n kfree(dev); |\n | ether3_outw(priv(dev)-\u003eregs.config2 |= CFG2_CTRLO, REG_CONFIG2);\n | // use dev\n\nFix it by ensuring that the timer is canceled before proceeding with\nthe cleanup in ether3_remove.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47747",
"url": "https://www.suse.com/security/cve/CVE-2024-47747"
},
{
"category": "external",
"summary": "SUSE Bug 1232145 for CVE-2024-47747",
"url": "https://bugzilla.suse.com/1232145"
},
{
"category": "external",
"summary": "SUSE Bug 1232146 for CVE-2024-47747",
"url": "https://bugzilla.suse.com/1232146"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-47747"
},
{
"cve": "CVE-2024-47748",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47748"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost_vdpa: assign irq bypass producer token correctly\n\nWe used to call irq_bypass_unregister_producer() in\nvhost_vdpa_setup_vq_irq() which is problematic as we don\u0027t know if the\ntoken pointer is still valid or not.\n\nActually, we use the eventfd_ctx as the token so the life cycle of the\ntoken should be bound to the VHOST_SET_VRING_CALL instead of\nvhost_vdpa_setup_vq_irq() which could be called by set_status().\n\nFixing this by setting up irq bypass producer\u0027s token when handling\nVHOST_SET_VRING_CALL and un-registering the producer before calling\nvhost_vring_ioctl() to prevent a possible use after free as eventfd\ncould have been released in vhost_vring_ioctl(). And such registering\nand unregistering will only be done if DRIVER_OK is set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47748",
"url": "https://www.suse.com/security/cve/CVE-2024-47748"
},
{
"category": "external",
"summary": "SUSE Bug 1232174 for CVE-2024-47748",
"url": "https://bugzilla.suse.com/1232174"
},
{
"category": "external",
"summary": "SUSE Bug 1232177 for CVE-2024-47748",
"url": "https://bugzilla.suse.com/1232177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-47748"
},
{
"cve": "CVE-2024-47749",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47749"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/cxgb4: Added NULL check for lookup_atid\n\nThe lookup_atid() function can return NULL if the ATID is\ninvalid or does not exist in the identifier table, which\ncould lead to dereferencing a null pointer without a\ncheck in the `act_establish()` and `act_open_rpl()` functions.\nAdd a NULL check to prevent null pointer dereferencing.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47749",
"url": "https://www.suse.com/security/cve/CVE-2024-47749"
},
{
"category": "external",
"summary": "SUSE Bug 1232180 for CVE-2024-47749",
"url": "https://bugzilla.suse.com/1232180"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47749"
},
{
"cve": "CVE-2024-47750",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47750"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix Use-After-Free of rsv_qp on HIP08\n\nCurrently rsv_qp is freed before ib_unregister_device() is called\non HIP08. During the time interval, users can still dereg MR and\nrsv_qp will be used in this process, leading to a UAF. Move the\nrelease of rsv_qp after calling ib_unregister_device() to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47750",
"url": "https://www.suse.com/security/cve/CVE-2024-47750"
},
{
"category": "external",
"summary": "SUSE Bug 1232182 for CVE-2024-47750",
"url": "https://bugzilla.suse.com/1232182"
},
{
"category": "external",
"summary": "SUSE Bug 1232829 for CVE-2024-47750",
"url": "https://bugzilla.suse.com/1232829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-47750"
},
{
"cve": "CVE-2024-47751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47751"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: kirin: Fix buffer overflow in kirin_pcie_parse_port()\n\nWithin kirin_pcie_parse_port(), the pcie-\u003enum_slots is compared to\npcie-\u003egpio_id_reset size (MAX_PCI_SLOTS) which is correct and would lead\nto an overflow.\n\nThus, fix condition to pcie-\u003enum_slots + 1 \u003e= MAX_PCI_SLOTS and move\npcie-\u003enum_slots increment below the if-statement to avoid out-of-bounds\narray access.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[kwilczynski: commit log]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47751",
"url": "https://www.suse.com/security/cve/CVE-2024-47751"
},
{
"category": "external",
"summary": "SUSE Bug 1232127 for CVE-2024-47751",
"url": "https://bugzilla.suse.com/1232127"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47751"
},
{
"cve": "CVE-2024-47752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47752"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Fix H264 stateless decoder smatch warning\n\nFix a smatch static checker warning on vdec_h264_req_if.c.\nWhich leads to a kernel crash when fb is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47752",
"url": "https://www.suse.com/security/cve/CVE-2024-47752"
},
{
"category": "external",
"summary": "SUSE Bug 1232130 for CVE-2024-47752",
"url": "https://bugzilla.suse.com/1232130"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47752"
},
{
"cve": "CVE-2024-47753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47753"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Fix VP8 stateless decoder smatch warning\n\nFix a smatch static checker warning on vdec_vp8_req_if.c.\nWhich leads to a kernel crash when fb is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47753",
"url": "https://www.suse.com/security/cve/CVE-2024-47753"
},
{
"category": "external",
"summary": "SUSE Bug 1231868 for CVE-2024-47753",
"url": "https://bugzilla.suse.com/1231868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47753"
},
{
"cve": "CVE-2024-47754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47754"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning\n\nFix a smatch static checker warning on vdec_h264_req_multi_if.c.\nWhich leads to a kernel crash when fb is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47754",
"url": "https://www.suse.com/security/cve/CVE-2024-47754"
},
{
"category": "external",
"summary": "SUSE Bug 1232131 for CVE-2024-47754",
"url": "https://bugzilla.suse.com/1232131"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47754"
},
{
"cve": "CVE-2024-47756",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47756"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: keystone: Fix if-statement expression in ks_pcie_quirk()\n\nThis code accidentally uses \u0026\u0026 where || was intended. It potentially\nresults in a NULL dereference.\n\nThus, fix the if-statement expression to use the correct condition.\n\n[kwilczynski: commit log]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47756",
"url": "https://www.suse.com/security/cve/CVE-2024-47756"
},
{
"category": "external",
"summary": "SUSE Bug 1232185 for CVE-2024-47756",
"url": "https://bugzilla.suse.com/1232185"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-47756"
},
{
"cve": "CVE-2024-47757",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47757"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential oob read in nilfs_btree_check_delete()\n\nThe function nilfs_btree_check_delete(), which checks whether degeneration\nto direct mapping occurs before deleting a b-tree entry, causes memory\naccess outside the block buffer when retrieving the maximum key if the\nroot node has no entries.\n\nThis does not usually happen because b-tree mappings with 0 child nodes\nare never created by mkfs.nilfs2 or nilfs2 itself. However, it can happen\nif the b-tree root node read from a device is configured that way, so fix\nthis potential issue by adding a check for that case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47757",
"url": "https://www.suse.com/security/cve/CVE-2024-47757"
},
{
"category": "external",
"summary": "SUSE Bug 1232187 for CVE-2024-47757",
"url": "https://bugzilla.suse.com/1232187"
},
{
"category": "external",
"summary": "SUSE Bug 1232188 for CVE-2024-47757",
"url": "https://bugzilla.suse.com/1232188"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-47757"
},
{
"cve": "CVE-2024-49850",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49850"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos\n\nIn case of malformed relocation record of kind BPF_CORE_TYPE_ID_LOCAL\nreferencing a non-existing BTF type, function bpf_core_calc_relo_insn\nwould cause a null pointer deference.\n\nFix this by adding a proper check upper in call stack, as malformed\nrelocation records could be passed from user space.\n\nSimplest reproducer is a program:\n\n r0 = 0\n exit\n\nWith a single relocation record:\n\n .insn_off = 0, /* patch first instruction */\n .type_id = 100500, /* this type id does not exist */\n .access_str_off = 6, /* offset of string \"0\" */\n .kind = BPF_CORE_TYPE_ID_LOCAL,\n\nSee the link for original reproducer or next commit for a test case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49850",
"url": "https://www.suse.com/security/cve/CVE-2024-49850"
},
{
"category": "external",
"summary": "SUSE Bug 1232189 for CVE-2024-49850",
"url": "https://bugzilla.suse.com/1232189"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49850"
},
{
"cve": "CVE-2024-49851",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49851"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: Clean up TPM space after command failure\n\ntpm_dev_transmit prepares the TPM space before attempting command\ntransmission. However if the command fails no rollback of this\npreparation is done. This can result in transient handles being leaked\nif the device is subsequently closed with no further commands performed.\n\nFix this by flushing the space in the event of command transmission\nfailure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49851",
"url": "https://www.suse.com/security/cve/CVE-2024-49851"
},
{
"category": "external",
"summary": "SUSE Bug 1232134 for CVE-2024-49851",
"url": "https://bugzilla.suse.com/1232134"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49851"
},
{
"cve": "CVE-2024-49852",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49852"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: elx: libefc: Fix potential use after free in efc_nport_vport_del()\n\nThe kref_put() function will call nport-\u003erelease if the refcount drops to\nzero. The nport-\u003erelease release function is _efc_nport_free() which frees\n\"nport\". But then we dereference \"nport\" on the next line which is a use\nafter free. Re-order these lines to avoid the use after free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49852",
"url": "https://www.suse.com/security/cve/CVE-2024-49852"
},
{
"category": "external",
"summary": "SUSE Bug 1232819 for CVE-2024-49852",
"url": "https://bugzilla.suse.com/1232819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49852"
},
{
"cve": "CVE-2024-49853",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49853"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_scmi: Fix double free in OPTEE transport\n\nChannels can be shared between protocols, avoid freeing the same channel\ndescriptors twice when unloading the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49853",
"url": "https://www.suse.com/security/cve/CVE-2024-49853"
},
{
"category": "external",
"summary": "SUSE Bug 1232192 for CVE-2024-49853",
"url": "https://bugzilla.suse.com/1232192"
},
{
"category": "external",
"summary": "SUSE Bug 1232828 for CVE-2024-49853",
"url": "https://bugzilla.suse.com/1232828"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-49853"
},
{
"cve": "CVE-2024-49855",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49855"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: fix race between timeout and normal completion\n\nIf request timetout is handled by nbd_requeue_cmd(), normal completion\nhas to be stopped for avoiding to complete this requeued request, other\nuse-after-free can be triggered.\n\nFix the race by clearing NBD_CMD_INFLIGHT in nbd_requeue_cmd(), meantime\nmake sure that cmd-\u003elock is grabbed for clearing the flag and the\nrequeue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49855",
"url": "https://www.suse.com/security/cve/CVE-2024-49855"
},
{
"category": "external",
"summary": "SUSE Bug 1232195 for CVE-2024-49855",
"url": "https://bugzilla.suse.com/1232195"
},
{
"category": "external",
"summary": "SUSE Bug 1232900 for CVE-2024-49855",
"url": "https://bugzilla.suse.com/1232900"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-49855"
},
{
"cve": "CVE-2024-49858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49858"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nefistub/tpm: Use ACPI reclaim memory for event log to avoid corruption\n\nThe TPM event log table is a Linux specific construct, where the data\nproduced by the GetEventLog() boot service is cached in memory, and\npassed on to the OS using an EFI configuration table.\n\nThe use of EFI_LOADER_DATA here results in the region being left\nunreserved in the E820 memory map constructed by the EFI stub, and this\nis the memory description that is passed on to the incoming kernel by\nkexec, which is therefore unaware that the region should be reserved.\n\nEven though the utility of the TPM2 event log after a kexec is\nquestionable, any corruption might send the parsing code off into the\nweeds and crash the kernel. So let\u0027s use EFI_ACPI_RECLAIM_MEMORY\ninstead, which is always treated as reserved by the E820 conversion\nlogic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49858",
"url": "https://www.suse.com/security/cve/CVE-2024-49858"
},
{
"category": "external",
"summary": "SUSE Bug 1232251 for CVE-2024-49858",
"url": "https://bugzilla.suse.com/1232251"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49858"
},
{
"cve": "CVE-2024-49860",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49860"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: sysfs: validate return type of _STR method\n\nOnly buffer objects are valid return values of _STR.\n\nIf something else is returned description_show() will access invalid\nmemory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49860",
"url": "https://www.suse.com/security/cve/CVE-2024-49860"
},
{
"category": "external",
"summary": "SUSE Bug 1231861 for CVE-2024-49860",
"url": "https://bugzilla.suse.com/1231861"
},
{
"category": "external",
"summary": "SUSE Bug 1231862 for CVE-2024-49860",
"url": "https://bugzilla.suse.com/1231862"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-49860"
},
{
"cve": "CVE-2024-49861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49861"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix helper writes to read-only maps\n\nLonial found an issue that despite user- and BPF-side frozen BPF map\n(like in case of .rodata), it was still possible to write into it from\na BPF program side through specific helpers having ARG_PTR_TO_{LONG,INT}\nas arguments.\n\nIn check_func_arg() when the argument is as mentioned, the meta-\u003eraw_mode\nis never set. Later, check_helper_mem_access(), under the case of\nPTR_TO_MAP_VALUE as register base type, it assumes BPF_READ for the\nsubsequent call to check_map_access_type() and given the BPF map is\nread-only it succeeds.\n\nThe helpers really need to be annotated as ARG_PTR_TO_{LONG,INT} | MEM_UNINIT\nwhen results are written into them as opposed to read out of them. The\nlatter indicates that it\u0027s okay to pass a pointer to uninitialized memory\nas the memory is written to anyway.\n\nHowever, ARG_PTR_TO_{LONG,INT} is a special case of ARG_PTR_TO_FIXED_SIZE_MEM\njust with additional alignment requirement. So it is better to just get\nrid of the ARG_PTR_TO_{LONG,INT} special cases altogether and reuse the\nfixed size memory types. For this, add MEM_ALIGNED to additionally ensure\nalignment given these helpers write directly into the args via *\u003cptr\u003e = val.\nThe .arg*_size has been initialized reflecting the actual sizeof(*\u003cptr\u003e).\n\nMEM_ALIGNED can only be used in combination with MEM_FIXED_SIZE annotated\nargument types, since in !MEM_FIXED_SIZE cases the verifier does not know\nthe buffer size a priori and therefore cannot blindly write *\u003cptr\u003e = val.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49861",
"url": "https://www.suse.com/security/cve/CVE-2024-49861"
},
{
"category": "external",
"summary": "SUSE Bug 1232254 for CVE-2024-49861",
"url": "https://bugzilla.suse.com/1232254"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49861"
},
{
"cve": "CVE-2024-49862",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49862"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowercap: intel_rapl: Fix off by one in get_rpi()\n\nThe rp-\u003epriv-\u003erpi array is either rpi_msr or rpi_tpmi which have\nNR_RAPL_PRIMITIVES number of elements. Thus the \u003e needs to be \u003e=\nto prevent an off by one access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49862",
"url": "https://www.suse.com/security/cve/CVE-2024-49862"
},
{
"category": "external",
"summary": "SUSE Bug 1231871 for CVE-2024-49862",
"url": "https://bugzilla.suse.com/1231871"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49862"
},
{
"cve": "CVE-2024-49863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49863"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost/scsi: null-ptr-dereference in vhost_scsi_get_req()\n\nSince commit 3f8ca2e115e5 (\"vhost/scsi: Extract common handling code\nfrom control queue handler\") a null pointer dereference bug can be\ntriggered when guest sends an SCSI AN request.\n\nIn vhost_scsi_ctl_handle_vq(), `vc.target` is assigned with\n`\u0026v_req.tmf.lun[1]` within a switch-case block and is then passed to\nvhost_scsi_get_req() which extracts `vc-\u003ereq` and `tpg`. However, for\na `VIRTIO_SCSI_T_AN_*` request, tpg is not required, so `vc.target` is\nset to NULL in this branch. Later, in vhost_scsi_get_req(),\n`vc-\u003etarget` is dereferenced without being checked, leading to a null\npointer dereference bug. This bug can be triggered from guest.\n\nWhen this bug occurs, the vhost_worker process is killed while holding\n`vq-\u003emutex` and the corresponding tpg will remain occupied\nindefinitely.\n\nBelow is the KASAN report:\nOops: general protection fault, probably for non-canonical address\n0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 1 PID: 840 Comm: poc Not tainted 6.10.0+ #1\nHardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS\n1.16.3-debian-1.16.3-2 04/01/2014\nRIP: 0010:vhost_scsi_get_req+0x165/0x3a0\nCode: 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 2b 02 00 00\n48 b8 00 00 00 00 00 fc ff df 4d 8b 65 30 4c 89 e2 48 c1 ea 03 \u003c0f\u003e b6\n04 02 4c 89 e2 83 e2 07 38 d0 7f 08 84 c0 0f 85 be 01 00 00\nRSP: 0018:ffff888017affb50 EFLAGS: 00010246\nRAX: dffffc0000000000 RBX: ffff88801b000000 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888017affcb8\nRBP: ffff888017affb80 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000\nR13: ffff888017affc88 R14: ffff888017affd1c R15: ffff888017993000\nFS: 000055556e076500(0000) GS:ffff88806b100000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000200027c0 CR3: 0000000010ed0004 CR4: 0000000000370ef0\nCall Trace:\n \u003cTASK\u003e\n ? show_regs+0x86/0xa0\n ? die_addr+0x4b/0xd0\n ? exc_general_protection+0x163/0x260\n ? asm_exc_general_protection+0x27/0x30\n ? vhost_scsi_get_req+0x165/0x3a0\n vhost_scsi_ctl_handle_vq+0x2a4/0xca0\n ? __pfx_vhost_scsi_ctl_handle_vq+0x10/0x10\n ? __switch_to+0x721/0xeb0\n ? __schedule+0xda5/0x5710\n ? __kasan_check_write+0x14/0x30\n ? _raw_spin_lock+0x82/0xf0\n vhost_scsi_ctl_handle_kick+0x52/0x90\n vhost_run_work_list+0x134/0x1b0\n vhost_task_fn+0x121/0x350\n...\n \u003c/TASK\u003e\n---[ end trace 0000000000000000 ]---\n\nLet\u0027s add a check in vhost_scsi_get_req.\n\n[whitespace fixes]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49863",
"url": "https://www.suse.com/security/cve/CVE-2024-49863"
},
{
"category": "external",
"summary": "SUSE Bug 1232255 for CVE-2024-49863",
"url": "https://bugzilla.suse.com/1232255"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49863"
},
{
"cve": "CVE-2024-49864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49864"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix a race between socket set up and I/O thread creation\n\nIn rxrpc_open_socket(), it sets up the socket and then sets up the I/O\nthread that will handle it. This is a problem, however, as there\u0027s a gap\nbetween the two phases in which a packet may come into rxrpc_encap_rcv()\nfrom the UDP packet but we oops when trying to wake the not-yet created I/O\nthread.\n\nAs a quick fix, just make rxrpc_encap_rcv() discard the packet if there\u0027s\nno I/O thread yet.\n\nA better, but more intrusive fix would perhaps be to rearrange things such\nthat the socket creation is done by the I/O thread.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49864",
"url": "https://www.suse.com/security/cve/CVE-2024-49864"
},
{
"category": "external",
"summary": "SUSE Bug 1232256 for CVE-2024-49864",
"url": "https://bugzilla.suse.com/1232256"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49864"
},
{
"cve": "CVE-2024-49866",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49866"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/timerlat: Fix a race during cpuhp processing\n\nThere is another found exception that the \"timerlat/1\" thread was\nscheduled on CPU0, and lead to timer corruption finally:\n\n```\nODEBUG: init active (active state 0) object: ffff888237c2e108 object type: hrtimer hint: timerlat_irq+0x0/0x220\nWARNING: CPU: 0 PID: 426 at lib/debugobjects.c:518 debug_print_object+0x7d/0xb0\nModules linked in:\nCPU: 0 UID: 0 PID: 426 Comm: timerlat/1 Not tainted 6.11.0-rc7+ #45\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\nRIP: 0010:debug_print_object+0x7d/0xb0\n...\nCall Trace:\n \u003cTASK\u003e\n ? __warn+0x7c/0x110\n ? debug_print_object+0x7d/0xb0\n ? report_bug+0xf1/0x1d0\n ? prb_read_valid+0x17/0x20\n ? handle_bug+0x3f/0x70\n ? exc_invalid_op+0x13/0x60\n ? asm_exc_invalid_op+0x16/0x20\n ? debug_print_object+0x7d/0xb0\n ? debug_print_object+0x7d/0xb0\n ? __pfx_timerlat_irq+0x10/0x10\n __debug_object_init+0x110/0x150\n hrtimer_init+0x1d/0x60\n timerlat_main+0xab/0x2d0\n ? __pfx_timerlat_main+0x10/0x10\n kthread+0xb7/0xe0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2d/0x40\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n```\n\nAfter tracing the scheduling event, it was discovered that the migration\nof the \"timerlat/1\" thread was performed during thread creation. Further\nanalysis confirmed that it is because the CPU online processing for\nosnoise is implemented through workers, which is asynchronous with the\noffline processing. When the worker was scheduled to create a thread, the\nCPU may has already been removed from the cpu_online_mask during the offline\nprocess, resulting in the inability to select the right CPU:\n\nT1 | T2\n[CPUHP_ONLINE] | cpu_device_down()\nosnoise_hotplug_workfn() |\n | cpus_write_lock()\n | takedown_cpu(1)\n | cpus_write_unlock()\n[CPUHP_OFFLINE] |\n cpus_read_lock() |\n start_kthread(1) |\n cpus_read_unlock() |\n\nTo fix this, skip online processing if the CPU is already offline.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49866",
"url": "https://www.suse.com/security/cve/CVE-2024-49866"
},
{
"category": "external",
"summary": "SUSE Bug 1232259 for CVE-2024-49866",
"url": "https://bugzilla.suse.com/1232259"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49866"
},
{
"cve": "CVE-2024-49867",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49867"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: wait for fixup workers before stopping cleaner kthread during umount\n\nDuring unmount, at close_ctree(), we have the following steps in this order:\n\n1) Park the cleaner kthread - this doesn\u0027t destroy the kthread, it basically\n halts its execution (wake ups against it work but do nothing);\n\n2) We stop the cleaner kthread - this results in freeing the respective\n struct task_struct;\n\n3) We call btrfs_stop_all_workers() which waits for any jobs running in all\n the work queues and then free the work queues.\n\nSyzbot reported a case where a fixup worker resulted in a crash when doing\na delayed iput on its inode while attempting to wake up the cleaner at\nbtrfs_add_delayed_iput(), because the task_struct of the cleaner kthread\nwas already freed. This can happen during unmount because we don\u0027t wait\nfor any fixup workers still running before we call kthread_stop() against\nthe cleaner kthread, which stops and free all its resources.\n\nFix this by waiting for any fixup workers at close_ctree() before we call\nkthread_stop() against the cleaner and run pending delayed iputs.\n\nThe stack traces reported by syzbot were the following:\n\n BUG: KASAN: slab-use-after-free in __lock_acquire+0x77/0x2050 kernel/locking/lockdep.c:5065\n Read of size 8 at addr ffff8880272a8a18 by task kworker/u8:3/52\n\n CPU: 1 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted 6.12.0-rc1-syzkaller #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\n Workqueue: btrfs-fixup btrfs_work_helper\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n __lock_acquire+0x77/0x2050 kernel/locking/lockdep.c:5065\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825\n __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]\n _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162\n class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:551 [inline]\n try_to_wake_up+0xb0/0x1480 kernel/sched/core.c:4154\n btrfs_writepage_fixup_worker+0xc16/0xdf0 fs/btrfs/inode.c:2842\n btrfs_work_helper+0x390/0xc50 fs/btrfs/async-thread.c:314\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\n Allocated by task 2:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n unpoison_slab_object mm/kasan/common.c:319 [inline]\n __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:345\n kasan_slab_alloc include/linux/kasan.h:247 [inline]\n slab_post_alloc_hook mm/slub.c:4086 [inline]\n slab_alloc_node mm/slub.c:4135 [inline]\n kmem_cache_alloc_node_noprof+0x16b/0x320 mm/slub.c:4187\n alloc_task_struct_node kernel/fork.c:180 [inline]\n dup_task_struct+0x57/0x8c0 kernel/fork.c:1107\n copy_process+0x5d1/0x3d50 kernel/fork.c:2206\n kernel_clone+0x223/0x880 kernel/fork.c:2787\n kernel_thread+0x1bc/0x240 kernel/fork.c:2849\n create_kthread kernel/kthread.c:412 [inline]\n kthreadd+0x60d/0x810 kernel/kthread.c:765\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\n Freed by task 61:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:230 [inline]\n slab_free_h\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49867",
"url": "https://www.suse.com/security/cve/CVE-2024-49867"
},
{
"category": "external",
"summary": "SUSE Bug 1232262 for CVE-2024-49867",
"url": "https://bugzilla.suse.com/1232262"
},
{
"category": "external",
"summary": "SUSE Bug 1232271 for CVE-2024-49867",
"url": "https://bugzilla.suse.com/1232271"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-49867"
},
{
"cve": "CVE-2024-49868",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49868"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix a NULL pointer dereference when failed to start a new trasacntion\n\n[BUG]\nSyzbot reported a NULL pointer dereference with the following crash:\n\n FAULT_INJECTION: forcing a failure.\n start_transaction+0x830/0x1670 fs/btrfs/transaction.c:676\n prepare_to_relocate+0x31f/0x4c0 fs/btrfs/relocation.c:3642\n relocate_block_group+0x169/0xd20 fs/btrfs/relocation.c:3678\n ...\n BTRFS info (device loop0): balance: ended with status: -12\n Oops: general protection fault, probably for non-canonical address 0xdffffc00000000cc: 0000 [#1] PREEMPT SMP KASAN NOPTI\n KASAN: null-ptr-deref in range [0x0000000000000660-0x0000000000000667]\n RIP: 0010:btrfs_update_reloc_root+0x362/0xa80 fs/btrfs/relocation.c:926\n Call Trace:\n \u003cTASK\u003e\n commit_fs_roots+0x2ee/0x720 fs/btrfs/transaction.c:1496\n btrfs_commit_transaction+0xfaf/0x3740 fs/btrfs/transaction.c:2430\n del_balance_item fs/btrfs/volumes.c:3678 [inline]\n reset_balance_state+0x25e/0x3c0 fs/btrfs/volumes.c:3742\n btrfs_balance+0xead/0x10c0 fs/btrfs/volumes.c:4574\n btrfs_ioctl_balance+0x493/0x7c0 fs/btrfs/ioctl.c:3673\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n[CAUSE]\nThe allocation failure happens at the start_transaction() inside\nprepare_to_relocate(), and during the error handling we call\nunset_reloc_control(), which makes fs_info-\u003ebalance_ctl to be NULL.\n\nThen we continue the error path cleanup in btrfs_balance() by calling\nreset_balance_state() which will call del_balance_item() to fully delete\nthe balance item in the root tree.\n\nHowever during the small window between set_reloc_contrl() and\nunset_reloc_control(), we can have a subvolume tree update and created a\nreloc_root for that subvolume.\n\nThen we go into the final btrfs_commit_transaction() of\ndel_balance_item(), and into btrfs_update_reloc_root() inside\ncommit_fs_roots().\n\nThat function checks if fs_info-\u003ereloc_ctl is in the merge_reloc_tree\nstage, but since fs_info-\u003ereloc_ctl is NULL, it results a NULL pointer\ndereference.\n\n[FIX]\nJust add extra check on fs_info-\u003ereloc_ctl inside\nbtrfs_update_reloc_root(), before checking\nfs_info-\u003ereloc_ctl-\u003emerge_reloc_tree.\n\nThat DEAD_RELOC_TREE handling is to prevent further modification to the\nreloc tree during merge stage, but since there is no reloc_ctl at all,\nwe do not need to bother that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49868",
"url": "https://www.suse.com/security/cve/CVE-2024-49868"
},
{
"category": "external",
"summary": "SUSE Bug 1232272 for CVE-2024-49868",
"url": "https://bugzilla.suse.com/1232272"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49868"
},
{
"cve": "CVE-2024-49870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49870"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: fix dentry leak in cachefiles_open_file()\n\nA dentry leak may be caused when a lookup cookie and a cull are concurrent:\n\n P1 | P2\n-----------------------------------------------------------\ncachefiles_lookup_cookie\n cachefiles_look_up_object\n lookup_one_positive_unlocked\n // get dentry\n cachefiles_cull\n inode-\u003ei_flags |= S_KERNEL_FILE;\n cachefiles_open_file\n cachefiles_mark_inode_in_use\n __cachefiles_mark_inode_in_use\n can_use = false\n if (!(inode-\u003ei_flags \u0026 S_KERNEL_FILE))\n can_use = true\n\t return false\n return false\n // Returns an error but doesn\u0027t put dentry\n\nAfter that the following WARNING will be triggered when the backend folder\nis umounted:\n\n==================================================================\nBUG: Dentry 000000008ad87947{i=7a,n=Dx_1_1.img} still in use (1) [unmount of ext4 sda]\nWARNING: CPU: 4 PID: 359261 at fs/dcache.c:1767 umount_check+0x5d/0x70\nCPU: 4 PID: 359261 Comm: umount Not tainted 6.6.0-dirty #25\nRIP: 0010:umount_check+0x5d/0x70\nCall Trace:\n \u003cTASK\u003e\n d_walk+0xda/0x2b0\n do_one_tree+0x20/0x40\n shrink_dcache_for_umount+0x2c/0x90\n generic_shutdown_super+0x20/0x160\n kill_block_super+0x1a/0x40\n ext4_kill_sb+0x22/0x40\n deactivate_locked_super+0x35/0x80\n cleanup_mnt+0x104/0x160\n==================================================================\n\nWhether cachefiles_open_file() returns true or false, the reference count\nobtained by lookup_positive_unlocked() in cachefiles_look_up_object()\nshould be released.\n\nTherefore release that reference count in cachefiles_look_up_object() to\nfix the above issue and simplify the code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49870",
"url": "https://www.suse.com/security/cve/CVE-2024-49870"
},
{
"category": "external",
"summary": "SUSE Bug 1232279 for CVE-2024-49870",
"url": "https://bugzilla.suse.com/1232279"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49870"
},
{
"cve": "CVE-2024-49871",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49871"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: adp5589-keys - fix NULL pointer dereference\n\nWe register a devm action to call adp5589_clear_config() and then pass\nthe i2c client as argument so that we can call i2c_get_clientdata() in\norder to get our device object. However, i2c_set_clientdata() is only\nbeing set at the end of the probe function which means that we\u0027ll get a\nNULL pointer dereference in case the probe function fails early.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49871",
"url": "https://www.suse.com/security/cve/CVE-2024-49871"
},
{
"category": "external",
"summary": "SUSE Bug 1232287 for CVE-2024-49871",
"url": "https://bugzilla.suse.com/1232287"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49871"
},
{
"cve": "CVE-2024-49874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49874"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: master: svc: Fix use after free vulnerability in svc_i3c_master Driver Due to Race Condition\n\nIn the svc_i3c_master_probe function, \u0026master-\u003ehj_work is bound with\nsvc_i3c_master_hj_work, \u0026master-\u003eibi_work is bound with\nsvc_i3c_master_ibi_work. And svc_i3c_master_ibi_work can start the\nhj_work, svc_i3c_master_irq_handler can start the ibi_work.\n\nIf we remove the module which will call svc_i3c_master_remove to\nmake cleanup, it will free master-\u003ebase through i3c_master_unregister\nwhile the work mentioned above will be used. The sequence of operations\nthat may lead to a UAF bug is as follows:\n\nCPU0 CPU1\n\n | svc_i3c_master_hj_work\nsvc_i3c_master_remove |\ni3c_master_unregister(\u0026master-\u003ebase)|\ndevice_unregister(\u0026master-\u003edev) |\ndevice_release |\n//free master-\u003ebase |\n | i3c_master_do_daa(\u0026master-\u003ebase)\n | //use master-\u003ebase\n\nFix it by ensuring that the work is canceled before proceeding with the\ncleanup in svc_i3c_master_remove.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49874",
"url": "https://www.suse.com/security/cve/CVE-2024-49874"
},
{
"category": "external",
"summary": "SUSE Bug 1232295 for CVE-2024-49874",
"url": "https://bugzilla.suse.com/1232295"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49874"
},
{
"cve": "CVE-2024-49875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49875"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: map the EBADMSG to nfserr_io to avoid warning\n\nExt4 will throw -EBADMSG through ext4_readdir when a checksum error\noccurs, resulting in the following WARNING.\n\nFix it by mapping EBADMSG to nfserr_io.\n\nnfsd_buffered_readdir\n iterate_dir // -EBADMSG -74\n ext4_readdir // .iterate_shared\n ext4_dx_readdir\n ext4_htree_fill_tree\n htree_dirblock_to_tree\n ext4_read_dirblock\n __ext4_read_dirblock\n ext4_dirblock_csum_verify\n warn_no_space_for_csum\n __warn_no_space_for_csum\n return ERR_PTR(-EFSBADCRC) // -EBADMSG -74\n nfserrno // WARNING\n\n[ 161.115610] ------------[ cut here ]------------\n[ 161.116465] nfsd: non-standard errno: -74\n[ 161.117315] WARNING: CPU: 1 PID: 780 at fs/nfsd/nfsproc.c:878 nfserrno+0x9d/0xd0\n[ 161.118596] Modules linked in:\n[ 161.119243] CPU: 1 PID: 780 Comm: nfsd Not tainted 5.10.0-00014-g79679361fd5d #138\n[ 161.120684] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qe\nmu.org 04/01/2014\n[ 161.123601] RIP: 0010:nfserrno+0x9d/0xd0\n[ 161.124676] Code: 0f 87 da 30 dd 00 83 e3 01 b8 00 00 00 05 75 d7 44 89 ee 48 c7 c7 c0 57 24 98 89 44 24 04 c6\n 05 ce 2b 61 03 01 e8 99 20 d8 00 \u003c0f\u003e 0b 8b 44 24 04 eb b5 4c 89 e6 48 c7 c7 a0 6d a4 99 e8 cc 15 33\n[ 161.127797] RSP: 0018:ffffc90000e2f9c0 EFLAGS: 00010286\n[ 161.128794] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000\n[ 161.130089] RDX: 1ffff1103ee16f6d RSI: 0000000000000008 RDI: fffff520001c5f2a\n[ 161.131379] RBP: 0000000000000022 R08: 0000000000000001 R09: ffff8881f70c1827\n[ 161.132664] R10: ffffed103ee18304 R11: 0000000000000001 R12: 0000000000000021\n[ 161.133949] R13: 00000000ffffffb6 R14: ffff8881317c0000 R15: ffffc90000e2fbd8\n[ 161.135244] FS: 0000000000000000(0000) GS:ffff8881f7080000(0000) knlGS:0000000000000000\n[ 161.136695] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 161.137761] CR2: 00007fcaad70b348 CR3: 0000000144256006 CR4: 0000000000770ee0\n[ 161.139041] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 161.140291] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 161.141519] PKRU: 55555554\n[ 161.142076] Call Trace:\n[ 161.142575] ? __warn+0x9b/0x140\n[ 161.143229] ? nfserrno+0x9d/0xd0\n[ 161.143872] ? report_bug+0x125/0x150\n[ 161.144595] ? handle_bug+0x41/0x90\n[ 161.145284] ? exc_invalid_op+0x14/0x70\n[ 161.146009] ? asm_exc_invalid_op+0x12/0x20\n[ 161.146816] ? nfserrno+0x9d/0xd0\n[ 161.147487] nfsd_buffered_readdir+0x28b/0x2b0\n[ 161.148333] ? nfsd4_encode_dirent_fattr+0x380/0x380\n[ 161.149258] ? nfsd_buffered_filldir+0xf0/0xf0\n[ 161.150093] ? wait_for_concurrent_writes+0x170/0x170\n[ 161.151004] ? generic_file_llseek_size+0x48/0x160\n[ 161.151895] nfsd_readdir+0x132/0x190\n[ 161.152606] ? nfsd4_encode_dirent_fattr+0x380/0x380\n[ 161.153516] ? nfsd_unlink+0x380/0x380\n[ 161.154256] ? override_creds+0x45/0x60\n[ 161.155006] nfsd4_encode_readdir+0x21a/0x3d0\n[ 161.155850] ? nfsd4_encode_readlink+0x210/0x210\n[ 161.156731] ? write_bytes_to_xdr_buf+0x97/0xe0\n[ 161.157598] ? __write_bytes_to_xdr_buf+0xd0/0xd0\n[ 161.158494] ? lock_downgrade+0x90/0x90\n[ 161.159232] ? nfs4svc_decode_voidarg+0x10/0x10\n[ 161.160092] nfsd4_encode_operation+0x15a/0x440\n[ 161.160959] nfsd4_proc_compound+0x718/0xe90\n[ 161.161818] nfsd_dispatch+0x18e/0x2c0\n[ 161.162586] svc_process_common+0x786/0xc50\n[ 161.163403] ? nfsd_svc+0x380/0x380\n[ 161.164137] ? svc_printk+0x160/0x160\n[ 161.164846] ? svc_xprt_do_enqueue.part.0+0x365/0x380\n[ 161.165808] ? nfsd_svc+0x380/0x380\n[ 161.166523] ? rcu_is_watching+0x23/0x40\n[ 161.167309] svc_process+0x1a5/0x200\n[ 161.168019] nfsd+0x1f5/0x380\n[ 161.168663] ? nfsd_shutdown_threads+0x260/0x260\n[ 161.169554] kthread+0x1c4/0x210\n[ 161.170224] ? kthread_insert_work_sanity_check+0x80/0x80\n[ 161.171246] ret_from_fork+0x1f/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49875",
"url": "https://www.suse.com/security/cve/CVE-2024-49875"
},
{
"category": "external",
"summary": "SUSE Bug 1232333 for CVE-2024-49875",
"url": "https://bugzilla.suse.com/1232333"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49875"
},
{
"cve": "CVE-2024-49877",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49877"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate\n\nWhen doing cleanup, if flags without OCFS2_BH_READAHEAD, it may trigger\nNULL pointer dereference in the following ocfs2_set_buffer_uptodate() if\nbh is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49877",
"url": "https://www.suse.com/security/cve/CVE-2024-49877"
},
{
"category": "external",
"summary": "SUSE Bug 1232339 for CVE-2024-49877",
"url": "https://bugzilla.suse.com/1232339"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49877"
},
{
"cve": "CVE-2024-49878",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49878"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nresource: fix region_intersects() vs add_memory_driver_managed()\n\nOn a system with CXL memory, the resource tree (/proc/iomem) related to\nCXL memory may look like something as follows.\n\n490000000-50fffffff : CXL Window 0\n 490000000-50fffffff : region0\n 490000000-50fffffff : dax0.0\n 490000000-50fffffff : System RAM (kmem)\n\nBecause drivers/dax/kmem.c calls add_memory_driver_managed() during\nonlining CXL memory, which makes \"System RAM (kmem)\" a descendant of \"CXL\nWindow X\". This confuses region_intersects(), which expects all \"System\nRAM\" resources to be at the top level of iomem_resource. This can lead to\nbugs.\n\nFor example, when the following command line is executed to write some\nmemory in CXL memory range via /dev/mem,\n\n $ dd if=data of=/dev/mem bs=$((1 \u003c\u003c 10)) seek=$((0x490000000 \u003e\u003e 10)) count=1\n dd: error writing \u0027/dev/mem\u0027: Bad address\n 1+0 records in\n 0+0 records out\n 0 bytes copied, 0.0283507 s, 0.0 kB/s\n\nthe command fails as expected. However, the error code is wrong. It\nshould be \"Operation not permitted\" instead of \"Bad address\". More\nseriously, the /dev/mem permission checking in devmem_is_allowed() passes\nincorrectly. Although the accessing is prevented later because ioremap()\nisn\u0027t allowed to map system RAM, it is a potential security issue. During\ncommand executing, the following warning is reported in the kernel log for\ncalling ioremap() on system RAM.\n\n ioremap on RAM at 0x0000000490000000 - 0x0000000490000fff\n WARNING: CPU: 2 PID: 416 at arch/x86/mm/ioremap.c:216 __ioremap_caller.constprop.0+0x131/0x35d\n Call Trace:\n memremap+0xcb/0x184\n xlate_dev_mem_ptr+0x25/0x2f\n write_mem+0x94/0xfb\n vfs_write+0x128/0x26d\n ksys_write+0xac/0xfe\n do_syscall_64+0x9a/0xfd\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nThe details of command execution process are as follows. In the above\nresource tree, \"System RAM\" is a descendant of \"CXL Window 0\" instead of a\ntop level resource. So, region_intersects() will report no System RAM\nresources in the CXL memory region incorrectly, because it only checks the\ntop level resources. Consequently, devmem_is_allowed() will return 1\n(allow access via /dev/mem) for CXL memory region incorrectly. \nFortunately, ioremap() doesn\u0027t allow to map System RAM and reject the\naccess.\n\nSo, region_intersects() needs to be fixed to work correctly with the\nresource tree with \"System RAM\" not at top level as above. To fix it, if\nwe found a unmatched resource in the top level, we will continue to search\nmatched resources in its descendant resources. So, we will not miss any\nmatched resources in resource tree anymore.\n\nIn the new implementation, an example resource tree\n\n|------------- \"CXL Window 0\" ------------|\n|-- \"System RAM\" --|\n\nwill behave similar as the following fake resource tree for\nregion_intersects(, IORESOURCE_SYSTEM_RAM, ),\n\n|-- \"System RAM\" --||-- \"CXL Window 0a\" --|\n\nWhere \"CXL Window 0a\" is part of the original \"CXL Window 0\" that\nisn\u0027t covered by \"System RAM\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49878",
"url": "https://www.suse.com/security/cve/CVE-2024-49878"
},
{
"category": "external",
"summary": "SUSE Bug 1232340 for CVE-2024-49878",
"url": "https://bugzilla.suse.com/1232340"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49878"
},
{
"cve": "CVE-2024-49879",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49879"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: omapdrm: Add missing check for alloc_ordered_workqueue\n\nAs it may return NULL pointer and cause NULL pointer dereference. Add check\nfor the return value of alloc_ordered_workqueue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49879",
"url": "https://www.suse.com/security/cve/CVE-2024-49879"
},
{
"category": "external",
"summary": "SUSE Bug 1232349 for CVE-2024-49879",
"url": "https://bugzilla.suse.com/1232349"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49879"
},
{
"cve": "CVE-2024-49881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49881"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: update orig_path in ext4_find_extent()\n\nIn ext4_find_extent(), if the path is not big enough, we free it and set\n*orig_path to NULL. But after reallocating and successfully initializing\nthe path, we don\u0027t update *orig_path, in which case the caller gets a\nvalid path but a NULL ppath, and this may cause a NULL pointer dereference\nor a path memory leak. For example:\n\next4_split_extent\n path = *ppath = 2000\n ext4_find_extent\n if (depth \u003e path[0].p_maxdepth)\n kfree(path = 2000);\n *orig_path = path = NULL;\n path = kcalloc() = 3000\n ext4_split_extent_at(*ppath = NULL)\n path = *ppath;\n ex = path[depth].p_ext;\n // NULL pointer dereference!\n\n==================================================================\nBUG: kernel NULL pointer dereference, address: 0000000000000010\nCPU: 6 UID: 0 PID: 576 Comm: fsstress Not tainted 6.11.0-rc2-dirty #847\nRIP: 0010:ext4_split_extent_at+0x6d/0x560\nCall Trace:\n \u003cTASK\u003e\n ext4_split_extent.isra.0+0xcb/0x1b0\n ext4_ext_convert_to_initialized+0x168/0x6c0\n ext4_ext_handle_unwritten_extents+0x325/0x4d0\n ext4_ext_map_blocks+0x520/0xdb0\n ext4_map_blocks+0x2b0/0x690\n ext4_iomap_begin+0x20e/0x2c0\n[...]\n==================================================================\n\nTherefore, *orig_path is updated when the extent lookup succeeds, so that\nthe caller can safely use path or *ppath.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49881",
"url": "https://www.suse.com/security/cve/CVE-2024-49881"
},
{
"category": "external",
"summary": "SUSE Bug 1232201 for CVE-2024-49881",
"url": "https://bugzilla.suse.com/1232201"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49881"
},
{
"cve": "CVE-2024-49882",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49882"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix double brelse() the buffer of the extents path\n\nIn ext4_ext_try_to_merge_up(), set path[1].p_bh to NULL after it has been\nreleased, otherwise it may be released twice. An example of what triggers\nthis is as follows:\n\n split2 map split1\n|--------|-------|--------|\n\next4_ext_map_blocks\n ext4_ext_handle_unwritten_extents\n ext4_split_convert_extents\n // path-\u003ep_depth == 0\n ext4_split_extent\n // 1. do split1\n ext4_split_extent_at\n |ext4_ext_insert_extent\n | ext4_ext_create_new_leaf\n | ext4_ext_grow_indepth\n | le16_add_cpu(\u0026neh-\u003eeh_depth, 1)\n | ext4_find_extent\n | // return -ENOMEM\n |// get error and try zeroout\n |path = ext4_find_extent\n | path-\u003ep_depth = 1\n |ext4_ext_try_to_merge\n | ext4_ext_try_to_merge_up\n | path-\u003ep_depth = 0\n | brelse(path[1].p_bh) ---\u003e not set to NULL here\n |// zeroout success\n // 2. update path\n ext4_find_extent\n // 3. do split2\n ext4_split_extent_at\n ext4_ext_insert_extent\n ext4_ext_create_new_leaf\n ext4_ext_grow_indepth\n le16_add_cpu(\u0026neh-\u003eeh_depth, 1)\n ext4_find_extent\n path[0].p_bh = NULL;\n path-\u003ep_depth = 1\n read_extent_tree_block ---\u003e return err\n // path[1].p_bh is still the old value\n ext4_free_ext_path\n ext4_ext_drop_refs\n // path-\u003ep_depth == 1\n brelse(path[1].p_bh) ---\u003e brelse a buffer twice\n\nFinally got the following WARRNING when removing the buffer from lru:\n\n============================================\nVFS: brelse: Trying to free free buffer\nWARNING: CPU: 2 PID: 72 at fs/buffer.c:1241 __brelse+0x58/0x90\nCPU: 2 PID: 72 Comm: kworker/u19:1 Not tainted 6.9.0-dirty #716\nRIP: 0010:__brelse+0x58/0x90\nCall Trace:\n \u003cTASK\u003e\n __find_get_block+0x6e7/0x810\n bdev_getblk+0x2b/0x480\n __ext4_get_inode_loc+0x48a/0x1240\n ext4_get_inode_loc+0xb2/0x150\n ext4_reserve_inode_write+0xb7/0x230\n __ext4_mark_inode_dirty+0x144/0x6a0\n ext4_ext_insert_extent+0x9c8/0x3230\n ext4_ext_map_blocks+0xf45/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n============================================",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49882",
"url": "https://www.suse.com/security/cve/CVE-2024-49882"
},
{
"category": "external",
"summary": "SUSE Bug 1232200 for CVE-2024-49882",
"url": "https://bugzilla.suse.com/1232200"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49882"
},
{
"cve": "CVE-2024-49883",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49883"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: aovid use-after-free in ext4_ext_insert_extent()\n\nAs Ojaswin mentioned in Link, in ext4_ext_insert_extent(), if the path is\nreallocated in ext4_ext_create_new_leaf(), we\u0027ll use the stale path and\ncause UAF. Below is a sample trace with dummy values:\n\next4_ext_insert_extent\n path = *ppath = 2000\n ext4_ext_create_new_leaf(ppath)\n ext4_find_extent(ppath)\n path = *ppath = 2000\n if (depth \u003e path[0].p_maxdepth)\n kfree(path = 2000);\n *ppath = path = NULL;\n path = kcalloc() = 3000\n *ppath = 3000;\n return path;\n /* here path is still 2000, UAF! */\n eh = path[depth].p_hdr\n\n==================================================================\nBUG: KASAN: slab-use-after-free in ext4_ext_insert_extent+0x26d4/0x3330\nRead of size 8 at addr ffff8881027bf7d0 by task kworker/u36:1/179\nCPU: 3 UID: 0 PID: 179 Comm: kworker/u6:1 Not tainted 6.11.0-rc2-dirty #866\nCall Trace:\n \u003cTASK\u003e\n ext4_ext_insert_extent+0x26d4/0x3330\n ext4_ext_map_blocks+0xe22/0x2d40\n ext4_map_blocks+0x71e/0x1700\n ext4_do_writepages+0x1290/0x2800\n[...]\n\nAllocated by task 179:\n ext4_find_extent+0x81c/0x1f70\n ext4_ext_map_blocks+0x146/0x2d40\n ext4_map_blocks+0x71e/0x1700\n ext4_do_writepages+0x1290/0x2800\n ext4_writepages+0x26d/0x4e0\n do_writepages+0x175/0x700\n[...]\n\nFreed by task 179:\n kfree+0xcb/0x240\n ext4_find_extent+0x7c0/0x1f70\n ext4_ext_insert_extent+0xa26/0x3330\n ext4_ext_map_blocks+0xe22/0x2d40\n ext4_map_blocks+0x71e/0x1700\n ext4_do_writepages+0x1290/0x2800\n ext4_writepages+0x26d/0x4e0\n do_writepages+0x175/0x700\n[...]\n==================================================================\n\nSo use *ppath to update the path to avoid the above problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49883",
"url": "https://www.suse.com/security/cve/CVE-2024-49883"
},
{
"category": "external",
"summary": "SUSE Bug 1232199 for CVE-2024-49883",
"url": "https://bugzilla.suse.com/1232199"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49883"
},
{
"cve": "CVE-2024-49884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49884"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix slab-use-after-free in ext4_split_extent_at()\n\nWe hit the following use-after-free:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in ext4_split_extent_at+0xba8/0xcc0\nRead of size 2 at addr ffff88810548ed08 by task kworker/u20:0/40\nCPU: 0 PID: 40 Comm: kworker/u20:0 Not tainted 6.9.0-dirty #724\nCall Trace:\n \u003cTASK\u003e\n kasan_report+0x93/0xc0\n ext4_split_extent_at+0xba8/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nAllocated by task 40:\n __kmalloc_noprof+0x1ac/0x480\n ext4_find_extent+0xf3b/0x1e70\n ext4_ext_map_blocks+0x188/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nFreed by task 40:\n kfree+0xf1/0x2b0\n ext4_find_extent+0xa71/0x1e70\n ext4_ext_insert_extent+0xa22/0x3260\n ext4_split_extent_at+0x3ef/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n==================================================================\n\nThe flow of issue triggering is as follows:\n\next4_split_extent_at\n path = *ppath\n ext4_ext_insert_extent(ppath)\n ext4_ext_create_new_leaf(ppath)\n ext4_find_extent(orig_path)\n path = *orig_path\n read_extent_tree_block\n // return -ENOMEM or -EIO\n ext4_free_ext_path(path)\n kfree(path)\n *orig_path = NULL\n a. If err is -ENOMEM:\n ext4_ext_dirty(path + path-\u003ep_depth)\n // path use-after-free !!!\n b. If err is -EIO and we have EXT_DEBUG defined:\n ext4_ext_show_leaf(path)\n eh = path[depth].p_hdr\n // path also use-after-free !!!\n\nSo when trying to zeroout or fix the extent length, call ext4_find_extent()\nto update the path.\n\nIn addition we use *ppath directly as an ext4_ext_show_leaf() input to\navoid possible use-after-free when EXT_DEBUG is defined, and to avoid\nunnecessary path updates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49884",
"url": "https://www.suse.com/security/cve/CVE-2024-49884"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-49884",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232198 for CVE-2024-49884",
"url": "https://bugzilla.suse.com/1232198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49884"
},
{
"cve": "CVE-2024-49886",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49886"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug\n\nAttaching SST PCI device to VM causes \"BUG: KASAN: slab-out-of-bounds\".\nkasan report:\n[ 19.411889] ==================================================================\n[ 19.413702] BUG: KASAN: slab-out-of-bounds in _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common]\n[ 19.415634] Read of size 8 at addr ffff888829e65200 by task cpuhp/16/113\n[ 19.417368]\n[ 19.418627] CPU: 16 PID: 113 Comm: cpuhp/16 Tainted: G E 6.9.0 #10\n[ 19.420435] Hardware name: VMware, Inc. VMware20,1/440BX Desktop Reference Platform, BIOS VMW201.00V.20192059.B64.2207280713 07/28/2022\n[ 19.422687] Call Trace:\n[ 19.424091] \u003cTASK\u003e\n[ 19.425448] dump_stack_lvl+0x5d/0x80\n[ 19.426963] ? _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common]\n[ 19.428694] print_report+0x19d/0x52e\n[ 19.430206] ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n[ 19.431837] ? _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common]\n[ 19.433539] kasan_report+0xf0/0x170\n[ 19.435019] ? _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common]\n[ 19.436709] _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common]\n[ 19.438379] ? __pfx_sched_clock_cpu+0x10/0x10\n[ 19.439910] isst_if_cpu_online+0x406/0x58f [isst_if_common]\n[ 19.441573] ? __pfx_isst_if_cpu_online+0x10/0x10 [isst_if_common]\n[ 19.443263] ? ttwu_queue_wakelist+0x2c1/0x360\n[ 19.444797] cpuhp_invoke_callback+0x221/0xec0\n[ 19.446337] cpuhp_thread_fun+0x21b/0x610\n[ 19.447814] ? __pfx_cpuhp_thread_fun+0x10/0x10\n[ 19.449354] smpboot_thread_fn+0x2e7/0x6e0\n[ 19.450859] ? __pfx_smpboot_thread_fn+0x10/0x10\n[ 19.452405] kthread+0x29c/0x350\n[ 19.453817] ? __pfx_kthread+0x10/0x10\n[ 19.455253] ret_from_fork+0x31/0x70\n[ 19.456685] ? __pfx_kthread+0x10/0x10\n[ 19.458114] ret_from_fork_asm+0x1a/0x30\n[ 19.459573] \u003c/TASK\u003e\n[ 19.460853]\n[ 19.462055] Allocated by task 1198:\n[ 19.463410] kasan_save_stack+0x30/0x50\n[ 19.464788] kasan_save_track+0x14/0x30\n[ 19.466139] __kasan_kmalloc+0xaa/0xb0\n[ 19.467465] __kmalloc+0x1cd/0x470\n[ 19.468748] isst_if_cdev_register+0x1da/0x350 [isst_if_common]\n[ 19.470233] isst_if_mbox_init+0x108/0xff0 [isst_if_mbox_msr]\n[ 19.471670] do_one_initcall+0xa4/0x380\n[ 19.472903] do_init_module+0x238/0x760\n[ 19.474105] load_module+0x5239/0x6f00\n[ 19.475285] init_module_from_file+0xd1/0x130\n[ 19.476506] idempotent_init_module+0x23b/0x650\n[ 19.477725] __x64_sys_finit_module+0xbe/0x130\n[ 19.476506] idempotent_init_module+0x23b/0x650\n[ 19.477725] __x64_sys_finit_module+0xbe/0x130\n[ 19.478920] do_syscall_64+0x82/0x160\n[ 19.480036] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 19.481292]\n[ 19.482205] The buggy address belongs to the object at ffff888829e65000\n which belongs to the cache kmalloc-512 of size 512\n[ 19.484818] The buggy address is located 0 bytes to the right of\n allocated 512-byte region [ffff888829e65000, ffff888829e65200)\n[ 19.487447]\n[ 19.488328] The buggy address belongs to the physical page:\n[ 19.489569] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888829e60c00 pfn:0x829e60\n[ 19.491140] head: order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0\n[ 19.492466] anon flags: 0x57ffffc0000840(slab|head|node=1|zone=2|lastcpupid=0x1fffff)\n[ 19.493914] page_type: 0xffffffff()\n[ 19.494988] raw: 0057ffffc0000840 ffff88810004cc80 0000000000000000 0000000000000001\n[ 19.496451] raw: ffff888829e60c00 0000000080200018 00000001ffffffff 0000000000000000\n[ 19.497906] head: 0057ffffc0000840 ffff88810004cc80 0000000000000000 0000000000000001\n[ 19.499379] head: ffff888829e60c00 0000000080200018 00000001ffffffff 0000000000000000\n[ 19.500844] head: 0057ffffc0000003 ffffea0020a79801 ffffea0020a79848 00000000ffffffff\n[ 19.502316] head: 0000000800000000 0000000000000000 00000000ffffffff 0000000000000000\n[ 19.503784] page dumped because: k\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49886",
"url": "https://www.suse.com/security/cve/CVE-2024-49886"
},
{
"category": "external",
"summary": "SUSE Bug 1232196 for CVE-2024-49886",
"url": "https://bugzilla.suse.com/1232196"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49886"
},
{
"cve": "CVE-2024-49888",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49888"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a sdiv overflow issue\n\nZac Ecob reported a problem where a bpf program may cause kernel crash due\nto the following error:\n Oops: divide error: 0000 [#1] PREEMPT SMP KASAN PTI\n\nThe failure is due to the below signed divide:\n LLONG_MIN/-1 where LLONG_MIN equals to -9,223,372,036,854,775,808.\nLLONG_MIN/-1 is supposed to give a positive number 9,223,372,036,854,775,808,\nbut it is impossible since for 64-bit system, the maximum positive\nnumber is 9,223,372,036,854,775,807. On x86_64, LLONG_MIN/-1 will\ncause a kernel exception. On arm64, the result for LLONG_MIN/-1 is\nLLONG_MIN.\n\nFurther investigation found all the following sdiv/smod cases may trigger\nan exception when bpf program is running on x86_64 platform:\n - LLONG_MIN/-1 for 64bit operation\n - INT_MIN/-1 for 32bit operation\n - LLONG_MIN%-1 for 64bit operation\n - INT_MIN%-1 for 32bit operation\nwhere -1 can be an immediate or in a register.\n\nOn arm64, there are no exceptions:\n - LLONG_MIN/-1 = LLONG_MIN\n - INT_MIN/-1 = INT_MIN\n - LLONG_MIN%-1 = 0\n - INT_MIN%-1 = 0\nwhere -1 can be an immediate or in a register.\n\nInsn patching is needed to handle the above cases and the patched codes\nproduced results aligned with above arm64 result. The below are pseudo\ncodes to handle sdiv/smod exceptions including both divisor -1 and divisor 0\nand the divisor is stored in a register.\n\nsdiv:\n tmp = rX\n tmp += 1 /* [-1, 0] -\u003e [0, 1]\n if tmp \u003e(unsigned) 1 goto L2\n if tmp == 0 goto L1\n rY = 0\n L1:\n rY = -rY;\n goto L3\n L2:\n rY /= rX\n L3:\n\nsmod:\n tmp = rX\n tmp += 1 /* [-1, 0] -\u003e [0, 1]\n if tmp \u003e(unsigned) 1 goto L1\n if tmp == 1 (is64 ? goto L2 : goto L3)\n rY = 0;\n goto L2\n L1:\n rY %= rX\n L2:\n goto L4 // only when !is64\n L3:\n wY = wY // only when !is64\n L4:\n\n [1] https://lore.kernel.org/bpf/tPJLTEh7S_DxFEqAI2Ji5MBSoZVg7_G-Py2iaZpAaWtM961fFTWtsnlzwvTbzBzaUzwQAoNATXKUlt0LZOFgnDcIyKCswAnAGdUF3LBrhGQ=@protonmail.com/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49888",
"url": "https://www.suse.com/security/cve/CVE-2024-49888"
},
{
"category": "external",
"summary": "SUSE Bug 1232208 for CVE-2024-49888",
"url": "https://bugzilla.suse.com/1232208"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49888"
},
{
"cve": "CVE-2024-49890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49890"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: ensure the fw_info is not null before using it\n\nThis resolves the dereference null return value warning\nreported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49890",
"url": "https://www.suse.com/security/cve/CVE-2024-49890"
},
{
"category": "external",
"summary": "SUSE Bug 1232217 for CVE-2024-49890",
"url": "https://bugzilla.suse.com/1232217"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49890"
},
{
"cve": "CVE-2024-49891",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49891"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths\n\nWhen the HBA is undergoing a reset or is handling an errata event, NULL ptr\ndereference crashes may occur in routines such as\nlpfc_sli_flush_io_rings(), lpfc_dev_loss_tmo_callbk(), or\nlpfc_abort_handler().\n\nAdd NULL ptr checks before dereferencing hdwq pointers that may have been\nfreed due to operations colliding with a reset or errata event handler.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49891",
"url": "https://www.suse.com/security/cve/CVE-2024-49891"
},
{
"category": "external",
"summary": "SUSE Bug 1232218 for CVE-2024-49891",
"url": "https://bugzilla.suse.com/1232218"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49891"
},
{
"cve": "CVE-2024-49892",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49892"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Initialize get_bytes_per_element\u0027s default to 1\n\nVariables, used as denominators and maybe not assigned to other values,\nshould not be 0. bytes_per_element_y \u0026 bytes_per_element_c are\ninitialized by get_bytes_per_element() which should never return 0.\n\nThis fixes 10 DIVIDE_BY_ZERO issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49892",
"url": "https://www.suse.com/security/cve/CVE-2024-49892"
},
{
"category": "external",
"summary": "SUSE Bug 1232220 for CVE-2024-49892",
"url": "https://bugzilla.suse.com/1232220"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49892"
},
{
"cve": "CVE-2024-49894",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49894"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix index out of bounds in degamma hardware format translation\n\nFixes index out of bounds issue in\n`cm_helper_translate_curve_to_degamma_hw_format` function. The issue\ncould occur when the index \u0027i\u0027 exceeds the number of transfer function\npoints (TRANSFER_FUNC_POINTS).\n\nThe fix adds a check to ensure \u0027i\u0027 is within bounds before accessing the\ntransfer function points. If \u0027i\u0027 is out of bounds the function returns\nfalse to indicate an error.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:594 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.red\u0027 1025 \u003c= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:595 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.green\u0027 1025 \u003c= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:596 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.blue\u0027 1025 \u003c= s32max",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49894",
"url": "https://www.suse.com/security/cve/CVE-2024-49894"
},
{
"category": "external",
"summary": "SUSE Bug 1232354 for CVE-2024-49894",
"url": "https://bugzilla.suse.com/1232354"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49894"
},
{
"cve": "CVE-2024-49895",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49895"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation\n\nThis commit addresses a potential index out of bounds issue in the\n`cm3_helper_translate_curve_to_degamma_hw_format` function in the DCN30\ncolor management module. The issue could occur when the index \u0027i\u0027\nexceeds the number of transfer function points (TRANSFER_FUNC_POINTS).\n\nThe fix adds a check to ensure \u0027i\u0027 is within bounds before accessing the\ntransfer function points. If \u0027i\u0027 is out of bounds, the function returns\nfalse to indicate an error.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:338 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.red\u0027 1025 \u003c= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:339 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.green\u0027 1025 \u003c= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:340 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.blue\u0027 1025 \u003c= s32max",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49895",
"url": "https://www.suse.com/security/cve/CVE-2024-49895"
},
{
"category": "external",
"summary": "SUSE Bug 1232352 for CVE-2024-49895",
"url": "https://bugzilla.suse.com/1232352"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "low"
}
],
"title": "CVE-2024-49895"
},
{
"cve": "CVE-2024-49896",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49896"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check stream before comparing them\n\n[WHAT \u0026 HOW]\namdgpu_dm can pass a null stream to dc_is_stream_unchanged. It is\nnecessary to check for null before dereferencing them.\n\nThis fixes 1 FORWARD_NULL issue reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49896",
"url": "https://www.suse.com/security/cve/CVE-2024-49896"
},
{
"category": "external",
"summary": "SUSE Bug 1232221 for CVE-2024-49896",
"url": "https://bugzilla.suse.com/1232221"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49896"
},
{
"cve": "CVE-2024-49897",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49897"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check phantom_stream before it is used\n\ndcn32_enable_phantom_stream can return null, so returned value\nmust be checked before used.\n\nThis fixes 1 NULL_RETURNS issue reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49897",
"url": "https://www.suse.com/security/cve/CVE-2024-49897"
},
{
"category": "external",
"summary": "SUSE Bug 1232355 for CVE-2024-49897",
"url": "https://bugzilla.suse.com/1232355"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49897"
},
{
"cve": "CVE-2024-49898",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49898"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check null-initialized variables\n\n[WHAT \u0026 HOW]\ndrr_timing and subvp_pipe are initialized to null and they are not\nalways assigned new values. It is necessary to check for null before\ndereferencing.\n\nThis fixes 2 FORWARD_NULL issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49898",
"url": "https://www.suse.com/security/cve/CVE-2024-49898"
},
{
"category": "external",
"summary": "SUSE Bug 1232222 for CVE-2024-49898",
"url": "https://bugzilla.suse.com/1232222"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49898"
},
{
"cve": "CVE-2024-49899",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49899"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Initialize denominators\u0027 default to 1\n\n[WHAT \u0026 HOW]\nVariables used as denominators and maybe not assigned to other values,\nshould not be 0. Change their default to 1 so they are never 0.\n\nThis fixes 10 DIVIDE_BY_ZERO issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49899",
"url": "https://www.suse.com/security/cve/CVE-2024-49899"
},
{
"category": "external",
"summary": "SUSE Bug 1232358 for CVE-2024-49899",
"url": "https://bugzilla.suse.com/1232358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49899"
},
{
"cve": "CVE-2024-49900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49900"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix uninit-value access of new_ea in ea_buffer\n\nsyzbot reports that lzo1x_1_do_compress is using uninit-value:\n\n=====================================================\nBUG: KMSAN: uninit-value in lzo1x_1_do_compress+0x19f9/0x2510 lib/lzo/lzo1x_compress.c:178\n\n...\n\nUninit was stored to memory at:\n ea_put fs/jfs/xattr.c:639 [inline]\n\n...\n\nLocal variable ea_buf created at:\n __jfs_setxattr+0x5d/0x1ae0 fs/jfs/xattr.c:662\n __jfs_xattr_set+0xe6/0x1f0 fs/jfs/xattr.c:934\n\n=====================================================\n\nThe reason is ea_buf-\u003enew_ea is not initialized properly.\n\nFix this by using memset to empty its content at the beginning\nin ea_get().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49900",
"url": "https://www.suse.com/security/cve/CVE-2024-49900"
},
{
"category": "external",
"summary": "SUSE Bug 1232359 for CVE-2024-49900",
"url": "https://bugzilla.suse.com/1232359"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49900"
},
{
"cve": "CVE-2024-49901",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49901"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/adreno: Assign msm_gpu-\u003epdev earlier to avoid nullptrs\n\nThere are some cases, such as the one uncovered by Commit 46d4efcccc68\n(\"drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails\")\nwhere\n\nmsm_gpu_cleanup() : platform_set_drvdata(gpu-\u003epdev, NULL);\n\nis called on gpu-\u003epdev == NULL, as the GPU device has not been fully\ninitialized yet.\n\nTurns out that there\u0027s more than just the aforementioned path that\ncauses this to happen (e.g. the case when there\u0027s speedbin data in the\ncatalog, but opp-supported-hw is missing in DT).\n\nAssigning msm_gpu-\u003epdev earlier seems like the least painful solution\nto this, therefore do so.\n\nPatchwork: https://patchwork.freedesktop.org/patch/602742/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49901",
"url": "https://www.suse.com/security/cve/CVE-2024-49901"
},
{
"category": "external",
"summary": "SUSE Bug 1232305 for CVE-2024-49901",
"url": "https://bugzilla.suse.com/1232305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49901"
},
{
"cve": "CVE-2024-49902",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49902"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: check if leafidx greater than num leaves per dmap tree\n\nsyzbot report a out of bounds in dbSplit, it because dmt_leafidx greater\nthan num leaves per dmap tree, add a checking for dmt_leafidx in dbFindLeaf.\n\nShaggy:\nModified sanity check to apply to control pages as well as leaf pages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49902",
"url": "https://www.suse.com/security/cve/CVE-2024-49902"
},
{
"category": "external",
"summary": "SUSE Bug 1232378 for CVE-2024-49902",
"url": "https://bugzilla.suse.com/1232378"
},
{
"category": "external",
"summary": "SUSE Bug 1232379 for CVE-2024-49902",
"url": "https://bugzilla.suse.com/1232379"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-49902"
},
{
"cve": "CVE-2024-49903",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49903"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix uaf in dbFreeBits\n\n[syzbot reported]\n==================================================================\nBUG: KASAN: slab-use-after-free in __mutex_lock_common kernel/locking/mutex.c:587 [inline]\nBUG: KASAN: slab-use-after-free in __mutex_lock+0xfe/0xd70 kernel/locking/mutex.c:752\nRead of size 8 at addr ffff8880229254b0 by task syz-executor357/5216\n\nCPU: 0 UID: 0 PID: 5216 Comm: syz-executor357 Not tainted 6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n __mutex_lock_common kernel/locking/mutex.c:587 [inline]\n __mutex_lock+0xfe/0xd70 kernel/locking/mutex.c:752\n dbFreeBits+0x7ea/0xd90 fs/jfs/jfs_dmap.c:2390\n dbFreeDmap fs/jfs/jfs_dmap.c:2089 [inline]\n dbFree+0x35b/0x680 fs/jfs/jfs_dmap.c:409\n dbDiscardAG+0x8a9/0xa20 fs/jfs/jfs_dmap.c:1650\n jfs_ioc_trim+0x433/0x670 fs/jfs/jfs_discard.c:100\n jfs_ioctl+0x2d0/0x3e0 fs/jfs/ioctl.c:131\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n\nFreed by task 5218:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579\n poison_slab_object+0xe0/0x150 mm/kasan/common.c:240\n __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256\n kasan_slab_free include/linux/kasan.h:184 [inline]\n slab_free_hook mm/slub.c:2252 [inline]\n slab_free mm/slub.c:4473 [inline]\n kfree+0x149/0x360 mm/slub.c:4594\n dbUnmount+0x11d/0x190 fs/jfs/jfs_dmap.c:278\n jfs_mount_rw+0x4ac/0x6a0 fs/jfs/jfs_mount.c:247\n jfs_remount+0x3d1/0x6b0 fs/jfs/super.c:454\n reconfigure_super+0x445/0x880 fs/super.c:1083\n vfs_cmd_reconfigure fs/fsopen.c:263 [inline]\n vfs_fsconfig_locked fs/fsopen.c:292 [inline]\n __do_sys_fsconfig fs/fsopen.c:473 [inline]\n __se_sys_fsconfig+0xb6e/0xf80 fs/fsopen.c:345\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n[Analysis]\nThere are two paths (dbUnmount and jfs_ioc_trim) that generate race\ncondition when accessing bmap, which leads to the occurrence of uaf.\n\nUse the lock s_umount to synchronize them, in order to avoid uaf caused\nby race condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49903",
"url": "https://www.suse.com/security/cve/CVE-2024-49903"
},
{
"category": "external",
"summary": "SUSE Bug 1232362 for CVE-2024-49903",
"url": "https://bugzilla.suse.com/1232362"
},
{
"category": "external",
"summary": "SUSE Bug 1233020 for CVE-2024-49903",
"url": "https://bugzilla.suse.com/1233020"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-49903"
},
{
"cve": "CVE-2024-49905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49905"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check for \u0027afb\u0027 in amdgpu_dm_plane_handle_cursor_update (v2)\n\nThis commit adds a null check for the \u0027afb\u0027 variable in the\namdgpu_dm_plane_handle_cursor_update function. Previously, \u0027afb\u0027 was\nassumed to be null, but was used later in the code without a null check.\nThis could potentially lead to a null pointer dereference.\n\nChanges since v1:\n- Moved the null check for \u0027afb\u0027 to the line where \u0027afb\u0027 is used. (Alex)\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_plane.c:1298 amdgpu_dm_plane_handle_cursor_update() error: we previously assumed \u0027afb\u0027 could be null (see line 1252)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49905",
"url": "https://www.suse.com/security/cve/CVE-2024-49905"
},
{
"category": "external",
"summary": "SUSE Bug 1232357 for CVE-2024-49905",
"url": "https://bugzilla.suse.com/1232357"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49905"
},
{
"cve": "CVE-2024-49906",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49906"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check null pointer before try to access it\n\n[why \u0026 how]\nChange the order of the pipe_ctx-\u003eplane_state check to ensure that\nplane_state is not null before accessing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49906",
"url": "https://www.suse.com/security/cve/CVE-2024-49906"
},
{
"category": "external",
"summary": "SUSE Bug 1232332 for CVE-2024-49906",
"url": "https://bugzilla.suse.com/1232332"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49906"
},
{
"cve": "CVE-2024-49907",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49907"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check null pointers before using dc-\u003eclk_mgr\n\n[WHY \u0026 HOW]\ndc-\u003eclk_mgr is null checked previously in the same function, indicating\nit might be null.\n\nPassing \"dc\" to \"dc-\u003ehwss.apply_idle_power_optimizations\", which\ndereferences null \"dc-\u003eclk_mgr\". (The function pointer resolves to\n\"dcn35_apply_idle_power_optimizations\".)\n\nThis fixes 1 FORWARD_NULL issue reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49907",
"url": "https://www.suse.com/security/cve/CVE-2024-49907"
},
{
"category": "external",
"summary": "SUSE Bug 1232334 for CVE-2024-49907",
"url": "https://bugzilla.suse.com/1232334"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49907"
},
{
"cve": "CVE-2024-49908",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49908"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check for \u0027afb\u0027 in amdgpu_dm_update_cursor (v2)\n\nThis commit adds a null check for the \u0027afb\u0027 variable in the\namdgpu_dm_update_cursor function. Previously, \u0027afb\u0027 was assumed to be\nnull at line 8388, but was used later in the code without a null check.\nThis could potentially lead to a null pointer dereference.\n\nChanges since v1:\n- Moved the null check for \u0027afb\u0027 to the line where \u0027afb\u0027 is used. (Alex)\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:8433 amdgpu_dm_update_cursor()\n\terror: we previously assumed \u0027afb\u0027 could be null (see line 8388)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49908",
"url": "https://www.suse.com/security/cve/CVE-2024-49908"
},
{
"category": "external",
"summary": "SUSE Bug 1232335 for CVE-2024-49908",
"url": "https://bugzilla.suse.com/1232335"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49908"
},
{
"cve": "CVE-2024-49909",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49909"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func\n\nThis commit adds a null check for the set_output_gamma function pointer\nin the dcn32_set_output_transfer_func function. Previously,\nset_output_gamma was being checked for null, but then it was being\ndereferenced without any null check. This could lead to a null pointer\ndereference if set_output_gamma is null.\n\nTo fix this, we now ensure that set_output_gamma is not null before\ndereferencing it. We do this by adding a null check for set_output_gamma\nbefore the call to set_output_gamma.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49909",
"url": "https://www.suse.com/security/cve/CVE-2024-49909"
},
{
"category": "external",
"summary": "SUSE Bug 1232337 for CVE-2024-49909",
"url": "https://bugzilla.suse.com/1232337"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49909"
},
{
"cve": "CVE-2024-49911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49911"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func\n\nThis commit adds a null check for the set_output_gamma function pointer\nin the dcn20_set_output_transfer_func function. Previously,\nset_output_gamma was being checked for null at line 1030, but then it\nwas being dereferenced without any null check at line 1048. This could\npotentially lead to a null pointer dereference error if set_output_gamma\nis null.\n\nTo fix this, we now ensure that set_output_gamma is not null before\ndereferencing it. We do this by adding a null check for set_output_gamma\nbefore the call to set_output_gamma at line 1048.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49911",
"url": "https://www.suse.com/security/cve/CVE-2024-49911"
},
{
"category": "external",
"summary": "SUSE Bug 1232366 for CVE-2024-49911",
"url": "https://bugzilla.suse.com/1232366"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49911"
},
{
"cve": "CVE-2024-49912",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49912"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Handle null \u0027stream_status\u0027 in \u0027planes_changed_for_existing_stream\u0027\n\nThis commit adds a null check for \u0027stream_status\u0027 in the function\n\u0027planes_changed_for_existing_stream\u0027. Previously, the code assumed\n\u0027stream_status\u0027 could be null, but did not handle the case where it was\nactually null. This could lead to a null pointer dereference.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_resource.c:3784 planes_changed_for_existing_stream() error: we previously assumed \u0027stream_status\u0027 could be null (see line 3774)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49912",
"url": "https://www.suse.com/security/cve/CVE-2024-49912"
},
{
"category": "external",
"summary": "SUSE Bug 1232367 for CVE-2024-49912",
"url": "https://bugzilla.suse.com/1232367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49912"
},
{
"cve": "CVE-2024-49913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49913"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream\n\nThis commit addresses a null pointer dereference issue in the\n`commit_planes_for_stream` function at line 4140. The issue could occur\nwhen `top_pipe_to_program` is null.\n\nThe fix adds a check to ensure `top_pipe_to_program` is not null before\naccessing its stream_res. This prevents a null pointer dereference.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/core/dc.c:4140 commit_planes_for_stream() error: we previously assumed \u0027top_pipe_to_program\u0027 could be null (see line 3906)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49913",
"url": "https://www.suse.com/security/cve/CVE-2024-49913"
},
{
"category": "external",
"summary": "SUSE Bug 1232307 for CVE-2024-49913",
"url": "https://bugzilla.suse.com/1232307"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49913"
},
{
"cve": "CVE-2024-49914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49914"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check for pipe_ctx-\u003eplane_state in dcn20_program_pipe\n\nThis commit addresses a null pointer dereference issue in the\n`dcn20_program_pipe` function. The issue could occur when\n`pipe_ctx-\u003eplane_state` is null.\n\nThe fix adds a check to ensure `pipe_ctx-\u003eplane_state` is not null\nbefore accessing. This prevents a null pointer dereference.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn20/dcn20_hwseq.c:1925 dcn20_program_pipe() error: we previously assumed \u0027pipe_ctx-\u003eplane_state\u0027 could be null (see line 1877)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49914",
"url": "https://www.suse.com/security/cve/CVE-2024-49914"
},
{
"category": "external",
"summary": "SUSE Bug 1232369 for CVE-2024-49914",
"url": "https://bugzilla.suse.com/1232369"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49914"
},
{
"cve": "CVE-2024-49917",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49917"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL check for clk_mgr and clk_mgr-\u003efuncs in dcn30_init_hw\n\nThis commit addresses a potential null pointer dereference issue in the\n`dcn30_init_hw` function. The issue could occur when `dc-\u003eclk_mgr` or\n`dc-\u003eclk_mgr-\u003efuncs` is null.\n\nThe fix adds a check to ensure `dc-\u003eclk_mgr` and `dc-\u003eclk_mgr-\u003efuncs` is\nnot null before accessing its functions. This prevents a potential null\npointer dereference.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:789 dcn30_init_hw() error: we previously assumed \u0027dc-\u003eclk_mgr\u0027 could be null (see line 628)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49917",
"url": "https://www.suse.com/security/cve/CVE-2024-49917"
},
{
"category": "external",
"summary": "SUSE Bug 1231965 for CVE-2024-49917",
"url": "https://bugzilla.suse.com/1231965"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49917"
},
{
"cve": "CVE-2024-49918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49918"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer\n\nThis commit addresses a potential null pointer dereference issue in the\n`dcn32_acquire_idle_pipe_for_head_pipe_in_layer` function. The issue\ncould occur when `head_pipe` is null.\n\nThe fix adds a check to ensure `head_pipe` is not null before asserting\nit. If `head_pipe` is null, the function returns NULL to prevent a\npotential null pointer dereference.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn32/dcn32_resource.c:2690 dcn32_acquire_idle_pipe_for_head_pipe_in_layer() error: we previously assumed \u0027head_pipe\u0027 could be null (see line 2681)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49918",
"url": "https://www.suse.com/security/cve/CVE-2024-49918"
},
{
"category": "external",
"summary": "SUSE Bug 1231967 for CVE-2024-49918",
"url": "https://bugzilla.suse.com/1231967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49918"
},
{
"cve": "CVE-2024-49919",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49919"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer\n\nThis commit addresses a potential null pointer dereference issue in the\n`dcn201_acquire_free_pipe_for_layer` function. The issue could occur\nwhen `head_pipe` is null.\n\nThe fix adds a check to ensure `head_pipe` is not null before asserting\nit. If `head_pipe` is null, the function returns NULL to prevent a\npotential null pointer dereference.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn201/dcn201_resource.c:1016 dcn201_acquire_free_pipe_for_layer() error: we previously assumed \u0027head_pipe\u0027 could be null (see line 1010)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49919",
"url": "https://www.suse.com/security/cve/CVE-2024-49919"
},
{
"category": "external",
"summary": "SUSE Bug 1231968 for CVE-2024-49919",
"url": "https://bugzilla.suse.com/1231968"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49919"
},
{
"cve": "CVE-2024-49920",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49920"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check null pointers before multiple uses\n\n[WHAT \u0026 HOW]\nPoniters, such as stream_enc and dc-\u003ebw_vbios, are null checked previously\nin the same function, so Coverity warns \"implies that stream_enc and\ndc-\u003ebw_vbios might be null\". They are used multiple times in the\nsubsequent code and need to be checked.\n\nThis fixes 10 FORWARD_NULL issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49920",
"url": "https://www.suse.com/security/cve/CVE-2024-49920"
},
{
"category": "external",
"summary": "SUSE Bug 1232313 for CVE-2024-49920",
"url": "https://bugzilla.suse.com/1232313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49920"
},
{
"cve": "CVE-2024-49921",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49921"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check null pointers before used\n\n[WHAT \u0026 HOW]\nPoniters, such as dc-\u003eclk_mgr, are null checked previously in the same\nfunction, so Coverity warns \"implies that \"dc-\u003eclk_mgr\" might be null\".\nAs a result, these pointers need to be checked when used again.\n\nThis fixes 10 FORWARD_NULL issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49921",
"url": "https://www.suse.com/security/cve/CVE-2024-49921"
},
{
"category": "external",
"summary": "SUSE Bug 1232371 for CVE-2024-49921",
"url": "https://bugzilla.suse.com/1232371"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49921"
},
{
"cve": "CVE-2024-49922",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49922"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check null pointers before using them\n\n[WHAT \u0026 HOW]\nThese pointers are null checked previously in the same function,\nindicating they might be null as reported by Coverity. As a result,\nthey need to be checked when used again.\n\nThis fixes 3 FORWARD_NULL issue reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49922",
"url": "https://www.suse.com/security/cve/CVE-2024-49922"
},
{
"category": "external",
"summary": "SUSE Bug 1232374 for CVE-2024-49922",
"url": "https://bugzilla.suse.com/1232374"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49922"
},
{
"cve": "CVE-2024-49923",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49923"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags\n\n[WHAT \u0026 HOW]\n\"dcn20_validate_apply_pipe_split_flags\" dereferences merge, and thus it\ncannot be a null pointer. Let\u0027s pass a valid pointer to avoid null\ndereference.\n\nThis fixes 2 FORWARD_NULL issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49923",
"url": "https://www.suse.com/security/cve/CVE-2024-49923"
},
{
"category": "external",
"summary": "SUSE Bug 1232361 for CVE-2024-49923",
"url": "https://bugzilla.suse.com/1232361"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49923"
},
{
"cve": "CVE-2024-49925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49925"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: efifb: Register sysfs groups through driver core\n\nThe driver core can register and cleanup sysfs groups already.\nMake use of that functionality to simplify the error handling and\ncleanup.\n\nAlso avoid a UAF race during unregistering where the sysctl attributes\nwere usable after the info struct was freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49925",
"url": "https://www.suse.com/security/cve/CVE-2024-49925"
},
{
"category": "external",
"summary": "SUSE Bug 1232224 for CVE-2024-49925",
"url": "https://bugzilla.suse.com/1232224"
},
{
"category": "external",
"summary": "SUSE Bug 1232225 for CVE-2024-49925",
"url": "https://bugzilla.suse.com/1232225"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49925"
},
{
"cve": "CVE-2024-49928",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49928"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: avoid reading out of bounds when loading TX power FW elements\n\nBecause the loop-expression will do one more time before getting false from\ncond-expression, the original code copied one more entry size beyond valid\nregion.\n\nFix it by moving the entry copy to loop-body.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49928",
"url": "https://www.suse.com/security/cve/CVE-2024-49928"
},
{
"category": "external",
"summary": "SUSE Bug 1232250 for CVE-2024-49928",
"url": "https://bugzilla.suse.com/1232250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49928"
},
{
"cve": "CVE-2024-49929",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49929"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: avoid NULL pointer dereference\n\niwl_mvm_tx_skb_sta() and iwl_mvm_tx_mpdu() verify that the mvmvsta\npointer is not NULL.\nIt retrieves this pointer using iwl_mvm_sta_from_mac80211, which is\ndereferencing the ieee80211_sta pointer.\nIf sta is NULL, iwl_mvm_sta_from_mac80211 will dereference a NULL\npointer.\nFix this by checking the sta pointer before retrieving the mvmsta\nfrom it. If sta is not NULL, then mvmsta isn\u0027t either.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49929",
"url": "https://www.suse.com/security/cve/CVE-2024-49929"
},
{
"category": "external",
"summary": "SUSE Bug 1232253 for CVE-2024-49929",
"url": "https://bugzilla.suse.com/1232253"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49929"
},
{
"cve": "CVE-2024-49930",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49930"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix array out-of-bound access in SoC stats\n\nCurrently, the ath11k_soc_dp_stats::hal_reo_error array is defined with a\nmaximum size of DP_REO_DST_RING_MAX. However, the ath11k_dp_process_rx()\nfunction access ath11k_soc_dp_stats::hal_reo_error using the REO\ndestination SRNG ring ID, which is incorrect. SRNG ring ID differ from\nnormal ring ID, and this usage leads to out-of-bounds array access. To fix\nthis issue, modify ath11k_dp_process_rx() to use the normal ring ID\ndirectly instead of the SRNG ring ID to avoid out-of-bounds array access.\n\nTested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49930",
"url": "https://www.suse.com/security/cve/CVE-2024-49930"
},
{
"category": "external",
"summary": "SUSE Bug 1232260 for CVE-2024-49930",
"url": "https://bugzilla.suse.com/1232260"
},
{
"category": "external",
"summary": "SUSE Bug 1232261 for CVE-2024-49930",
"url": "https://bugzilla.suse.com/1232261"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-49930"
},
{
"cve": "CVE-2024-49931",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49931"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix array out-of-bound access in SoC stats\n\nCurrently, the ath12k_soc_dp_stats::hal_reo_error array is defined with a\nmaximum size of DP_REO_DST_RING_MAX. However, the ath12k_dp_rx_process()\nfunction access ath12k_soc_dp_stats::hal_reo_error using the REO\ndestination SRNG ring ID, which is incorrect. SRNG ring ID differ from\nnormal ring ID, and this usage leads to out-of-bounds array access. To\nfix this issue, modify ath12k_dp_rx_process() to use the normal ring ID\ndirectly instead of the SRNG ring ID to avoid out-of-bounds array access.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49931",
"url": "https://www.suse.com/security/cve/CVE-2024-49931"
},
{
"category": "external",
"summary": "SUSE Bug 1232275 for CVE-2024-49931",
"url": "https://bugzilla.suse.com/1232275"
},
{
"category": "external",
"summary": "SUSE Bug 1232277 for CVE-2024-49931",
"url": "https://bugzilla.suse.com/1232277"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-49931"
},
{
"cve": "CVE-2024-49933",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49933"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk_iocost: fix more out of bound shifts\n\nRecently running UBSAN caught few out of bound shifts in the\nioc_forgive_debts() function:\n\nUBSAN: shift-out-of-bounds in block/blk-iocost.c:2142:38\nshift exponent 80 is too large for 64-bit type \u0027u64\u0027 (aka \u0027unsigned long\nlong\u0027)\n...\nUBSAN: shift-out-of-bounds in block/blk-iocost.c:2144:30\nshift exponent 80 is too large for 64-bit type \u0027u64\u0027 (aka \u0027unsigned long\nlong\u0027)\n...\nCall Trace:\n\u003cIRQ\u003e\ndump_stack_lvl+0xca/0x130\n__ubsan_handle_shift_out_of_bounds+0x22c/0x280\n? __lock_acquire+0x6441/0x7c10\nioc_timer_fn+0x6cec/0x7750\n? blk_iocost_init+0x720/0x720\n? call_timer_fn+0x5d/0x470\ncall_timer_fn+0xfa/0x470\n? blk_iocost_init+0x720/0x720\n__run_timer_base+0x519/0x700\n...\n\nActual impact of this issue was not identified but I propose to fix the\nundefined behaviour.\nThe proposed fix to prevent those out of bound shifts consist of\nprecalculating exponent before using it the shift operations by taking\nmin value from the actual exponent and maximum possible number of bits.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49933",
"url": "https://www.suse.com/security/cve/CVE-2024-49933"
},
{
"category": "external",
"summary": "SUSE Bug 1232368 for CVE-2024-49933",
"url": "https://bugzilla.suse.com/1232368"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49933"
},
{
"cve": "CVE-2024-49934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49934"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name\n\nIt\u0027s observed that a crash occurs during hot-remove a memory device,\nin which user is accessing the hugetlb. See calltrace as following:\n\n------------[ cut here ]------------\nWARNING: CPU: 1 PID: 14045 at arch/x86/mm/fault.c:1278 do_user_addr_fault+0x2a0/0x790\nModules linked in: kmem device_dax cxl_mem cxl_pmem cxl_port cxl_pci dax_hmem dax_pmem nd_pmem cxl_acpi nd_btt cxl_core crc32c_intel nvme virtiofs fuse nvme_core nfit libnvdimm dm_multipath scsi_dh_rdac scsi_dh_emc s\nmirror dm_region_hash dm_log dm_mod\nCPU: 1 PID: 14045 Comm: daxctl Not tainted 6.10.0-rc2-lizhijian+ #492\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nRIP: 0010:do_user_addr_fault+0x2a0/0x790\nCode: 48 8b 00 a8 04 0f 84 b5 fe ff ff e9 1c ff ff ff 4c 89 e9 4c 89 e2 be 01 00 00 00 bf 02 00 00 00 e8 b5 ef 24 00 e9 42 fe ff ff \u003c0f\u003e 0b 48 83 c4 08 4c 89 ea 48 89 ee 4c 89 e7 5b 5d 41 5c 41 5d 41\nRSP: 0000:ffffc90000a575f0 EFLAGS: 00010046\nRAX: ffff88800c303600 RBX: 0000000000000000 RCX: 0000000000000000\nRDX: 0000000000001000 RSI: ffffffff82504162 RDI: ffffffff824b2c36\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffc90000a57658\nR13: 0000000000001000 R14: ffff88800bc2e040 R15: 0000000000000000\nFS: 00007f51cb57d880(0000) GS:ffff88807fd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000001000 CR3: 00000000072e2004 CR4: 00000000001706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? __warn+0x8d/0x190\n ? do_user_addr_fault+0x2a0/0x790\n ? report_bug+0x1c3/0x1d0\n ? handle_bug+0x3c/0x70\n ? exc_invalid_op+0x14/0x70\n ? asm_exc_invalid_op+0x16/0x20\n ? do_user_addr_fault+0x2a0/0x790\n ? exc_page_fault+0x31/0x200\n exc_page_fault+0x68/0x200\n\u003c...snip...\u003e\nBUG: unable to handle page fault for address: 0000000000001000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 800000000ad92067 P4D 800000000ad92067 PUD 7677067 PMD 0\n Oops: Oops: 0000 [#1] PREEMPT SMP PTI\n ---[ end trace 0000000000000000 ]---\n BUG: unable to handle page fault for address: 0000000000001000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 800000000ad92067 P4D 800000000ad92067 PUD 7677067 PMD 0\n Oops: Oops: 0000 [#1] PREEMPT SMP PTI\n CPU: 1 PID: 14045 Comm: daxctl Kdump: loaded Tainted: G W 6.10.0-rc2-lizhijian+ #492\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n RIP: 0010:dentry_name+0x1f4/0x440\n\u003c...snip...\u003e\n? dentry_name+0x2fa/0x440\nvsnprintf+0x1f3/0x4f0\nvprintk_store+0x23a/0x540\nvprintk_emit+0x6d/0x330\n_printk+0x58/0x80\ndump_mapping+0x10b/0x1a0\n? __pfx_free_object_rcu+0x10/0x10\n__dump_page+0x26b/0x3e0\n? vprintk_emit+0xe0/0x330\n? _printk+0x58/0x80\n? dump_page+0x17/0x50\ndump_page+0x17/0x50\ndo_migrate_range+0x2f7/0x7f0\n? do_migrate_range+0x42/0x7f0\n? offline_pages+0x2f4/0x8c0\noffline_pages+0x60a/0x8c0\nmemory_subsys_offline+0x9f/0x1c0\n? lockdep_hardirqs_on+0x77/0x100\n? _raw_spin_unlock_irqrestore+0x38/0x60\ndevice_offline+0xe3/0x110\nstate_store+0x6e/0xc0\nkernfs_fop_write_iter+0x143/0x200\nvfs_write+0x39f/0x560\nksys_write+0x65/0xf0\ndo_syscall_64+0x62/0x130\n\nPreviously, some sanity check have been done in dump_mapping() before\nthe print facility parsing \u0027%pd\u0027 though, it\u0027s still possible to run into\nan invalid dentry.d_name.name.\n\nSince dump_mapping() only needs to dump the filename only, retrieve it\nby itself in a safer way to prevent an unnecessary crash.\n\nNote that either retrieving the filename with \u0027%pd\u0027 or\nstrncpy_from_kernel_nofault(), the filename could be unreliable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49934",
"url": "https://www.suse.com/security/cve/CVE-2024-49934"
},
{
"category": "external",
"summary": "SUSE Bug 1232387 for CVE-2024-49934",
"url": "https://bugzilla.suse.com/1232387"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49934"
},
{
"cve": "CVE-2024-49935",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49935"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: PAD: fix crash in exit_round_robin()\n\nThe kernel occasionally crashes in cpumask_clear_cpu(), which is called\nwithin exit_round_robin(), because when executing clear_bit(nr, addr) with\nnr set to 0xffffffff, the address calculation may cause misalignment within\nthe memory, leading to access to an invalid memory address.\n\n----------\nBUG: unable to handle kernel paging request at ffffffffe0740618\n ...\nCPU: 3 PID: 2919323 Comm: acpi_pad/14 Kdump: loaded Tainted: G OE X --------- - - 4.18.0-425.19.2.el8_7.x86_64 #1\n ...\nRIP: 0010:power_saving_thread+0x313/0x411 [acpi_pad]\nCode: 89 cd 48 89 d3 eb d1 48 c7 c7 55 70 72 c0 e8 64 86 b0 e4 c6 05 0d a1 02 00 01 e9 bc fd ff ff 45 89 e4 42 8b 04 a5 20 82 72 c0 \u003cf0\u003e 48 0f b3 05 f4 9c 01 00 42 c7 04 a5 20 82 72 c0 ff ff ff ff 31\nRSP: 0018:ff72a5d51fa77ec8 EFLAGS: 00010202\nRAX: 00000000ffffffff RBX: ff462981e5d8cb80 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000246 RDI: 0000000000000246\nRBP: ff46297556959d80 R08: 0000000000000382 R09: ff46297c8d0f38d8\nR10: 0000000000000000 R11: 0000000000000001 R12: 000000000000000e\nR13: 0000000000000000 R14: ffffffffffffffff R15: 000000000000000e\nFS: 0000000000000000(0000) GS:ff46297a800c0000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffffffffe0740618 CR3: 0000007e20410004 CR4: 0000000000771ee0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n ? acpi_pad_add+0x120/0x120 [acpi_pad]\n kthread+0x10b/0x130\n ? set_kthread_struct+0x50/0x50\n ret_from_fork+0x1f/0x40\n ...\nCR2: ffffffffe0740618\n\ncrash\u003e dis -lr ffffffffc0726923\n ...\n/usr/src/debug/kernel-4.18.0-425.19.2.el8_7/linux-4.18.0-425.19.2.el8_7.x86_64/./include/linux/cpumask.h: 114\n0xffffffffc0726918 \u003cpower_saving_thread+776\u003e:\tmov %r12d,%r12d\n/usr/src/debug/kernel-4.18.0-425.19.2.el8_7/linux-4.18.0-425.19.2.el8_7.x86_64/./include/linux/cpumask.h: 325\n0xffffffffc072691b \u003cpower_saving_thread+779\u003e:\tmov -0x3f8d7de0(,%r12,4),%eax\n/usr/src/debug/kernel-4.18.0-425.19.2.el8_7/linux-4.18.0-425.19.2.el8_7.x86_64/./arch/x86/include/asm/bitops.h: 80\n0xffffffffc0726923 \u003cpower_saving_thread+787\u003e:\tlock btr %rax,0x19cf4(%rip) # 0xffffffffc0740620 \u003cpad_busy_cpus_bits\u003e\n\ncrash\u003e px tsk_in_cpu[14]\n$66 = 0xffffffff\n\ncrash\u003e px 0xffffffffc072692c+0x19cf4\n$99 = 0xffffffffc0740620\n\ncrash\u003e sym 0xffffffffc0740620\nffffffffc0740620 (b) pad_busy_cpus_bits [acpi_pad]\n\ncrash\u003e px pad_busy_cpus_bits[0]\n$42 = 0xfffc0\n----------\n\nTo fix this, ensure that tsk_in_cpu[tsk_index] != -1 before calling\ncpumask_clear_cpu() in exit_round_robin(), just as it is done in\nround_robin_cpu().\n\n[ rjw: Subject edit, avoid updates to the same value ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49935",
"url": "https://www.suse.com/security/cve/CVE-2024-49935"
},
{
"category": "external",
"summary": "SUSE Bug 1232370 for CVE-2024-49935",
"url": "https://bugzilla.suse.com/1232370"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49935"
},
{
"cve": "CVE-2024-49936",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49936"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/xen-netback: prevent UAF in xenvif_flush_hash()\n\nDuring the list_for_each_entry_rcu iteration call of xenvif_flush_hash,\nkfree_rcu does not exist inside the rcu read critical section, so if\nkfree_rcu is called when the rcu grace period ends during the iteration,\nUAF occurs when accessing head-\u003enext after the entry becomes free.\n\nTherefore, to solve this, you need to change it to list_for_each_entry_safe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49936",
"url": "https://www.suse.com/security/cve/CVE-2024-49936"
},
{
"category": "external",
"summary": "SUSE Bug 1232424 for CVE-2024-49936",
"url": "https://bugzilla.suse.com/1232424"
},
{
"category": "external",
"summary": "SUSE Bug 1232426 for CVE-2024-49936",
"url": "https://bugzilla.suse.com/1232426"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-49936"
},
{
"cve": "CVE-2024-49937",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49937"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: Set correct chandef when starting CAC\n\nWhen starting CAC in a mode other than AP mode, it return a\n\"WARNING: CPU: 0 PID: 63 at cfg80211_chandef_dfs_usable+0x20/0xaf [cfg80211]\"\ncaused by the chandef.chan being null at the end of CAC.\n\nSolution: Ensure the channel definition is set for the different modes\nwhen starting CAC to avoid getting a NULL \u0027chan\u0027 at the end of CAC.\n\n Call Trace:\n ? show_regs.part.0+0x14/0x16\n ? __warn+0x67/0xc0\n ? cfg80211_chandef_dfs_usable+0x20/0xaf [cfg80211]\n ? report_bug+0xa7/0x130\n ? exc_overflow+0x30/0x30\n ? handle_bug+0x27/0x50\n ? exc_invalid_op+0x18/0x60\n ? handle_exception+0xf6/0xf6\n ? exc_overflow+0x30/0x30\n ? cfg80211_chandef_dfs_usable+0x20/0xaf [cfg80211]\n ? exc_overflow+0x30/0x30\n ? cfg80211_chandef_dfs_usable+0x20/0xaf [cfg80211]\n ? regulatory_propagate_dfs_state.cold+0x1b/0x4c [cfg80211]\n ? cfg80211_propagate_cac_done_wk+0x1a/0x30 [cfg80211]\n ? process_one_work+0x165/0x280\n ? worker_thread+0x120/0x3f0\n ? kthread+0xc2/0xf0\n ? process_one_work+0x280/0x280\n ? kthread_complete_and_exit+0x20/0x20\n ? ret_from_fork+0x19/0x24\n\n[shorten subject, remove OCB, reorder cases to match previous list]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49937",
"url": "https://www.suse.com/security/cve/CVE-2024-49937"
},
{
"category": "external",
"summary": "SUSE Bug 1232427 for CVE-2024-49937",
"url": "https://bugzilla.suse.com/1232427"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49937"
},
{
"cve": "CVE-2024-49938",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49938"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit\n\nSyzbot points out that skb_trim() has a sanity check on the existing length of\nthe skb, which can be uninitialised in some error paths. The intent here is\nclearly just to reset the length to zero before resubmitting, so switch to\ncalling __skb_set_length(skb, 0) directly. In addition, __skb_set_length()\nalready contains a call to skb_reset_tail_pointer(), so remove the redundant\ncall.\n\nThe syzbot report came from ath9k_hif_usb_reg_in_cb(), but there\u0027s a similar\nusage of skb_trim() in ath9k_hif_usb_rx_cb(), change both while we\u0027re at it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49938",
"url": "https://www.suse.com/security/cve/CVE-2024-49938"
},
{
"category": "external",
"summary": "SUSE Bug 1232552 for CVE-2024-49938",
"url": "https://bugzilla.suse.com/1232552"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49938"
},
{
"cve": "CVE-2024-49939",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49939"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: avoid to add interface to list twice when SER\n\nIf SER L2 occurs during the WoWLAN resume flow, the add interface flow\nis triggered by ieee80211_reconfig(). However, due to\nrtw89_wow_resume() return failure, it will cause the add interface flow\nto be executed again, resulting in a double add list and causing a kernel\npanic. Therefore, we have added a check to prevent double adding of the\nlist.\n\nlist_add double add: new=ffff99d6992e2010, prev=ffff99d6992e2010, next=ffff99d695302628.\n------------[ cut here ]------------\nkernel BUG at lib/list_debug.c:37!\ninvalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 0 PID: 9 Comm: kworker/0:1 Tainted: G W O 6.6.30-02659-gc18865c4dfbd #1 770df2933251a0e3c888ba69d1053a817a6376a7\nHardware name: HP Grunt/Grunt, BIOS Google_Grunt.11031.169.0 06/24/2021\nWorkqueue: events_freezable ieee80211_restart_work [mac80211]\nRIP: 0010:__list_add_valid_or_report+0x5e/0xb0\nCode: c7 74 18 48 39 ce 74 13 b0 01 59 5a 5e 5f 41 58 41 59 41 5a 5d e9 e2 d6 03 00 cc 48 c7 c7 8d 4f 17 83 48 89 c2 e8 02 c0 00 00 \u003c0f\u003e 0b 48 c7 c7 aa 8c 1c 83 e8 f4 bf 00 00 0f 0b 48 c7 c7 c8 bc 12\nRSP: 0018:ffffa91b8007bc50 EFLAGS: 00010246\nRAX: 0000000000000058 RBX: ffff99d6992e0900 RCX: a014d76c70ef3900\nRDX: ffffa91b8007bae8 RSI: 00000000ffffdfff RDI: 0000000000000001\nRBP: ffffa91b8007bc88 R08: 0000000000000000 R09: ffffa91b8007bae0\nR10: 00000000ffffdfff R11: ffffffff83a79800 R12: ffff99d695302060\nR13: ffff99d695300900 R14: ffff99d6992e1be0 R15: ffff99d6992e2010\nFS: 0000000000000000(0000) GS:ffff99d6aac00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000078fbdba43480 CR3: 000000010e464000 CR4: 00000000001506f0\nCall Trace:\n \u003cTASK\u003e\n ? __die_body+0x1f/0x70\n ? die+0x3d/0x60\n ? do_trap+0xa4/0x110\n ? __list_add_valid_or_report+0x5e/0xb0\n ? do_error_trap+0x6d/0x90\n ? __list_add_valid_or_report+0x5e/0xb0\n ? handle_invalid_op+0x30/0x40\n ? __list_add_valid_or_report+0x5e/0xb0\n ? exc_invalid_op+0x3c/0x50\n ? asm_exc_invalid_op+0x16/0x20\n ? __list_add_valid_or_report+0x5e/0xb0\n rtw89_ops_add_interface+0x309/0x310 [rtw89_core 7c32b1ee6854761c0321027c8a58c5160e41f48f]\n drv_add_interface+0x5c/0x130 [mac80211 83e989e6e616bd5b4b8a2b0a9f9352a2c385a3bc]\n ieee80211_reconfig+0x241/0x13d0 [mac80211 83e989e6e616bd5b4b8a2b0a9f9352a2c385a3bc]\n ? finish_wait+0x3e/0x90\n ? synchronize_rcu_expedited+0x174/0x260\n ? sync_rcu_exp_done_unlocked+0x50/0x50\n ? wake_bit_function+0x40/0x40\n ieee80211_restart_work+0xf0/0x140 [mac80211 83e989e6e616bd5b4b8a2b0a9f9352a2c385a3bc]\n process_scheduled_works+0x1e5/0x480\n worker_thread+0xea/0x1e0\n kthread+0xdb/0x110\n ? move_linked_works+0x90/0x90\n ? kthread_associate_blkcg+0xa0/0xa0\n ret_from_fork+0x3b/0x50\n ? kthread_associate_blkcg+0xa0/0xa0\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e\nModules linked in: dm_integrity async_xor xor async_tx lz4 lz4_compress zstd zstd_compress zram zsmalloc rfcomm cmac uinput algif_hash algif_skcipher af_alg btusb btrtl iio_trig_hrtimer industrialio_sw_trigger btmtk industrialio_configfs btbcm btintel uvcvideo videobuf2_vmalloc iio_trig_sysfs videobuf2_memops videobuf2_v4l2 videobuf2_common uvc snd_hda_codec_hdmi veth snd_hda_intel snd_intel_dspcfg acpi_als snd_hda_codec industrialio_triggered_buffer kfifo_buf snd_hwdep industrialio i2c_piix4 snd_hda_core designware_i2s ip6table_nat snd_soc_max98357a xt_MASQUERADE xt_cgroup snd_soc_acp_rt5682_mach fuse rtw89_8922ae(O) rtw89_8922a(O) rtw89_pci(O) rtw89_core(O) 8021q mac80211(O) bluetooth ecdh_generic ecc cfg80211 r8152 mii joydev\ngsmi: Log Shutdown Reason 0x03\n---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49939",
"url": "https://www.suse.com/security/cve/CVE-2024-49939"
},
{
"category": "external",
"summary": "SUSE Bug 1232381 for CVE-2024-49939",
"url": "https://bugzilla.suse.com/1232381"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49939"
},
{
"cve": "CVE-2024-49944",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49944"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start\n\nIn sctp_listen_start() invoked by sctp_inet_listen(), it should set the\nsk_state back to CLOSED if sctp_autobind() fails due to whatever reason.\n\nOtherwise, next time when calling sctp_inet_listen(), if sctp_sk(sk)-\u003ereuse\nis already set via setsockopt(SCTP_REUSE_PORT), sctp_sk(sk)-\u003ebind_hash will\nbe dereferenced as sk_state is LISTENING, which causes a crash as bind_hash\nis NULL.\n\n KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\n RIP: 0010:sctp_inet_listen+0x7f0/0xa20 net/sctp/socket.c:8617\n Call Trace:\n \u003cTASK\u003e\n __sys_listen_socket net/socket.c:1883 [inline]\n __sys_listen+0x1b7/0x230 net/socket.c:1894\n __do_sys_listen net/socket.c:1902 [inline]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49944",
"url": "https://www.suse.com/security/cve/CVE-2024-49944"
},
{
"category": "external",
"summary": "SUSE Bug 1232166 for CVE-2024-49944",
"url": "https://bugzilla.suse.com/1232166"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49944"
},
{
"cve": "CVE-2024-49945",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49945"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/ncsi: Disable the ncsi work before freeing the associated structure\n\nThe work function can run after the ncsi device is freed, resulting\nin use-after-free bugs or kernel panic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49945",
"url": "https://www.suse.com/security/cve/CVE-2024-49945"
},
{
"category": "external",
"summary": "SUSE Bug 1232165 for CVE-2024-49945",
"url": "https://bugzilla.suse.com/1232165"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49945"
},
{
"cve": "CVE-2024-49946",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49946"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: do not assume bh is held in ppp_channel_bridge_input()\n\nNetworking receive path is usually handled from BH handler.\nHowever, some protocols need to acquire the socket lock, and\npackets might be stored in the socket backlog is the socket was\nowned by a user process.\n\nIn this case, release_sock(), __release_sock(), and sk_backlog_rcv()\nmight call the sk-\u003esk_backlog_rcv() handler in process context.\n\nsybot caught ppp was not considering this case in\nppp_channel_bridge_input() :\n\nWARNING: inconsistent lock state\n6.11.0-rc7-syzkaller-g5f5673607153 #0 Not tainted\n--------------------------------\ninconsistent {SOFTIRQ-ON-W} -\u003e {IN-SOFTIRQ-W} usage.\nksoftirqd/1/24 [HC0[0]:SC1[1]:HE1:SE0] takes:\n ffff0000db7f11e0 (\u0026pch-\u003edownl){+.?.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]\n ffff0000db7f11e0 (\u0026pch-\u003edownl){+.?.}-{2:2}, at: ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2272 [inline]\n ffff0000db7f11e0 (\u0026pch-\u003edownl){+.?.}-{2:2}, at: ppp_input+0x16c/0x854 drivers/net/ppp/ppp_generic.c:2304\n{SOFTIRQ-ON-W} state was registered at:\n lock_acquire+0x240/0x728 kernel/locking/lockdep.c:5759\n __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]\n _raw_spin_lock+0x48/0x60 kernel/locking/spinlock.c:154\n spin_lock include/linux/spinlock.h:351 [inline]\n ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2272 [inline]\n ppp_input+0x16c/0x854 drivers/net/ppp/ppp_generic.c:2304\n pppoe_rcv_core+0xfc/0x314 drivers/net/ppp/pppoe.c:379\n sk_backlog_rcv include/net/sock.h:1111 [inline]\n __release_sock+0x1a8/0x3d8 net/core/sock.c:3004\n release_sock+0x68/0x1b8 net/core/sock.c:3558\n pppoe_sendmsg+0xc8/0x5d8 drivers/net/ppp/pppoe.c:903\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n __sys_sendto+0x374/0x4f4 net/socket.c:2204\n __do_sys_sendto net/socket.c:2216 [inline]\n __se_sys_sendto net/socket.c:2212 [inline]\n __arm64_sys_sendto+0xd8/0xf8 net/socket.c:2212\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712\n el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730\n el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598\nirq event stamp: 282914\n hardirqs last enabled at (282914): [\u003cffff80008b42e30c\u003e] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]\n hardirqs last enabled at (282914): [\u003cffff80008b42e30c\u003e] _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:194\n hardirqs last disabled at (282913): [\u003cffff80008b42e13c\u003e] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline]\n hardirqs last disabled at (282913): [\u003cffff80008b42e13c\u003e] _raw_spin_lock_irqsave+0x2c/0x7c kernel/locking/spinlock.c:162\n softirqs last enabled at (282904): [\u003cffff8000801f8e88\u003e] softirq_handle_end kernel/softirq.c:400 [inline]\n softirqs last enabled at (282904): [\u003cffff8000801f8e88\u003e] handle_softirqs+0xa3c/0xbfc kernel/softirq.c:582\n softirqs last disabled at (282909): [\u003cffff8000801fbdf8\u003e] run_ksoftirqd+0x70/0x158 kernel/softirq.c:928\n\nother info that might help us debug this:\n Possible unsafe locking scenario:\n\n CPU0\n ----\n lock(\u0026pch-\u003edownl);\n \u003cInterrupt\u003e\n lock(\u0026pch-\u003edownl);\n\n *** DEADLOCK ***\n\n1 lock held by ksoftirqd/1/24:\n #0: ffff80008f74dfa0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:325\n\nstack backtrace:\nCPU: 1 UID: 0 PID: 24 Comm: ksoftirqd/1 Not tainted 6.11.0-rc7-syzkaller-g5f5673607153 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall trace:\n dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:319\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:326\n __dump_sta\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49946",
"url": "https://www.suse.com/security/cve/CVE-2024-49946"
},
{
"category": "external",
"summary": "SUSE Bug 1232164 for CVE-2024-49946",
"url": "https://bugzilla.suse.com/1232164"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49946"
},
{
"cve": "CVE-2024-49947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49947"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: test for not too small csum_start in virtio_net_hdr_to_skb()\n\nsyzbot was able to trigger this warning [1], after injecting a\nmalicious packet through af_packet, setting skb-\u003ecsum_start and thus\nthe transport header to an incorrect value.\n\nWe can at least make sure the transport header is after\nthe end of the network header (with a estimated minimal size).\n\n[1]\n[ 67.873027] skb len=4096 headroom=16 headlen=14 tailroom=0\nmac=(-1,-1) mac_len=0 net=(16,-6) trans=10\nshinfo(txflags=0 nr_frags=1 gso(size=0 type=0 segs=0))\ncsum(0xa start=10 offset=0 ip_summed=3 complete_sw=0 valid=0 level=0)\nhash(0x0 sw=0 l4=0) proto=0x0800 pkttype=0 iif=0\npriority=0x0 mark=0x0 alloc_cpu=10 vlan_all=0x0\nencapsulation=0 inner(proto=0x0000, mac=0, net=0, trans=0)\n[ 67.877172] dev name=veth0_vlan feat=0x000061164fdd09e9\n[ 67.877764] sk family=17 type=3 proto=0\n[ 67.878279] skb linear: 00000000: 00 00 10 00 00 00 00 00 0f 00 00 00 08 00\n[ 67.879128] skb frag: 00000000: 0e 00 07 00 00 00 28 00 08 80 1c 00 04 00 00 02\n[ 67.879877] skb frag: 00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.880647] skb frag: 00000020: 00 00 02 00 00 00 08 00 1b 00 00 00 00 00 00 00\n[ 67.881156] skb frag: 00000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.881753] skb frag: 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.882173] skb frag: 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.882790] skb frag: 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.883171] skb frag: 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.883733] skb frag: 00000080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.884206] skb frag: 00000090: 00 00 00 00 00 00 00 00 00 00 69 70 76 6c 61 6e\n[ 67.884704] skb frag: 000000a0: 31 00 00 00 00 00 00 00 00 00 2b 00 00 00 00 00\n[ 67.885139] skb frag: 000000b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.885677] skb frag: 000000c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.886042] skb frag: 000000d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.886408] skb frag: 000000e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.887020] skb frag: 000000f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.887384] skb frag: 00000100: 00 00\n[ 67.887878] ------------[ cut here ]------------\n[ 67.887908] offset (-6) \u003e= skb_headlen() (14)\n[ 67.888445] WARNING: CPU: 10 PID: 2088 at net/core/dev.c:3332 skb_checksum_help (net/core/dev.c:3332 (discriminator 2))\n[ 67.889353] Modules linked in: macsec macvtap macvlan hsr wireguard curve25519_x86_64 libcurve25519_generic libchacha20poly1305 chacha_x86_64 libchacha poly1305_x86_64 dummy bridge sr_mod cdrom evdev pcspkr i2c_piix4 9pnet_virtio 9p 9pnet netfs\n[ 67.890111] CPU: 10 UID: 0 PID: 2088 Comm: b363492833 Not tainted 6.11.0-virtme #1011\n[ 67.890183] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 67.890309] RIP: 0010:skb_checksum_help (net/core/dev.c:3332 (discriminator 2))\n[ 67.891043] Call Trace:\n[ 67.891173] \u003cTASK\u003e\n[ 67.891274] ? __warn (kernel/panic.c:741)\n[ 67.891320] ? skb_checksum_help (net/core/dev.c:3332 (discriminator 2))\n[ 67.891333] ? report_bug (lib/bug.c:180 lib/bug.c:219)\n[ 67.891348] ? handle_bug (arch/x86/kernel/traps.c:239)\n[ 67.891363] ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminator 1))\n[ 67.891372] ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621)\n[ 67.891388] ? skb_checksum_help (net/core/dev.c:3332 (discriminator 2))\n[ 67.891399] ? skb_checksum_help (net/core/dev.c:3332 (discriminator 2))\n[ 67.891416] ip_do_fragment (net/ipv4/ip_output.c:777 (discriminator 1))\n[ 67.891448] ? __ip_local_out (./include/linux/skbuff.h:1146 ./include/net/l3mdev.h:196 ./include/net/l3mdev.h:213 ne\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49947",
"url": "https://www.suse.com/security/cve/CVE-2024-49947"
},
{
"category": "external",
"summary": "SUSE Bug 1232162 for CVE-2024-49947",
"url": "https://bugzilla.suse.com/1232162"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49947"
},
{
"cve": "CVE-2024-49949",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49949"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: avoid potential underflow in qdisc_pkt_len_init() with UFO\n\nAfter commit 7c6d2ecbda83 (\"net: be more gentle about silly gso\nrequests coming from user\") virtio_net_hdr_to_skb() had sanity check\nto detect malicious attempts from user space to cook a bad GSO packet.\n\nThen commit cf9acc90c80ec (\"net: virtio_net_hdr_to_skb: count\ntransport header in UFO\") while fixing one issue, allowed user space\nto cook a GSO packet with the following characteristic :\n\nIPv4 SKB_GSO_UDP, gso_size=3, skb-\u003elen = 28.\n\nWhen this packet arrives in qdisc_pkt_len_init(), we end up\nwith hdr_len = 28 (IPv4 header + UDP header), matching skb-\u003elen\n\nThen the following sets gso_segs to 0 :\n\ngso_segs = DIV_ROUND_UP(skb-\u003elen - hdr_len,\n shinfo-\u003egso_size);\n\nThen later we set qdisc_skb_cb(skb)-\u003epkt_len to back to zero :/\n\nqdisc_skb_cb(skb)-\u003epkt_len += (gso_segs - 1) * hdr_len;\n\nThis leads to the following crash in fq_codel [1]\n\nqdisc_pkt_len_init() is best effort, we only want an estimation\nof the bytes sent on the wire, not crashing the kernel.\n\nThis patch is fixing this particular issue, a following one\nadds more sanity checks for another potential bug.\n\n[1]\n[ 70.724101] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 70.724561] #PF: supervisor read access in kernel mode\n[ 70.724561] #PF: error_code(0x0000) - not-present page\n[ 70.724561] PGD 10ac61067 P4D 10ac61067 PUD 107ee2067 PMD 0\n[ 70.724561] Oops: Oops: 0000 [#1] SMP NOPTI\n[ 70.724561] CPU: 11 UID: 0 PID: 2163 Comm: b358537762 Not tainted 6.11.0-virtme #991\n[ 70.724561] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 70.724561] RIP: 0010:fq_codel_enqueue (net/sched/sch_fq_codel.c:120 net/sched/sch_fq_codel.c:168 net/sched/sch_fq_codel.c:230) sch_fq_codel\n[ 70.724561] Code: 24 08 49 c1 e1 06 44 89 7c 24 18 45 31 ed 45 31 c0 31 ff 89 44 24 14 4c 03 8b 90 01 00 00 eb 04 39 ca 73 37 4d 8b 39 83 c7 01 \u003c49\u003e 8b 17 49 89 11 41 8b 57 28 45 8b 5f 34 49 c7 07 00 00 00 00 49\nAll code\n========\n 0:\t24 08 \tand $0x8,%al\n 2:\t49 c1 e1 06 \tshl $0x6,%r9\n 6:\t44 89 7c 24 18 \tmov %r15d,0x18(%rsp)\n b:\t45 31 ed \txor %r13d,%r13d\n e:\t45 31 c0 \txor %r8d,%r8d\n 11:\t31 ff \txor %edi,%edi\n 13:\t89 44 24 14 \tmov %eax,0x14(%rsp)\n 17:\t4c 03 8b 90 01 00 00 \tadd 0x190(%rbx),%r9\n 1e:\teb 04 \tjmp 0x24\n 20:\t39 ca \tcmp %ecx,%edx\n 22:\t73 37 \tjae 0x5b\n 24:\t4d 8b 39 \tmov (%r9),%r15\n 27:\t83 c7 01 \tadd $0x1,%edi\n 2a:*\t49 8b 17 \tmov (%r15),%rdx\t\t\u003c-- trapping instruction\n 2d:\t49 89 11 \tmov %rdx,(%r9)\n 30:\t41 8b 57 28 \tmov 0x28(%r15),%edx\n 34:\t45 8b 5f 34 \tmov 0x34(%r15),%r11d\n 38:\t49 c7 07 00 00 00 00 \tmovq $0x0,(%r15)\n 3f:\t49 \trex.WB\n\nCode starting with the faulting instruction\n===========================================\n 0:\t49 8b 17 \tmov (%r15),%rdx\n 3:\t49 89 11 \tmov %rdx,(%r9)\n 6:\t41 8b 57 28 \tmov 0x28(%r15),%edx\n a:\t45 8b 5f 34 \tmov 0x34(%r15),%r11d\n e:\t49 c7 07 00 00 00 00 \tmovq $0x0,(%r15)\n 15:\t49 \trex.WB\n[ 70.724561] RSP: 0018:ffff95ae85e6fb90 EFLAGS: 00000202\n[ 70.724561] RAX: 0000000002000000 RBX: ffff95ae841de000 RCX: 0000000000000000\n[ 70.724561] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001\n[ 70.724561] RBP: ffff95ae85e6fbf8 R08: 0000000000000000 R09: ffff95b710a30000\n[ 70.724561] R10: 0000000000000000 R11: bdf289445ce31881 R12: ffff95ae85e6fc58\n[ 70.724561] R13: 0000000000000000 R14: 0000000000000040 R15: 0000000000000000\n[ 70.724561] FS: 000000002c5c1380(0000) GS:ffff95bd7fcc0000(0000) knlGS:0000000000000000\n[ 70.724561] CS: 0010 DS: 0000 ES: 0000 C\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49949",
"url": "https://www.suse.com/security/cve/CVE-2024-49949"
},
{
"category": "external",
"summary": "SUSE Bug 1232160 for CVE-2024-49949",
"url": "https://bugzilla.suse.com/1232160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49949"
},
{
"cve": "CVE-2024-49950",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49950"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix uaf in l2cap_connect\n\n[Syzbot reported]\nBUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\nRead of size 8 at addr ffff8880241e9800 by task kworker/u9:0/54\n\nCPU: 0 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.11.0-rc6-syzkaller-00268-g788220eee30d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nWorkqueue: hci2 hci_rx_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\n l2cap_connect_req net/bluetooth/l2cap_core.c:4080 [inline]\n l2cap_bredr_sig_cmd net/bluetooth/l2cap_core.c:4772 [inline]\n l2cap_sig_channel net/bluetooth/l2cap_core.c:5543 [inline]\n l2cap_recv_frame+0xf0b/0x8eb0 net/bluetooth/l2cap_core.c:6825\n l2cap_recv_acldata+0x9b4/0xb70 net/bluetooth/l2cap_core.c:7514\n hci_acldata_packet net/bluetooth/hci_core.c:3791 [inline]\n hci_rx_work+0xaab/0x1610 net/bluetooth/hci_core.c:4028\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n...\n\nFreed by task 5245:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579\n poison_slab_object+0xf7/0x160 mm/kasan/common.c:240\n __kasan_slab_free+0x32/0x50 mm/kasan/common.c:256\n kasan_slab_free include/linux/kasan.h:184 [inline]\n slab_free_hook mm/slub.c:2256 [inline]\n slab_free mm/slub.c:4477 [inline]\n kfree+0x12a/0x3b0 mm/slub.c:4598\n l2cap_conn_free net/bluetooth/l2cap_core.c:1810 [inline]\n kref_put include/linux/kref.h:65 [inline]\n l2cap_conn_put net/bluetooth/l2cap_core.c:1822 [inline]\n l2cap_conn_del+0x59d/0x730 net/bluetooth/l2cap_core.c:1802\n l2cap_connect_cfm+0x9e6/0xf80 net/bluetooth/l2cap_core.c:7241\n hci_connect_cfm include/net/bluetooth/hci_core.h:1960 [inline]\n hci_conn_failed+0x1c3/0x370 net/bluetooth/hci_conn.c:1265\n hci_abort_conn_sync+0x75a/0xb50 net/bluetooth/hci_sync.c:5583\n abort_conn_sync+0x197/0x360 net/bluetooth/hci_conn.c:2917\n hci_cmd_sync_work+0x1a4/0x410 net/bluetooth/hci_sync.c:328\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49950",
"url": "https://www.suse.com/security/cve/CVE-2024-49950"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-49950",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232159 for CVE-2024-49950",
"url": "https://bugzilla.suse.com/1232159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49950"
},
{
"cve": "CVE-2024-49952",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49952"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: prevent nf_skb_duplicated corruption\n\nsyzbot found that nf_dup_ipv4() or nf_dup_ipv6() could write\nper-cpu variable nf_skb_duplicated in an unsafe way [1].\n\nDisabling preemption as hinted by the splat is not enough,\nwe have to disable soft interrupts as well.\n\n[1]\nBUG: using __this_cpu_write() in preemptible [00000000] code: syz.4.282/6316\n caller is nf_dup_ipv4+0x651/0x8f0 net/ipv4/netfilter/nf_dup_ipv4.c:87\nCPU: 0 UID: 0 PID: 6316 Comm: syz.4.282 Not tainted 6.11.0-rc7-syzkaller-00104-g7052622fccb1 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n check_preemption_disabled+0x10e/0x120 lib/smp_processor_id.c:49\n nf_dup_ipv4+0x651/0x8f0 net/ipv4/netfilter/nf_dup_ipv4.c:87\n nft_dup_ipv4_eval+0x1db/0x300 net/ipv4/netfilter/nft_dup_ipv4.c:30\n expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]\n nft_do_chain+0x4ad/0x1da0 net/netfilter/nf_tables_core.c:288\n nft_do_chain_ipv4+0x202/0x320 net/netfilter/nft_chain_filter.c:23\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626\n nf_hook+0x2c4/0x450 include/linux/netfilter.h:269\n NF_HOOK_COND include/linux/netfilter.h:302 [inline]\n ip_output+0x185/0x230 net/ipv4/ip_output.c:433\n ip_local_out net/ipv4/ip_output.c:129 [inline]\n ip_send_skb+0x74/0x100 net/ipv4/ip_output.c:1495\n udp_send_skb+0xacf/0x1650 net/ipv4/udp.c:981\n udp_sendmsg+0x1c21/0x2a60 net/ipv4/udp.c:1269\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x1a6/0x270 net/socket.c:745\n ____sys_sendmsg+0x525/0x7d0 net/socket.c:2597\n ___sys_sendmsg net/socket.c:2651 [inline]\n __sys_sendmmsg+0x3b2/0x740 net/socket.c:2737\n __do_sys_sendmmsg net/socket.c:2766 [inline]\n __se_sys_sendmmsg net/socket.c:2763 [inline]\n __x64_sys_sendmmsg+0xa0/0xb0 net/socket.c:2763\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f4ce4f7def9\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f4ce5d4a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133\nRAX: ffffffffffffffda RBX: 00007f4ce5135f80 RCX: 00007f4ce4f7def9\nRDX: 0000000000000001 RSI: 0000000020005d40 RDI: 0000000000000006\nRBP: 00007f4ce4ff0b76 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007f4ce5135f80 R15: 00007ffd4cbc6d68\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49952",
"url": "https://www.suse.com/security/cve/CVE-2024-49952"
},
{
"category": "external",
"summary": "SUSE Bug 1232157 for CVE-2024-49952",
"url": "https://bugzilla.suse.com/1232157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49952"
},
{
"cve": "CVE-2024-49953",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49953"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice\n\nThe km.state is not checked in driver\u0027s delayed work. When\nxfrm_state_check_expire() is called, the state can be reset to\nXFRM_STATE_EXPIRED, even if it is XFRM_STATE_DEAD already. This\nhappens when xfrm state is deleted, but not freed yet. As\n__xfrm_state_delete() is called again in xfrm timer, the following\ncrash occurs.\n\nTo fix this issue, skip xfrm_state_check_expire() if km.state is not\nXFRM_STATE_VALID.\n\n Oops: general protection fault, probably for non-canonical address 0xdead000000000108: 0000 [#1] SMP\n CPU: 5 UID: 0 PID: 7448 Comm: kworker/u102:2 Not tainted 6.11.0-rc2+ #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Workqueue: mlx5e_ipsec: eth%d mlx5e_ipsec_handle_sw_limits [mlx5_core]\n RIP: 0010:__xfrm_state_delete+0x3d/0x1b0\n Code: 0f 84 8b 01 00 00 48 89 fd c6 87 c8 00 00 00 05 48 8d bb 40 10 00 00 e8 11 04 1a 00 48 8b 95 b8 00 00 00 48 8b 85 c0 00 00 00 \u003c48\u003e 89 42 08 48 89 10 48 8b 55 10 48 b8 00 01 00 00 00 00 ad de 48\n RSP: 0018:ffff88885f945ec8 EFLAGS: 00010246\n RAX: dead000000000122 RBX: ffffffff82afa940 RCX: 0000000000000036\n RDX: dead000000000100 RSI: 0000000000000000 RDI: ffffffff82afb980\n RBP: ffff888109a20340 R08: ffff88885f945ea0 R09: 0000000000000000\n R10: 0000000000000000 R11: ffff88885f945ff8 R12: 0000000000000246\n R13: ffff888109a20340 R14: ffff88885f95f420 R15: ffff88885f95f400\n FS: 0000000000000000(0000) GS:ffff88885f940000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f2163102430 CR3: 00000001128d6001 CR4: 0000000000370eb0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cIRQ\u003e\n ? die_addr+0x33/0x90\n ? exc_general_protection+0x1a2/0x390\n ? asm_exc_general_protection+0x22/0x30\n ? __xfrm_state_delete+0x3d/0x1b0\n ? __xfrm_state_delete+0x2f/0x1b0\n xfrm_timer_handler+0x174/0x350\n ? __xfrm_state_delete+0x1b0/0x1b0\n __hrtimer_run_queues+0x121/0x270\n hrtimer_run_softirq+0x88/0xd0\n handle_softirqs+0xcc/0x270\n do_softirq+0x3c/0x50\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n __local_bh_enable_ip+0x47/0x50\n mlx5e_ipsec_handle_sw_limits+0x7d/0x90 [mlx5_core]\n process_one_work+0x137/0x2d0\n worker_thread+0x28d/0x3a0\n ? rescuer_thread+0x480/0x480\n kthread+0xb8/0xe0\n ? kthread_park+0x80/0x80\n ret_from_fork+0x2d/0x50\n ? kthread_park+0x80/0x80\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49953",
"url": "https://www.suse.com/security/cve/CVE-2024-49953"
},
{
"category": "external",
"summary": "SUSE Bug 1232156 for CVE-2024-49953",
"url": "https://bugzilla.suse.com/1232156"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49953"
},
{
"cve": "CVE-2024-49954",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49954"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstatic_call: Replace pointless WARN_ON() in static_call_module_notify()\n\nstatic_call_module_notify() triggers a WARN_ON(), when memory allocation\nfails in __static_call_add_module().\n\nThat\u0027s not really justified, because the failure case must be correctly\nhandled by the well known call chain and the error code is passed\nthrough to the initiating userspace application.\n\nA memory allocation fail is not a fatal problem, but the WARN_ON() takes\nthe machine out when panic_on_warn is set.\n\nReplace it with a pr_warn().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49954",
"url": "https://www.suse.com/security/cve/CVE-2024-49954"
},
{
"category": "external",
"summary": "SUSE Bug 1232155 for CVE-2024-49954",
"url": "https://bugzilla.suse.com/1232155"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49954"
},
{
"cve": "CVE-2024-49955",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49955"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: battery: Fix possible crash when unregistering a battery hook\n\nWhen a battery hook returns an error when adding a new battery, then\nthe battery hook is automatically unregistered.\nHowever the battery hook provider cannot know that, so it will later\ncall battery_hook_unregister() on the already unregistered battery\nhook, resulting in a crash.\n\nFix this by using the list head to mark already unregistered battery\nhooks as already being unregistered so that they can be ignored by\nbattery_hook_unregister().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49955",
"url": "https://www.suse.com/security/cve/CVE-2024-49955"
},
{
"category": "external",
"summary": "SUSE Bug 1232154 for CVE-2024-49955",
"url": "https://bugzilla.suse.com/1232154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49955"
},
{
"cve": "CVE-2024-49957",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49957"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix null-ptr-deref when journal load failed.\n\nDuring the mounting process, if journal_reset() fails because of too short\njournal, then lead to jbd2_journal_load() fails with NULL j_sb_buffer. \nSubsequently, ocfs2_journal_shutdown() calls\njbd2_journal_flush()-\u003ejbd2_cleanup_journal_tail()-\u003e\n__jbd2_update_log_tail()-\u003ejbd2_journal_update_sb_log_tail()\n-\u003elock_buffer(journal-\u003ej_sb_buffer), resulting in a null-pointer\ndereference error.\n\nTo resolve this issue, we should check the JBD2_LOADED flag to ensure the\njournal was properly loaded. Additionally, use journal instead of\nosb-\u003ejournal directly to simplify the code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49957",
"url": "https://www.suse.com/security/cve/CVE-2024-49957"
},
{
"category": "external",
"summary": "SUSE Bug 1232152 for CVE-2024-49957",
"url": "https://bugzilla.suse.com/1232152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49957"
},
{
"cve": "CVE-2024-49958",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49958"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: reserve space for inline xattr before attaching reflink tree\n\nOne of our customers reported a crash and a corrupted ocfs2 filesystem. \nThe crash was due to the detection of corruption. Upon troubleshooting,\nthe fsck -fn output showed the below corruption\n\n[EXTENT_LIST_FREE] Extent list in owner 33080590 claims 230 as the next free chain record,\nbut fsck believes the largest valid value is 227. Clamp the next record value? n\n\nThe stat output from the debugfs.ocfs2 showed the following corruption\nwhere the \"Next Free Rec:\" had overshot the \"Count:\" in the root metadata\nblock.\n\n Inode: 33080590 Mode: 0640 Generation: 2619713622 (0x9c25a856)\n FS Generation: 904309833 (0x35e6ac49)\n CRC32: 00000000 ECC: 0000\n Type: Regular Attr: 0x0 Flags: Valid\n Dynamic Features: (0x16) HasXattr InlineXattr Refcounted\n Extended Attributes Block: 0 Extended Attributes Inline Size: 256\n User: 0 (root) Group: 0 (root) Size: 281320357888\n Links: 1 Clusters: 141738\n ctime: 0x66911b56 0x316edcb8 -- Fri Jul 12 06:02:30.829349048 2024\n atime: 0x66911d6b 0x7f7a28d -- Fri Jul 12 06:11:23.133669517 2024\n mtime: 0x66911b56 0x12ed75d7 -- Fri Jul 12 06:02:30.317552087 2024\n dtime: 0x0 -- Wed Dec 31 17:00:00 1969\n Refcount Block: 2777346\n Last Extblk: 2886943 Orphan Slot: 0\n Sub Alloc Slot: 0 Sub Alloc Bit: 14\n Tree Depth: 1 Count: 227 Next Free Rec: 230\n ## Offset Clusters Block#\n 0 0 2310 2776351\n 1 2310 2139 2777375\n 2 4449 1221 2778399\n 3 5670 731 2779423\n 4 6401 566 2780447\n ....... .... .......\n ....... .... .......\n\nThe issue was in the reflink workfow while reserving space for inline\nxattr. The problematic function is ocfs2_reflink_xattr_inline(). By the\ntime this function is called the reflink tree is already recreated at the\ndestination inode from the source inode. At this point, this function\nreserves space for inline xattrs at the destination inode without even\nchecking if there is space at the root metadata block. It simply reduces\nthe l_count from 243 to 227 thereby making space of 256 bytes for inline\nxattr whereas the inode already has extents beyond this index (in this\ncase up to 230), thereby causing corruption.\n\nThe fix for this is to reserve space for inline metadata at the destination\ninode before the reflink tree gets recreated. The customer has verified the\nfix.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49958",
"url": "https://www.suse.com/security/cve/CVE-2024-49958"
},
{
"category": "external",
"summary": "SUSE Bug 1232151 for CVE-2024-49958",
"url": "https://bugzilla.suse.com/1232151"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49958"
},
{
"cve": "CVE-2024-49959",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49959"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error\n\nIn __jbd2_log_wait_for_space(), we might call jbd2_cleanup_journal_tail()\nto recover some journal space. But if an error occurs while executing\njbd2_cleanup_journal_tail() (e.g., an EIO), we don\u0027t stop waiting for free\nspace right away, we try other branches, and if j_committing_transaction\nis NULL (i.e., the tid is 0), we will get the following complain:\n\n============================================\nJBD2: I/O error when updating journal superblock for sdd-8.\n__jbd2_log_wait_for_space: needed 256 blocks and only had 217 space available\n__jbd2_log_wait_for_space: no way to get more journal space in sdd-8\n------------[ cut here ]------------\nWARNING: CPU: 2 PID: 139804 at fs/jbd2/checkpoint.c:109 __jbd2_log_wait_for_space+0x251/0x2e0\nModules linked in:\nCPU: 2 PID: 139804 Comm: kworker/u8:3 Not tainted 6.6.0+ #1\nRIP: 0010:__jbd2_log_wait_for_space+0x251/0x2e0\nCall Trace:\n \u003cTASK\u003e\n add_transaction_credits+0x5d1/0x5e0\n start_this_handle+0x1ef/0x6a0\n jbd2__journal_start+0x18b/0x340\n ext4_dirty_inode+0x5d/0xb0\n __mark_inode_dirty+0xe4/0x5d0\n generic_update_time+0x60/0x70\n[...]\n============================================\n\nSo only if jbd2_cleanup_journal_tail() returns 1, i.e., there is nothing to\nclean up at the moment, continue to try to reclaim free space in other ways.\n\nNote that this fix relies on commit 6f6a6fda2945 (\"jbd2: fix ocfs2 corrupt\nwhen updating journal superblock fails\") to make jbd2_cleanup_journal_tail\nreturn the correct error code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49959",
"url": "https://www.suse.com/security/cve/CVE-2024-49959"
},
{
"category": "external",
"summary": "SUSE Bug 1232149 for CVE-2024-49959",
"url": "https://bugzilla.suse.com/1232149"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49959"
},
{
"cve": "CVE-2024-49960",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49960"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix timer use-after-free on failed mount\n\nSyzbot has found an ODEBUG bug in ext4_fill_super\n\nThe del_timer_sync function cancels the s_err_report timer,\nwhich reminds about filesystem errors daily. We should\nguarantee the timer is no longer active before kfree(sbi).\n\nWhen filesystem mounting fails, the flow goes to failed_mount3,\nwhere an error occurs when ext4_stop_mmpd is called, causing\na read I/O failure. This triggers the ext4_handle_error function\nthat ultimately re-arms the timer,\nleaving the s_err_report timer active before kfree(sbi) is called.\n\nFix the issue by canceling the s_err_report timer after calling ext4_stop_mmpd.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49960",
"url": "https://www.suse.com/security/cve/CVE-2024-49960"
},
{
"category": "external",
"summary": "SUSE Bug 1232395 for CVE-2024-49960",
"url": "https://bugzilla.suse.com/1232395"
},
{
"category": "external",
"summary": "SUSE Bug 1232803 for CVE-2024-49960",
"url": "https://bugzilla.suse.com/1232803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49960"
},
{
"cve": "CVE-2024-49961",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49961"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c: ar0521: Use cansleep version of gpiod_set_value()\n\nIf we use GPIO reset from I2C port expander, we must use *_cansleep()\nvariant of GPIO functions.\nThis was not done in ar0521_power_on()/ar0521_power_off() functions.\nLet\u0027s fix that.\n\n------------[ cut here ]------------\nWARNING: CPU: 0 PID: 11 at drivers/gpio/gpiolib.c:3496 gpiod_set_value+0x74/0x7c\nModules linked in:\nCPU: 0 PID: 11 Comm: kworker/u16:0 Not tainted 6.10.0 #53\nHardware name: Diasom DS-RK3568-SOM-EVB (DT)\nWorkqueue: events_unbound deferred_probe_work_func\npstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : gpiod_set_value+0x74/0x7c\nlr : ar0521_power_on+0xcc/0x290\nsp : ffffff8001d7ab70\nx29: ffffff8001d7ab70 x28: ffffff80027dcc90 x27: ffffff8003c82000\nx26: ffffff8003ca9250 x25: ffffffc080a39c60 x24: ffffff8003ca9088\nx23: ffffff8002402720 x22: ffffff8003ca9080 x21: ffffff8003ca9088\nx20: 0000000000000000 x19: ffffff8001eb2a00 x18: ffffff80efeeac80\nx17: 756d2d6332692f30 x16: 0000000000000000 x15: 0000000000000000\nx14: ffffff8001d91d40 x13: 0000000000000016 x12: ffffffc080e98930\nx11: ffffff8001eb2880 x10: 0000000000000890 x9 : ffffff8001d7a9f0\nx8 : ffffff8001d92570 x7 : ffffff80efeeac80 x6 : 000000003fc6e780\nx5 : ffffff8001d91c80 x4 : 0000000000000002 x3 : 0000000000000000\nx2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000001\nCall trace:\n gpiod_set_value+0x74/0x7c\n ar0521_power_on+0xcc/0x290\n...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49961",
"url": "https://www.suse.com/security/cve/CVE-2024-49961"
},
{
"category": "external",
"summary": "SUSE Bug 1232148 for CVE-2024-49961",
"url": "https://bugzilla.suse.com/1232148"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49961"
},
{
"cve": "CVE-2024-49962",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49962"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package()\n\nACPICA commit 4d4547cf13cca820ff7e0f859ba83e1a610b9fd0\n\nACPI_ALLOCATE_ZEROED() may fail, elements might be NULL and will cause\nNULL pointer dereference later.\n\n[ rjw: Subject and changelog edits ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49962",
"url": "https://www.suse.com/security/cve/CVE-2024-49962"
},
{
"category": "external",
"summary": "SUSE Bug 1232314 for CVE-2024-49962",
"url": "https://bugzilla.suse.com/1232314"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49962"
},
{
"cve": "CVE-2024-49963",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49963"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmailbox: bcm2835: Fix timeout during suspend mode\n\nDuring noirq suspend phase the Raspberry Pi power driver suffer of\nfirmware property timeouts. The reason is that the IRQ of the underlying\nBCM2835 mailbox is disabled and rpi_firmware_property_list() will always\nrun into a timeout [1].\n\nSince the VideoCore side isn\u0027t consider as a wakeup source, set the\nIRQF_NO_SUSPEND flag for the mailbox IRQ in order to keep it enabled\nduring suspend-resume cycle.\n\n[1]\nPM: late suspend of devices complete after 1.754 msecs\nWARNING: CPU: 0 PID: 438 at drivers/firmware/raspberrypi.c:128\n rpi_firmware_property_list+0x204/0x22c\nFirmware transaction 0x00028001 timeout\nModules linked in:\nCPU: 0 PID: 438 Comm: bash Tainted: G C 6.9.3-dirty #17\nHardware name: BCM2835\nCall trace:\nunwind_backtrace from show_stack+0x18/0x1c\nshow_stack from dump_stack_lvl+0x34/0x44\ndump_stack_lvl from __warn+0x88/0xec\n__warn from warn_slowpath_fmt+0x7c/0xb0\nwarn_slowpath_fmt from rpi_firmware_property_list+0x204/0x22c\nrpi_firmware_property_list from rpi_firmware_property+0x68/0x8c\nrpi_firmware_property from rpi_firmware_set_power+0x54/0xc0\nrpi_firmware_set_power from _genpd_power_off+0xe4/0x148\n_genpd_power_off from genpd_sync_power_off+0x7c/0x11c\ngenpd_sync_power_off from genpd_finish_suspend+0xcc/0xe0\ngenpd_finish_suspend from dpm_run_callback+0x78/0xd0\ndpm_run_callback from device_suspend_noirq+0xc0/0x238\ndevice_suspend_noirq from dpm_suspend_noirq+0xb0/0x168\ndpm_suspend_noirq from suspend_devices_and_enter+0x1b8/0x5ac\nsuspend_devices_and_enter from pm_suspend+0x254/0x2e4\npm_suspend from state_store+0xa8/0xd4\nstate_store from kernfs_fop_write_iter+0x154/0x1a0\nkernfs_fop_write_iter from vfs_write+0x12c/0x184\nvfs_write from ksys_write+0x78/0xc0\nksys_write from ret_fast_syscall+0x0/0x54\nException stack(0xcc93dfa8 to 0xcc93dff0)\n[...]\nPM: noirq suspend of devices complete after 3095.584 msecs",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49963",
"url": "https://www.suse.com/security/cve/CVE-2024-49963"
},
{
"category": "external",
"summary": "SUSE Bug 1232147 for CVE-2024-49963",
"url": "https://bugzilla.suse.com/1232147"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49963"
},
{
"cve": "CVE-2024-49965",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49965"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: remove unreasonable unlock in ocfs2_read_blocks\n\nPatch series \"Misc fixes for ocfs2_read_blocks\", v5.\n\nThis series contains 2 fixes for ocfs2_read_blocks(). The first patch fix\nthe issue reported by syzbot, which detects bad unlock balance in\nocfs2_read_blocks(). The second patch fixes an issue reported by Heming\nZhao when reviewing above fix.\n\n\nThis patch (of 2):\n\nThere was a lock release before exiting, so remove the unreasonable unlock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49965",
"url": "https://www.suse.com/security/cve/CVE-2024-49965"
},
{
"category": "external",
"summary": "SUSE Bug 1232142 for CVE-2024-49965",
"url": "https://bugzilla.suse.com/1232142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49965"
},
{
"cve": "CVE-2024-49966",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49966"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: cancel dqi_sync_work before freeing oinfo\n\nocfs2_global_read_info() will initialize and schedule dqi_sync_work at the\nend, if error occurs after successfully reading global quota, it will\ntrigger the following warning with CONFIG_DEBUG_OBJECTS_* enabled:\n\nODEBUG: free active (active state 0) object: 00000000d8b0ce28 object type: timer_list hint: qsync_work_fn+0x0/0x16c\n\nThis reports that there is an active delayed work when freeing oinfo in\nerror handling, so cancel dqi_sync_work first. BTW, return status instead\nof -1 when .read_file_info fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49966",
"url": "https://www.suse.com/security/cve/CVE-2024-49966"
},
{
"category": "external",
"summary": "SUSE Bug 1232141 for CVE-2024-49966",
"url": "https://bugzilla.suse.com/1232141"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49966"
},
{
"cve": "CVE-2024-49967",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49967"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49967",
"url": "https://www.suse.com/security/cve/CVE-2024-49967"
},
{
"category": "external",
"summary": "SUSE Bug 1232140 for CVE-2024-49967",
"url": "https://bugzilla.suse.com/1232140"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49967"
},
{
"cve": "CVE-2024-49968",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49968"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: filesystems without casefold feature cannot be mounted with siphash\n\nWhen mounting the ext4 filesystem, if the default hash version is set to\nDX_HASH_SIPHASH but the casefold feature is not set, exit the mounting.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49968",
"url": "https://www.suse.com/security/cve/CVE-2024-49968"
},
{
"category": "external",
"summary": "SUSE Bug 1232264 for CVE-2024-49968",
"url": "https://bugzilla.suse.com/1232264"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49968"
},
{
"cve": "CVE-2024-49969",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49969"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix index out of bounds in DCN30 color transformation\n\nThis commit addresses a potential index out of bounds issue in the\n`cm3_helper_translate_curve_to_hw_format` function in the DCN30 color\nmanagement module. The issue could occur when the index \u0027i\u0027 exceeds the\nnumber of transfer function points (TRANSFER_FUNC_POINTS).\n\nThe fix adds a check to ensure \u0027i\u0027 is within bounds before accessing the\ntransfer function points. If \u0027i\u0027 is out of bounds, the function returns\nfalse to indicate an error.\n\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:180 cm3_helper_translate_curve_to_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.red\u0027 1025 \u003c= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:181 cm3_helper_translate_curve_to_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.green\u0027 1025 \u003c= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:182 cm3_helper_translate_curve_to_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.blue\u0027 1025 \u003c= s32max",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49969",
"url": "https://www.suse.com/security/cve/CVE-2024-49969"
},
{
"category": "external",
"summary": "SUSE Bug 1232519 for CVE-2024-49969",
"url": "https://bugzilla.suse.com/1232519"
},
{
"category": "external",
"summary": "SUSE Bug 1232524 for CVE-2024-49969",
"url": "https://bugzilla.suse.com/1232524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-49969"
},
{
"cve": "CVE-2024-49972",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49972"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Deallocate DML memory if allocation fails\n\n[Why]\nWhen DC state create DML memory allocation fails, memory is not\ndeallocated subsequently, resulting in uninitialized structure\nthat is not NULL.\n\n[How]\nDeallocate memory if DML memory allocation fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49972",
"url": "https://www.suse.com/security/cve/CVE-2024-49972"
},
{
"category": "external",
"summary": "SUSE Bug 1232315 for CVE-2024-49972",
"url": "https://bugzilla.suse.com/1232315"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49972"
},
{
"cve": "CVE-2024-49973",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49973"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nr8169: add tally counter fields added with RTL8125\n\nRTL8125 added fields to the tally counter, what may result in the chip\ndma\u0027ing these new fields to unallocated memory. Therefore make sure\nthat the allocated memory area is big enough to hold all of the\ntally counter values, even if we use only parts of it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49973",
"url": "https://www.suse.com/security/cve/CVE-2024-49973"
},
{
"category": "external",
"summary": "SUSE Bug 1232105 for CVE-2024-49973",
"url": "https://bugzilla.suse.com/1232105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49973"
},
{
"cve": "CVE-2024-49974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49974"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Limit the number of concurrent async COPY operations\n\nNothing appears to limit the number of concurrent async COPY\noperations that clients can start. In addition, AFAICT each async\nCOPY can copy an unlimited number of 4MB chunks, so can run for a\nlong time. Thus IMO async COPY can become a DoS vector.\n\nAdd a restriction mechanism that bounds the number of concurrent\nbackground COPY operations. Start simple and try to be fair -- this\npatch implements a per-namespace limit.\n\nAn async COPY request that occurs while this limit is exceeded gets\nNFS4ERR_DELAY. The requesting client can choose to send the request\nagain after a delay or fall back to a traditional read/write style\ncopy.\n\nIf there is need to make the mechanism more sophisticated, we can\nvisit that in future patches.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49974",
"url": "https://www.suse.com/security/cve/CVE-2024-49974"
},
{
"category": "external",
"summary": "SUSE Bug 1232383 for CVE-2024-49974",
"url": "https://bugzilla.suse.com/1232383"
},
{
"category": "external",
"summary": "SUSE Bug 1232384 for CVE-2024-49974",
"url": "https://bugzilla.suse.com/1232384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-49974"
},
{
"cve": "CVE-2024-49975",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49975"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nuprobes: fix kernel info leak via \"[uprobes]\" vma\n\nxol_add_vma() maps the uninitialized page allocated by __create_xol_area()\ninto userspace. On some architectures (x86) this memory is readable even\nwithout VM_READ, VM_EXEC results in the same pgprot_t as VM_EXEC|VM_READ,\nalthough this doesn\u0027t really matter, debugger can read this memory anyway.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49975",
"url": "https://www.suse.com/security/cve/CVE-2024-49975"
},
{
"category": "external",
"summary": "SUSE Bug 1232104 for CVE-2024-49975",
"url": "https://bugzilla.suse.com/1232104"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49975"
},
{
"cve": "CVE-2024-49976",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49976"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/timerlat: Drop interface_lock in stop_kthread()\n\nstop_kthread() is the offline callback for \"trace/osnoise:online\", since\ncommit 5bfbcd1ee57b (\"tracing/timerlat: Add interface_lock around clearing\nof kthread in stop_kthread()\"), the following ABBA deadlock scenario is\nintroduced:\n\nT1 | T2 [BP] | T3 [AP]\nosnoise_hotplug_workfn() | work_for_cpu_fn() | cpuhp_thread_fun()\n | _cpu_down() | osnoise_cpu_die()\n mutex_lock(\u0026interface_lock) | | stop_kthread()\n | cpus_write_lock() | mutex_lock(\u0026interface_lock)\n cpus_read_lock() | cpuhp_kick_ap() |\n\nAs the interface_lock here in just for protecting the \"kthread\" field of\nthe osn_var, use xchg() instead to fix this issue. Also use\nfor_each_online_cpu() back in stop_per_cpu_kthreads() as it can take\ncpu_read_lock() again.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49976",
"url": "https://www.suse.com/security/cve/CVE-2024-49976"
},
{
"category": "external",
"summary": "SUSE Bug 1232103 for CVE-2024-49976",
"url": "https://bugzilla.suse.com/1232103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49976"
},
{
"cve": "CVE-2024-49981",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49981"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: fix use after free bug in venus_remove due to race condition\n\nin venus_probe, core-\u003ework is bound with venus_sys_error_handler, which is\nused to handle error. The code use core-\u003esys_err_done to make sync work.\nThe core-\u003ework is started in venus_event_notify.\n\nIf we call venus_remove, there might be an unfished work. The possible\nsequence is as follows:\n\nCPU0 CPU1\n\n |venus_sys_error_handler\nvenus_remove |\nhfi_destroy\t \t\t |\nvenus_hfi_destroy\t |\nkfree(hdev);\t |\n |hfi_reinit\n\t\t\t\t\t |venus_hfi_queues_reinit\n |//use hdev\n\nFix it by canceling the work in venus_remove.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49981",
"url": "https://www.suse.com/security/cve/CVE-2024-49981"
},
{
"category": "external",
"summary": "SUSE Bug 1232098 for CVE-2024-49981",
"url": "https://bugzilla.suse.com/1232098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49981"
},
{
"cve": "CVE-2024-49982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49982"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naoe: fix the potential use-after-free problem in more places\n\nFor fixing CVE-2023-6270, f98364e92662 (\"aoe: fix the potential\nuse-after-free problem in aoecmd_cfg_pkts\") makes tx() calling dev_put()\ninstead of doing in aoecmd_cfg_pkts(). It avoids that the tx() runs\ninto use-after-free.\n\nThen Nicolai Stange found more places in aoe have potential use-after-free\nproblem with tx(). e.g. revalidate(), aoecmd_ata_rw(), resend(), probe()\nand aoecmd_cfg_rsp(). Those functions also use aoenet_xmit() to push\npacket to tx queue. So they should also use dev_hold() to increase the\nrefcnt of skb-\u003edev.\n\nOn the other hand, moving dev_put() to tx() causes that the refcnt of\nskb-\u003edev be reduced to a negative value, because corresponding\ndev_hold() are not called in revalidate(), aoecmd_ata_rw(), resend(),\nprobe(), and aoecmd_cfg_rsp(). This patch fixed this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49982",
"url": "https://www.suse.com/security/cve/CVE-2024-49982"
},
{
"category": "external",
"summary": "SUSE Bug 1232097 for CVE-2024-49982",
"url": "https://bugzilla.suse.com/1232097"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49982"
},
{
"cve": "CVE-2024-49983",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49983"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free\n\nWhen calling ext4_force_split_extent_at() in ext4_ext_replay_update_ex(),\nthe \u0027ppath\u0027 is updated but it is the \u0027path\u0027 that is freed, thus potentially\ntriggering a double-free in the following process:\n\next4_ext_replay_update_ex\n ppath = path\n ext4_force_split_extent_at(\u0026ppath)\n ext4_split_extent_at\n ext4_ext_insert_extent\n ext4_ext_create_new_leaf\n ext4_ext_grow_indepth\n ext4_find_extent\n if (depth \u003e path[0].p_maxdepth)\n kfree(path) ---\u003e path First freed\n *orig_path = path = NULL ---\u003e null ppath\n kfree(path) ---\u003e path double-free !!!\n\nSo drop the unnecessary ppath and use path directly to avoid this problem.\nAnd use ext4_find_extent() directly to update path, avoiding unnecessary\nmemory allocation and freeing. Also, propagate the error returned by\next4_find_extent() instead of using strange error codes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49983",
"url": "https://www.suse.com/security/cve/CVE-2024-49983"
},
{
"category": "external",
"summary": "SUSE Bug 1232096 for CVE-2024-49983",
"url": "https://bugzilla.suse.com/1232096"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49983"
},
{
"cve": "CVE-2024-49985",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49985"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume\n\nIn case there is any sort of clock controller attached to this I2C bus\ncontroller, for example Versaclock or even an AIC32x4 I2C codec, then\nan I2C transfer triggered from the clock controller clk_ops .prepare\ncallback may trigger a deadlock on drivers/clk/clk.c prepare_lock mutex.\n\nThis is because the clock controller first grabs the prepare_lock mutex\nand then performs the prepare operation, including its I2C access. The\nI2C access resumes this I2C bus controller via .runtime_resume callback,\nwhich calls clk_prepare_enable(), which attempts to grab the prepare_lock\nmutex again and deadlocks.\n\nSince the clock are already prepared since probe() and unprepared in\nremove(), use simple clk_enable()/clk_disable() calls to enable and\ndisable the clock on runtime suspend and resume, to avoid hitting the\nprepare_lock mutex.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49985",
"url": "https://www.suse.com/security/cve/CVE-2024-49985"
},
{
"category": "external",
"summary": "SUSE Bug 1232094 for CVE-2024-49985",
"url": "https://bugzilla.suse.com/1232094"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49985"
},
{
"cve": "CVE-2024-49986",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49986"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors\n\nx86_android_tablet_remove() frees the pdevs[] array, so it should not\nbe used after calling x86_android_tablet_remove().\n\nWhen platform_device_register() fails, store the pdevs[x] PTR_ERR() value\ninto the local ret variable before calling x86_android_tablet_remove()\nto avoid using pdevs[] after it has been freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49986",
"url": "https://www.suse.com/security/cve/CVE-2024-49986"
},
{
"category": "external",
"summary": "SUSE Bug 1232093 for CVE-2024-49986",
"url": "https://bugzilla.suse.com/1232093"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49986"
},
{
"cve": "CVE-2024-49987",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49987"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpftool: Fix undefined behavior in qsort(NULL, 0, ...)\n\nWhen netfilter has no entry to display, qsort is called with\nqsort(NULL, 0, ...). This results in undefined behavior, as UBSan\nreports:\n\nnet.c:827:2: runtime error: null pointer passed as argument 1, which is declared to never be null\n\nAlthough the C standard does not explicitly state whether calling qsort\nwith a NULL pointer when the size is 0 constitutes undefined behavior,\nSection 7.1.4 of the C standard (Use of library functions) mentions:\n\n\"Each of the following statements applies unless explicitly stated\notherwise in the detailed descriptions that follow: If an argument to a\nfunction has an invalid value (such as a value outside the domain of\nthe function, or a pointer outside the address space of the program, or\na null pointer, or a pointer to non-modifiable storage when the\ncorresponding parameter is not const-qualified) or a type (after\npromotion) not expected by a function with variable number of\narguments, the behavior is undefined.\"\n\nTo avoid this, add an early return when nf_link_info is NULL to prevent\ncalling qsort with a NULL pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49987",
"url": "https://www.suse.com/security/cve/CVE-2024-49987"
},
{
"category": "external",
"summary": "SUSE Bug 1232258 for CVE-2024-49987",
"url": "https://bugzilla.suse.com/1232258"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49987"
},
{
"cve": "CVE-2024-49989",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49989"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix double free issue during amdgpu module unload\n\nFlexible endpoints use DIGs from available inflexible endpoints,\nso only the encoders of inflexible links need to be freed.\nOtherwise, a double free issue may occur when unloading the\namdgpu module.\n\n[ 279.190523] RIP: 0010:__slab_free+0x152/0x2f0\n[ 279.190577] Call Trace:\n[ 279.190580] \u003cTASK\u003e\n[ 279.190582] ? show_regs+0x69/0x80\n[ 279.190590] ? die+0x3b/0x90\n[ 279.190595] ? do_trap+0xc8/0xe0\n[ 279.190601] ? do_error_trap+0x73/0xa0\n[ 279.190605] ? __slab_free+0x152/0x2f0\n[ 279.190609] ? exc_invalid_op+0x56/0x70\n[ 279.190616] ? __slab_free+0x152/0x2f0\n[ 279.190642] ? asm_exc_invalid_op+0x1f/0x30\n[ 279.190648] ? dcn10_link_encoder_destroy+0x19/0x30 [amdgpu]\n[ 279.191096] ? __slab_free+0x152/0x2f0\n[ 279.191102] ? dcn10_link_encoder_destroy+0x19/0x30 [amdgpu]\n[ 279.191469] kfree+0x260/0x2b0\n[ 279.191474] dcn10_link_encoder_destroy+0x19/0x30 [amdgpu]\n[ 279.191821] link_destroy+0xd7/0x130 [amdgpu]\n[ 279.192248] dc_destruct+0x90/0x270 [amdgpu]\n[ 279.192666] dc_destroy+0x19/0x40 [amdgpu]\n[ 279.193020] amdgpu_dm_fini+0x16e/0x200 [amdgpu]\n[ 279.193432] dm_hw_fini+0x26/0x40 [amdgpu]\n[ 279.193795] amdgpu_device_fini_hw+0x24c/0x400 [amdgpu]\n[ 279.194108] amdgpu_driver_unload_kms+0x4f/0x70 [amdgpu]\n[ 279.194436] amdgpu_pci_remove+0x40/0x80 [amdgpu]\n[ 279.194632] pci_device_remove+0x3a/0xa0\n[ 279.194638] device_remove+0x40/0x70\n[ 279.194642] device_release_driver_internal+0x1ad/0x210\n[ 279.194647] driver_detach+0x4e/0xa0\n[ 279.194650] bus_remove_driver+0x6f/0xf0\n[ 279.194653] driver_unregister+0x33/0x60\n[ 279.194657] pci_unregister_driver+0x44/0x90\n[ 279.194662] amdgpu_exit+0x19/0x1f0 [amdgpu]\n[ 279.194939] __do_sys_delete_module.isra.0+0x198/0x2f0\n[ 279.194946] __x64_sys_delete_module+0x16/0x20\n[ 279.194950] do_syscall_64+0x58/0x120\n[ 279.194954] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n[ 279.194980] \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49989",
"url": "https://www.suse.com/security/cve/CVE-2024-49989"
},
{
"category": "external",
"summary": "SUSE Bug 1232483 for CVE-2024-49989",
"url": "https://bugzilla.suse.com/1232483"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49989"
},
{
"cve": "CVE-2024-49991",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49991"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer\n\nPass pointer reference to amdgpu_bo_unref to clear the correct pointer,\notherwise amdgpu_bo_unref clear the local variable, the original pointer\nnot set to NULL, this could cause use-after-free bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49991",
"url": "https://www.suse.com/security/cve/CVE-2024-49991"
},
{
"category": "external",
"summary": "SUSE Bug 1232282 for CVE-2024-49991",
"url": "https://bugzilla.suse.com/1232282"
},
{
"category": "external",
"summary": "SUSE Bug 1232284 for CVE-2024-49991",
"url": "https://bugzilla.suse.com/1232284"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-49991"
},
{
"cve": "CVE-2024-49993",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49993"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49993",
"url": "https://www.suse.com/security/cve/CVE-2024-49993"
},
{
"category": "external",
"summary": "SUSE Bug 1232316 for CVE-2024-49993",
"url": "https://bugzilla.suse.com/1232316"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49993"
},
{
"cve": "CVE-2024-49995",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49995"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49995",
"url": "https://www.suse.com/security/cve/CVE-2024-49995"
},
{
"category": "external",
"summary": "SUSE Bug 1232432 for CVE-2024-49995",
"url": "https://bugzilla.suse.com/1232432"
},
{
"category": "external",
"summary": "SUSE Bug 1232433 for CVE-2024-49995",
"url": "https://bugzilla.suse.com/1232433"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49995"
},
{
"cve": "CVE-2024-49996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49996"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix buffer overflow when parsing NFS reparse points\n\nReparseDataLength is sum of the InodeType size and DataBuffer size.\nSo to get DataBuffer size it is needed to subtract InodeType\u0027s size from\nReparseDataLength.\n\nFunction cifs_strndup_from_utf16() is currentlly accessing buf-\u003eDataBuffer\nat position after the end of the buffer because it does not subtract\nInodeType size from the length. Fix this problem and correctly subtract\nvariable len.\n\nMember InodeType is present only when reparse buffer is large enough. Check\nfor ReparseDataLength before accessing InodeType to prevent another invalid\nmemory access.\n\nMajor and minor rdev values are present also only when reparse buffer is\nlarge enough. Check for reparse buffer size before calling reparse_mkdev().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49996",
"url": "https://www.suse.com/security/cve/CVE-2024-49996"
},
{
"category": "external",
"summary": "SUSE Bug 1232089 for CVE-2024-49996",
"url": "https://bugzilla.suse.com/1232089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-49996"
},
{
"cve": "CVE-2024-50000",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50000"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()\n\nIn mlx5e_tir_builder_alloc() kvzalloc() may return NULL\nwhich is dereferenced on the next line in a reference\nto the modify field.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50000",
"url": "https://www.suse.com/security/cve/CVE-2024-50000"
},
{
"category": "external",
"summary": "SUSE Bug 1232085 for CVE-2024-50000",
"url": "https://bugzilla.suse.com/1232085"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50000"
},
{
"cve": "CVE-2024-50001",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50001"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix error path in multi-packet WQE transmit\n\nRemove the erroneous unmap in case no DMA mapping was established\n\nThe multi-packet WQE transmit code attempts to obtain a DMA mapping for\nthe skb. This could fail, e.g. under memory pressure, when the IOMMU\ndriver just can\u0027t allocate more memory for page tables. While the code\ntries to handle this in the path below the err_unmap label it erroneously\nunmaps one entry from the sq\u0027s FIFO list of active mappings. Since the\ncurrent map attempt failed this unmap is removing some random DMA mapping\nthat might still be required. If the PCI function now presents that IOVA,\nthe IOMMU may assumes a rogue DMA access and e.g. on s390 puts the PCI\nfunction in error state.\n\nThe erroneous behavior was seen in a stress-test environment that created\nmemory pressure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50001",
"url": "https://www.suse.com/security/cve/CVE-2024-50001"
},
{
"category": "external",
"summary": "SUSE Bug 1232084 for CVE-2024-50001",
"url": "https://bugzilla.suse.com/1232084"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50001"
},
{
"cve": "CVE-2024-50002",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50002"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstatic_call: Handle module init failure correctly in static_call_del_module()\n\nModule insertion invokes static_call_add_module() to initialize the static\ncalls in a module. static_call_add_module() invokes __static_call_init(),\nwhich allocates a struct static_call_mod to either encapsulate the built-in\nstatic call sites of the associated key into it so further modules can be\nadded or to append the module to the module chain.\n\nIf that allocation fails the function returns with an error code and the\nmodule core invokes static_call_del_module() to clean up eventually added\nstatic_call_mod entries.\n\nThis works correctly, when all keys used by the module were converted over\nto a module chain before the failure. If not then static_call_del_module()\ncauses a #GP as it blindly assumes that key::mods points to a valid struct\nstatic_call_mod.\n\nThe problem is that key::mods is not a individual struct member of struct\nstatic_call_key, it\u0027s part of a union to save space:\n\n union {\n /* bit 0: 0 = mods, 1 = sites */\n unsigned long type;\n struct static_call_mod *mods;\n struct static_call_site *sites;\n\t};\n\nkey::sites is a pointer to the list of built-in usage sites of the static\ncall. The type of the pointer is differentiated by bit 0. A mods pointer\nhas the bit clear, the sites pointer has the bit set.\n\nAs static_call_del_module() blidly assumes that the pointer is a valid\nstatic_call_mod type, it fails to check for this failure case and\ndereferences the pointer to the list of built-in call sites, which is\nobviously bogus.\n\nCure it by checking whether the key has a sites or a mods pointer.\n\nIf it\u0027s a sites pointer then the key is not to be touched. As the sites are\nwalked in the same order as in __static_call_init() the site walk can be\nterminated because all subsequent sites have not been touched by the init\ncode due to the error exit.\n\nIf it was converted before the allocation fail, then the inner loop which\nsearches for a module match will find nothing.\n\nA fail in the second allocation in __static_call_init() is harmless and\ndoes not require special treatment. The first allocation succeeded and\nconverted the key to a module chain. That first entry has mod::mod == NULL\nand mod::next == NULL, so the inner loop of static_call_del_module() will\nneither find a module match nor a module chain. The next site in the walk\nwas either already converted, but can\u0027t match the module, or it will exit\nthe outer loop because it has a static_call_site pointer and not a\nstatic_call_mod pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50002",
"url": "https://www.suse.com/security/cve/CVE-2024-50002"
},
{
"category": "external",
"summary": "SUSE Bug 1232083 for CVE-2024-50002",
"url": "https://bugzilla.suse.com/1232083"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50002"
},
{
"cve": "CVE-2024-50003",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50003"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix system hang while resume with TBT monitor\n\n[Why]\nConnected with a Thunderbolt monitor and do the suspend and the system\nmay hang while resume.\n\nThe TBT monitor HPD will be triggered during the resume procedure\nand call the drm_client_modeset_probe() while\nstruct drm_connector connector-\u003edev-\u003emaster is NULL.\n\nIt will mess up the pipe topology after resume.\n\n[How]\nSkip the TBT monitor HPD during the resume procedure because we\ncurrently will probe the connectors after resume by default.\n\n(cherry picked from commit 453f86a26945207a16b8f66aaed5962dc2b95b85)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50003",
"url": "https://www.suse.com/security/cve/CVE-2024-50003"
},
{
"category": "external",
"summary": "SUSE Bug 1232385 for CVE-2024-50003",
"url": "https://bugzilla.suse.com/1232385"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50003"
},
{
"cve": "CVE-2024-50004",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50004"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35\n\n[WHY \u0026 HOW]\nMismatch in DCN35 DML2 cause bw validation failed to acquire unexpected DPP pipe to cause\ngrey screen and system hang. Remove EnhancedPrefetchScheduleAccelerationFinal value override\nto match HW spec.\n\n(cherry picked from commit 9dad21f910fcea2bdcff4af46159101d7f9cd8ba)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50004",
"url": "https://www.suse.com/security/cve/CVE-2024-50004"
},
{
"category": "external",
"summary": "SUSE Bug 1232396 for CVE-2024-50004",
"url": "https://bugzilla.suse.com/1232396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50004"
},
{
"cve": "CVE-2024-50006",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50006"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix i_data_sem unlock order in ext4_ind_migrate()\n\nFuzzing reports a possible deadlock in jbd2_log_wait_commit.\n\nThis issue is triggered when an EXT4_IOC_MIGRATE ioctl is set to require\nsynchronous updates because the file descriptor is opened with O_SYNC.\nThis can lead to the jbd2_journal_stop() function calling\njbd2_might_wait_for_commit(), potentially causing a deadlock if the\nEXT4_IOC_MIGRATE call races with a write(2) system call.\n\nThis problem only arises when CONFIG_PROVE_LOCKING is enabled. In this\ncase, the jbd2_might_wait_for_commit macro locks jbd2_handle in the\njbd2_journal_stop function while i_data_sem is locked. This triggers\nlockdep because the jbd2_journal_start function might also lock the same\njbd2_handle simultaneously.\n\nFound by Linux Verification Center (linuxtesting.org) with syzkaller.\n\nRule: add",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50006",
"url": "https://www.suse.com/security/cve/CVE-2024-50006"
},
{
"category": "external",
"summary": "SUSE Bug 1232442 for CVE-2024-50006",
"url": "https://bugzilla.suse.com/1232442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50006"
},
{
"cve": "CVE-2024-50007",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50007"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: asihpi: Fix potential OOB array access\n\nASIHPI driver stores some values in the static array upon a response\nfrom the driver, and its index depends on the firmware. We shouldn\u0027t\ntrust it blindly.\n\nThis patch adds a sanity check of the array index to fit in the array\nsize.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50007",
"url": "https://www.suse.com/security/cve/CVE-2024-50007"
},
{
"category": "external",
"summary": "SUSE Bug 1232394 for CVE-2024-50007",
"url": "https://bugzilla.suse.com/1232394"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50007"
},
{
"cve": "CVE-2024-50008",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50008"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext()\n\nReplace one-element array with a flexible-array member in\n`struct host_cmd_ds_802_11_scan_ext`.\n\nWith this, fix the following warning:\n\nelo 16 17:51:58 surfacebook kernel: ------------[ cut here ]------------\nelo 16 17:51:58 surfacebook kernel: memcpy: detected field-spanning write (size 243) of single field \"ext_scan-\u003etlv_buffer\" at drivers/net/wireless/marvell/mwifiex/scan.c:2239 (size 1)\nelo 16 17:51:58 surfacebook kernel: WARNING: CPU: 0 PID: 498 at drivers/net/wireless/marvell/mwifiex/scan.c:2239 mwifiex_cmd_802_11_scan_ext+0x83/0x90 [mwifiex]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50008",
"url": "https://www.suse.com/security/cve/CVE-2024-50008"
},
{
"category": "external",
"summary": "SUSE Bug 1232317 for CVE-2024-50008",
"url": "https://bugzilla.suse.com/1232317"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50008"
},
{
"cve": "CVE-2024-50009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: amd-pstate: add check for cpufreq_cpu_get\u0027s return value\n\ncpufreq_cpu_get may return NULL. To avoid NULL-dereference check it\nand return in case of error.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50009",
"url": "https://www.suse.com/security/cve/CVE-2024-50009"
},
{
"category": "external",
"summary": "SUSE Bug 1232318 for CVE-2024-50009",
"url": "https://bugzilla.suse.com/1232318"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50009"
},
{
"cve": "CVE-2024-50012",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50012"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: Avoid a bad reference count on CPU node\n\nIn the parse_perf_domain function, if the call to\nof_parse_phandle_with_args returns an error, then the reference to the\nCPU device node that was acquired at the start of the function would not\nbe properly decremented.\n\nAddress this by declaring the variable with the __free(device_node)\ncleanup attribute.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50012",
"url": "https://www.suse.com/security/cve/CVE-2024-50012"
},
{
"category": "external",
"summary": "SUSE Bug 1232386 for CVE-2024-50012",
"url": "https://bugzilla.suse.com/1232386"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50012"
},
{
"cve": "CVE-2024-50013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50013"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix memory leak in exfat_load_bitmap()\n\nIf the first directory entry in the root directory is not a bitmap\ndirectory entry, \u0027bh\u0027 will not be released and reassigned, which\nwill cause a memory leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50013",
"url": "https://www.suse.com/security/cve/CVE-2024-50013"
},
{
"category": "external",
"summary": "SUSE Bug 1232080 for CVE-2024-50013",
"url": "https://bugzilla.suse.com/1232080"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50013"
},
{
"cve": "CVE-2024-50014",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50014"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix access to uninitialised lock in fc replay path\n\nThe following kernel trace can be triggered with fstest generic/629 when\nexecuted against a filesystem with fast-commit feature enabled:\n\nINFO: trying to register non-static key.\nThe code is fine but needs lockdep annotation, or maybe\nyou didn\u0027t initialize this object before use?\nturning off the locking correctness validator.\nCPU: 0 PID: 866 Comm: mount Not tainted 6.10.0+ #11\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-prebuilt.qemu.org 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x66/0x90\n register_lock_class+0x759/0x7d0\n __lock_acquire+0x85/0x2630\n ? __find_get_block+0xb4/0x380\n lock_acquire+0xd1/0x2d0\n ? __ext4_journal_get_write_access+0xd5/0x160\n _raw_spin_lock+0x33/0x40\n ? __ext4_journal_get_write_access+0xd5/0x160\n __ext4_journal_get_write_access+0xd5/0x160\n ext4_reserve_inode_write+0x61/0xb0\n __ext4_mark_inode_dirty+0x79/0x270\n ? ext4_ext_replay_set_iblocks+0x2f8/0x450\n ext4_ext_replay_set_iblocks+0x330/0x450\n ext4_fc_replay+0x14c8/0x1540\n ? jread+0x88/0x2e0\n ? rcu_is_watching+0x11/0x40\n do_one_pass+0x447/0xd00\n jbd2_journal_recover+0x139/0x1b0\n jbd2_journal_load+0x96/0x390\n ext4_load_and_init_journal+0x253/0xd40\n ext4_fill_super+0x2cc6/0x3180\n...\n\nIn the replay path there\u0027s an attempt to lock sbi-\u003es_bdev_wb_lock in\nfunction ext4_check_bdev_write_error(). Unfortunately, at this point this\nspinlock has not been initialized yet. Moving it\u0027s initialization to an\nearlier point in __ext4_fill_super() fixes this splat.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50014",
"url": "https://www.suse.com/security/cve/CVE-2024-50014"
},
{
"category": "external",
"summary": "SUSE Bug 1232446 for CVE-2024-50014",
"url": "https://bugzilla.suse.com/1232446"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50014"
},
{
"cve": "CVE-2024-50015",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50015"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: dax: fix overflowing extents beyond inode size when partially writing\n\nThe dax_iomap_rw() does two things in each iteration: map written blocks\nand copy user data to blocks. If the process is killed by user(See signal\nhandling in dax_iomap_iter()), the copied data will be returned and added\non inode size, which means that the length of written extents may exceed\nthe inode size, then fsck will fail. An example is given as:\n\ndd if=/dev/urandom of=file bs=4M count=1\n dax_iomap_rw\n iomap_iter // round 1\n ext4_iomap_begin\n ext4_iomap_alloc // allocate 0~2M extents(written flag)\n dax_iomap_iter // copy 2M data\n iomap_iter // round 2\n iomap_iter_advance\n iter-\u003epos += iter-\u003eprocessed // iter-\u003epos = 2M\n ext4_iomap_begin\n ext4_iomap_alloc // allocate 2~4M extents(written flag)\n dax_iomap_iter\n fatal_signal_pending\n done = iter-\u003epos - iocb-\u003eki_pos // done = 2M\n ext4_handle_inode_extension\n ext4_update_inode_size // inode size = 2M\n\nfsck reports: Inode 13, i_size is 2097152, should be 4194304. Fix?\n\nFix the problem by truncating extents if the written length is smaller\nthan expected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50015",
"url": "https://www.suse.com/security/cve/CVE-2024-50015"
},
{
"category": "external",
"summary": "SUSE Bug 1232079 for CVE-2024-50015",
"url": "https://bugzilla.suse.com/1232079"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50015"
},
{
"cve": "CVE-2024-50017",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50017"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm/ident_map: Use gbpages only where full GB page should be mapped.\n\nWhen ident_pud_init() uses only GB pages to create identity maps, large\nranges of addresses not actually requested can be included in the resulting\ntable; a 4K request will map a full GB. This can include a lot of extra\naddress space past that requested, including areas marked reserved by the\nBIOS. That allows processor speculation into reserved regions, that on UV\nsystems can cause system halts.\n\nOnly use GB pages when map creation requests include the full GB page of\nspace. Fall back to using smaller 2M pages when only portions of a GB page\nare included in the request.\n\nNo attempt is made to coalesce mapping requests. If a request requires a\nmap entry at the 2M (pmd) level, subsequent mapping requests within the\nsame 1G region will also be at the pmd level, even if adjacent or\noverlapping such requests could have been combined to map a full GB page.\nExisting usage starts with larger regions and then adds smaller regions, so\nthis should not have any great consequence.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50017",
"url": "https://www.suse.com/security/cve/CVE-2024-50017"
},
{
"category": "external",
"summary": "SUSE Bug 1232312 for CVE-2024-50017",
"url": "https://bugzilla.suse.com/1232312"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50017"
},
{
"cve": "CVE-2024-50019",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50019"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nkthread: unpark only parked kthread\n\nCalling into kthread unparking unconditionally is mostly harmless when\nthe kthread is already unparked. The wake up is then simply ignored\nbecause the target is not in TASK_PARKED state.\n\nHowever if the kthread is per CPU, the wake up is preceded by a call\nto kthread_bind() which expects the task to be inactive and in\nTASK_PARKED state, which obviously isn\u0027t the case if it is unparked.\n\nAs a result, calling kthread_stop() on an unparked per-cpu kthread\ntriggers such a warning:\n\n\tWARNING: CPU: 0 PID: 11 at kernel/kthread.c:525 __kthread_bind_mask kernel/kthread.c:525\n\t \u003cTASK\u003e\n\t kthread_stop+0x17a/0x630 kernel/kthread.c:707\n\t destroy_workqueue+0x136/0xc40 kernel/workqueue.c:5810\n\t wg_destruct+0x1e2/0x2e0 drivers/net/wireguard/device.c:257\n\t netdev_run_todo+0xe1a/0x1000 net/core/dev.c:10693\n\t default_device_exit_batch+0xa14/0xa90 net/core/dev.c:11769\n\t ops_exit_list net/core/net_namespace.c:178 [inline]\n\t cleanup_net+0x89d/0xcc0 net/core/net_namespace.c:640\n\t process_one_work kernel/workqueue.c:3231 [inline]\n\t process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312\n\t worker_thread+0x86d/0xd70 kernel/workqueue.c:3393\n\t kthread+0x2f0/0x390 kernel/kthread.c:389\n\t ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n\t ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\t \u003c/TASK\u003e\n\nFix this with skipping unecessary unparking while stopping a kthread.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50019",
"url": "https://www.suse.com/security/cve/CVE-2024-50019"
},
{
"category": "external",
"summary": "SUSE Bug 1231990 for CVE-2024-50019",
"url": "https://bugzilla.suse.com/1231990"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50019"
},
{
"cve": "CVE-2024-50020",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50020"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix improper handling of refcount in ice_sriov_set_msix_vec_count()\n\nThis patch addresses an issue with improper reference count handling in the\nice_sriov_set_msix_vec_count() function.\n\nFirst, the function calls ice_get_vf_by_id(), which increments the\nreference count of the vf pointer. If the subsequent call to\nice_get_vf_vsi() fails, the function currently returns an error without\ndecrementing the reference count of the vf pointer, leading to a reference\ncount leak. The correct behavior, as implemented in this patch, is to\ndecrement the reference count using ice_put_vf(vf) before returning an\nerror when vsi is NULL.\n\nSecond, the function calls ice_sriov_get_irqs(), which sets\nvf-\u003efirst_vector_idx. If this call returns a negative value, indicating an\nerror, the function returns an error without decrementing the reference\ncount of the vf pointer, resulting in another reference count leak. The\npatch addresses this by adding a call to ice_put_vf(vf) before returning\nan error when vf-\u003efirst_vector_idx \u003c 0.\n\nThis bug was identified by an experimental static analysis tool developed\nby our team. The tool specializes in analyzing reference count operations\nand identifying potential mismanagement of reference counts. In this case,\nthe tool flagged the missing decrement operation as a potential issue,\nleading to this patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50020",
"url": "https://www.suse.com/security/cve/CVE-2024-50020"
},
{
"category": "external",
"summary": "SUSE Bug 1231989 for CVE-2024-50020",
"url": "https://bugzilla.suse.com/1231989"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50020"
},
{
"cve": "CVE-2024-50021",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50021"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix improper handling of refcount in ice_dpll_init_rclk_pins()\n\nThis patch addresses a reference count handling issue in the\nice_dpll_init_rclk_pins() function. The function calls ice_dpll_get_pins(),\nwhich increments the reference count of the relevant resources. However,\nif the condition WARN_ON((!vsi || !vsi-\u003enetdev)) is met, the function\ncurrently returns an error without properly releasing the resources\nacquired by ice_dpll_get_pins(), leading to a reference count leak.\n\nTo resolve this, the check has been moved to the top of the function. This\nensures that the function verifies the state before any resources are\nacquired, avoiding the need for additional resource management in the\nerror path.\n\nThis bug was identified by an experimental static analysis tool developed\nby our team. The tool specializes in analyzing reference count operations\nand detecting potential issues where resources are not properly managed.\nIn this case, the tool flagged the missing release operation as a\npotential problem, which led to the development of this patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50021",
"url": "https://www.suse.com/security/cve/CVE-2024-50021"
},
{
"category": "external",
"summary": "SUSE Bug 1231957 for CVE-2024-50021",
"url": "https://bugzilla.suse.com/1231957"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50021"
},
{
"cve": "CVE-2024-50022",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50022"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndevice-dax: correct pgoff align in dax_set_mapping()\n\npgoff should be aligned using ALIGN_DOWN() instead of ALIGN(). Otherwise,\nvmf-\u003eaddress not aligned to fault_size will be aligned to the next\nalignment, that can result in memory failure getting the wrong address.\n\nIt\u0027s a subtle situation that only can be observed in\npage_mapped_in_vma() after the page is page fault handled by\ndev_dax_huge_fault. Generally, there is little chance to perform\npage_mapped_in_vma in dev-dax\u0027s page unless in specific error injection\nto the dax device to trigger an MCE - memory-failure. In that case,\npage_mapped_in_vma() will be triggered to determine which task is\naccessing the failure address and kill that task in the end.\n\n\nWe used self-developed dax device (which is 2M aligned mapping) , to\nperform error injection to random address. It turned out that error\ninjected to non-2M-aligned address was causing endless MCE until panic.\nBecause page_mapped_in_vma() kept resulting wrong address and the task\naccessing the failure address was never killed properly:\n\n\n[ 3783.719419] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3784.049006] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3784.049190] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3784.448042] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3784.448186] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3784.792026] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3784.792179] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3785.162502] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3785.162633] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3785.461116] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3785.461247] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3785.764730] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3785.764859] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3786.042128] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3786.042259] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3786.464293] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3786.464423] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3786.818090] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3786.818217] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3787.085297] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3787.085424] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n\nIt took us several weeks to pinpoint this problem, but we eventually\nused bpftrace to trace the page fault and mce address and successfully\nidentified the issue.\n\n\nJoao added:\n\n; Likely we never reproduce in production because we always pin\n: device-dax regions in the region align they provide (Qemu does\n: similarly with prealloc in hugetlb/file backed memory). I think this\n: bug requires that we touch *unpinned* device-dax regions unaligned to\n: the device-dax selected alignment (page size i.e. 4K/2M/1G)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50022",
"url": "https://www.suse.com/security/cve/CVE-2024-50022"
},
{
"category": "external",
"summary": "SUSE Bug 1231956 for CVE-2024-50022",
"url": "https://bugzilla.suse.com/1231956"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50022"
},
{
"cve": "CVE-2024-50023",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50023"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: Remove LED entry from LEDs list on unregister\n\nCommit c938ab4da0eb (\"net: phy: Manual remove LEDs to ensure correct\nordering\") correctly fixed a problem with using devm_ but missed\nremoving the LED entry from the LEDs list.\n\nThis cause kernel panic on specific scenario where the port for the PHY\nis torn down and up and the kmod for the PHY is removed.\n\nOn setting the port down the first time, the assosiacted LEDs are\ncorrectly unregistered. The associated kmod for the PHY is now removed.\nThe kmod is now added again and the port is now put up, the associated LED\nare registered again.\nOn putting the port down again for the second time after these step, the\nLED list now have 4 elements. With the first 2 already unregistered\npreviously and the 2 new one registered again.\n\nThis cause a kernel panic as the first 2 element should have been\nremoved.\n\nFix this by correctly removing the element when LED is unregistered.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50023",
"url": "https://www.suse.com/security/cve/CVE-2024-50023"
},
{
"category": "external",
"summary": "SUSE Bug 1231955 for CVE-2024-50023",
"url": "https://bugzilla.suse.com/1231955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50023"
},
{
"cve": "CVE-2024-50024",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50024"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix an unsafe loop on the list\n\nThe kernel may crash when deleting a genetlink family if there are still\nlisteners for that family:\n\nOops: Kernel access of bad area, sig: 11 [#1]\n ...\n NIP [c000000000c080bc] netlink_update_socket_mc+0x3c/0xc0\n LR [c000000000c0f764] __netlink_clear_multicast_users+0x74/0xc0\n Call Trace:\n__netlink_clear_multicast_users+0x74/0xc0\ngenl_unregister_family+0xd4/0x2d0\n\nChange the unsafe loop on the list to a safe one, because inside the\nloop there is an element removal from this list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50024",
"url": "https://www.suse.com/security/cve/CVE-2024-50024"
},
{
"category": "external",
"summary": "SUSE Bug 1231954 for CVE-2024-50024",
"url": "https://bugzilla.suse.com/1231954"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50024"
},
{
"cve": "CVE-2024-50025",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50025"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: fnic: Move flush_work initialization out of if block\n\nAfter commit 379a58caa199 (\"scsi: fnic: Move fnic_fnic_flush_tx() to a\nwork queue\"), it can happen that a work item is sent to an uninitialized\nwork queue. This may has the effect that the item being queued is never\nactually queued, and any further actions depending on it will not\nproceed.\n\nThe following warning is observed while the fnic driver is loaded:\n\nkernel: WARNING: CPU: 11 PID: 0 at ../kernel/workqueue.c:1524 __queue_work+0x373/0x410\nkernel: \u003cIRQ\u003e\nkernel: queue_work_on+0x3a/0x50\nkernel: fnic_wq_copy_cmpl_handler+0x54a/0x730 [fnic 62fbff0c42e7fb825c60a55cde2fb91facb2ed24]\nkernel: fnic_isr_msix_wq_copy+0x2d/0x60 [fnic 62fbff0c42e7fb825c60a55cde2fb91facb2ed24]\nkernel: __handle_irq_event_percpu+0x36/0x1a0\nkernel: handle_irq_event_percpu+0x30/0x70\nkernel: handle_irq_event+0x34/0x60\nkernel: handle_edge_irq+0x7e/0x1a0\nkernel: __common_interrupt+0x3b/0xb0\nkernel: common_interrupt+0x58/0xa0\nkernel: \u003c/IRQ\u003e\n\nIt has been observed that this may break the rediscovery of Fibre\nChannel devices after a temporary fabric failure.\n\nThis patch fixes it by moving the work queue initialization out of\nan if block in fnic_probe().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50025",
"url": "https://www.suse.com/security/cve/CVE-2024-50025"
},
{
"category": "external",
"summary": "SUSE Bug 1231953 for CVE-2024-50025",
"url": "https://bugzilla.suse.com/1231953"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50025"
},
{
"cve": "CVE-2024-50026",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50026"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: wd33c93: Don\u0027t use stale scsi_pointer value\n\nA regression was introduced with commit dbb2da557a6a (\"scsi: wd33c93:\nMove the SCSI pointer to private command data\") which results in an oops\nin wd33c93_intr(). That commit added the scsi_pointer variable and\ninitialized it from hostdata-\u003econnected. However, during selection,\nhostdata-\u003econnected is not yet valid. Fix this by getting the current\nscsi_pointer from hostdata-\u003eselecting.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50026",
"url": "https://www.suse.com/security/cve/CVE-2024-50026"
},
{
"category": "external",
"summary": "SUSE Bug 1231952 for CVE-2024-50026",
"url": "https://bugzilla.suse.com/1231952"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50026"
},
{
"cve": "CVE-2024-50027",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50027"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: core: Free tzp copy along with the thermal zone\n\nThe object pointed to by tz-\u003etzp may still be accessed after being\nfreed in thermal_zone_device_unregister(), so move the freeing of it\nto the point after the removal completion has been completed at which\nit cannot be accessed any more.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50027",
"url": "https://www.suse.com/security/cve/CVE-2024-50027"
},
{
"category": "external",
"summary": "SUSE Bug 1231951 for CVE-2024-50027",
"url": "https://bugzilla.suse.com/1231951"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50027"
},
{
"cve": "CVE-2024-50028",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50028"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: core: Reference count the zone in thermal_zone_get_by_id()\n\nThere are places in the thermal netlink code where nothing prevents\nthe thermal zone object from going away while being accessed after it\nhas been returned by thermal_zone_get_by_id().\n\nTo address this, make thermal_zone_get_by_id() get a reference on the\nthermal zone device object to be returned with the help of get_device(),\nunder thermal_list_lock, and adjust all of its callers to this change\nwith the help of the cleanup.h infrastructure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50028",
"url": "https://www.suse.com/security/cve/CVE-2024-50028"
},
{
"category": "external",
"summary": "SUSE Bug 1231950 for CVE-2024-50028",
"url": "https://bugzilla.suse.com/1231950"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50028"
},
{
"cve": "CVE-2024-50031",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50031"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Stop the active perfmon before being destroyed\n\nWhen running `kmscube` with one or more performance monitors enabled\nvia `GALLIUM_HUD`, the following kernel panic can occur:\n\n[ 55.008324] Unable to handle kernel paging request at virtual address 00000000052004a4\n[ 55.008368] Mem abort info:\n[ 55.008377] ESR = 0x0000000096000005\n[ 55.008387] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 55.008402] SET = 0, FnV = 0\n[ 55.008412] EA = 0, S1PTW = 0\n[ 55.008421] FSC = 0x05: level 1 translation fault\n[ 55.008434] Data abort info:\n[ 55.008442] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n[ 55.008455] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 55.008467] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 55.008481] user pgtable: 4k pages, 39-bit VAs, pgdp=00000001046c6000\n[ 55.008497] [00000000052004a4] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n[ 55.008525] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n[ 55.008542] Modules linked in: rfcomm [...] vc4 v3d snd_soc_hdmi_codec drm_display_helper\ngpu_sched drm_shmem_helper cec drm_dma_helper drm_kms_helper i2c_brcmstb\ndrm drm_panel_orientation_quirks snd_soc_core snd_compress snd_pcm_dmaengine snd_pcm snd_timer snd backlight\n[ 55.008799] CPU: 2 PID: 166 Comm: v3d_bin Tainted: G C 6.6.47+rpt-rpi-v8 #1 Debian 1:6.6.47-1+rpt1\n[ 55.008824] Hardware name: Raspberry Pi 4 Model B Rev 1.5 (DT)\n[ 55.008838] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 55.008855] pc : __mutex_lock.constprop.0+0x90/0x608\n[ 55.008879] lr : __mutex_lock.constprop.0+0x58/0x608\n[ 55.008895] sp : ffffffc080673cf0\n[ 55.008904] x29: ffffffc080673cf0 x28: 0000000000000000 x27: ffffff8106188a28\n[ 55.008926] x26: ffffff8101e78040 x25: ffffff8101baa6c0 x24: ffffffd9d989f148\n[ 55.008947] x23: ffffffda1c2a4008 x22: 0000000000000002 x21: ffffffc080673d38\n[ 55.008968] x20: ffffff8101238000 x19: ffffff8104f83188 x18: 0000000000000000\n[ 55.008988] x17: 0000000000000000 x16: ffffffda1bd04d18 x15: 00000055bb08bc90\n[ 55.009715] x14: 0000000000000000 x13: 0000000000000000 x12: ffffffda1bd4cbb0\n[ 55.010433] x11: 00000000fa83b2da x10: 0000000000001a40 x9 : ffffffda1bd04d04\n[ 55.011162] x8 : ffffff8102097b80 x7 : 0000000000000000 x6 : 00000000030a5857\n[ 55.011880] x5 : 00ffffffffffffff x4 : 0300000005200470 x3 : 0300000005200470\n[ 55.012598] x2 : ffffff8101238000 x1 : 0000000000000021 x0 : 0300000005200470\n[ 55.013292] Call trace:\n[ 55.013959] __mutex_lock.constprop.0+0x90/0x608\n[ 55.014646] __mutex_lock_slowpath+0x1c/0x30\n[ 55.015317] mutex_lock+0x50/0x68\n[ 55.015961] v3d_perfmon_stop+0x40/0xe0 [v3d]\n[ 55.016627] v3d_bin_job_run+0x10c/0x2d8 [v3d]\n[ 55.017282] drm_sched_main+0x178/0x3f8 [gpu_sched]\n[ 55.017921] kthread+0x11c/0x128\n[ 55.018554] ret_from_fork+0x10/0x20\n[ 55.019168] Code: f9400260 f1001c1f 54001ea9 927df000 (b9403401)\n[ 55.019776] ---[ end trace 0000000000000000 ]---\n[ 55.020411] note: v3d_bin[166] exited with preempt_count 1\n\nThis issue arises because, upon closing the file descriptor (which happens\nwhen we interrupt `kmscube`), the active performance monitor is not\nstopped. Although all perfmons are destroyed in `v3d_perfmon_close_file()`,\nthe active performance monitor\u0027s pointer (`v3d-\u003eactive_perfmon`) is still\nretained.\n\nIf `kmscube` is run again, the driver will attempt to stop the active\nperformance monitor using the stale pointer in `v3d-\u003eactive_perfmon`.\nHowever, this pointer is no longer valid because the previous process has\nalready terminated, and all performance monitors associated with it have\nbeen destroyed and freed.\n\nTo fix this, when the active performance monitor belongs to a given\nprocess, explicitly stop it before destroying and freeing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50031",
"url": "https://www.suse.com/security/cve/CVE-2024-50031"
},
{
"category": "external",
"summary": "SUSE Bug 1231947 for CVE-2024-50031",
"url": "https://bugzilla.suse.com/1231947"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50031"
},
{
"cve": "CVE-2024-50033",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50033"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nslip: make slhc_remember() more robust against malicious packets\n\nsyzbot found that slhc_remember() was missing checks against\nmalicious packets [1].\n\nslhc_remember() only checked the size of the packet was at least 20,\nwhich is not good enough.\n\nWe need to make sure the packet includes the IPv4 and TCP header\nthat are supposed to be carried.\n\nAdd iph and th pointers to make the code more readable.\n\n[1]\n\nBUG: KMSAN: uninit-value in slhc_remember+0x2e8/0x7b0 drivers/net/slip/slhc.c:666\n slhc_remember+0x2e8/0x7b0 drivers/net/slip/slhc.c:666\n ppp_receive_nonmp_frame+0xe45/0x35e0 drivers/net/ppp/ppp_generic.c:2455\n ppp_receive_frame drivers/net/ppp/ppp_generic.c:2372 [inline]\n ppp_do_recv+0x65f/0x40d0 drivers/net/ppp/ppp_generic.c:2212\n ppp_input+0x7dc/0xe60 drivers/net/ppp/ppp_generic.c:2327\n pppoe_rcv_core+0x1d3/0x720 drivers/net/ppp/pppoe.c:379\n sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1113\n __release_sock+0x1da/0x330 net/core/sock.c:3072\n release_sock+0x6b/0x250 net/core/sock.c:3626\n pppoe_sendmsg+0x2b8/0xb90 drivers/net/ppp/pppoe.c:903\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:744\n ____sys_sendmsg+0x903/0xb60 net/socket.c:2602\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656\n __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742\n __do_sys_sendmmsg net/socket.c:2771 [inline]\n __se_sys_sendmmsg net/socket.c:2768 [inline]\n __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768\n x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4091 [inline]\n slab_alloc_node mm/slub.c:4134 [inline]\n kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4186\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587\n __alloc_skb+0x363/0x7b0 net/core/skbuff.c:678\n alloc_skb include/linux/skbuff.h:1322 [inline]\n sock_wmalloc+0xfe/0x1a0 net/core/sock.c:2732\n pppoe_sendmsg+0x3a7/0xb90 drivers/net/ppp/pppoe.c:867\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:744\n ____sys_sendmsg+0x903/0xb60 net/socket.c:2602\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656\n __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742\n __do_sys_sendmmsg net/socket.c:2771 [inline]\n __se_sys_sendmmsg net/socket.c:2768 [inline]\n __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768\n x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 0 UID: 0 PID: 5460 Comm: syz.2.33 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50033",
"url": "https://www.suse.com/security/cve/CVE-2024-50033"
},
{
"category": "external",
"summary": "SUSE Bug 1231914 for CVE-2024-50033",
"url": "https://bugzilla.suse.com/1231914"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50033"
},
{
"cve": "CVE-2024-50035",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50035"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: fix ppp_async_encode() illegal access\n\nsyzbot reported an issue in ppp_async_encode() [1]\n\nIn this case, pppoe_sendmsg() is called with a zero size.\nThen ppp_async_encode() is called with an empty skb.\n\nBUG: KMSAN: uninit-value in ppp_async_encode drivers/net/ppp/ppp_async.c:545 [inline]\n BUG: KMSAN: uninit-value in ppp_async_push+0xb4f/0x2660 drivers/net/ppp/ppp_async.c:675\n ppp_async_encode drivers/net/ppp/ppp_async.c:545 [inline]\n ppp_async_push+0xb4f/0x2660 drivers/net/ppp/ppp_async.c:675\n ppp_async_send+0x130/0x1b0 drivers/net/ppp/ppp_async.c:634\n ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2280 [inline]\n ppp_input+0x1f1/0xe60 drivers/net/ppp/ppp_generic.c:2304\n pppoe_rcv_core+0x1d3/0x720 drivers/net/ppp/pppoe.c:379\n sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1113\n __release_sock+0x1da/0x330 net/core/sock.c:3072\n release_sock+0x6b/0x250 net/core/sock.c:3626\n pppoe_sendmsg+0x2b8/0xb90 drivers/net/ppp/pppoe.c:903\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:744\n ____sys_sendmsg+0x903/0xb60 net/socket.c:2602\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656\n __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742\n __do_sys_sendmmsg net/socket.c:2771 [inline]\n __se_sys_sendmmsg net/socket.c:2768 [inline]\n __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768\n x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4092 [inline]\n slab_alloc_node mm/slub.c:4135 [inline]\n kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4187\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587\n __alloc_skb+0x363/0x7b0 net/core/skbuff.c:678\n alloc_skb include/linux/skbuff.h:1322 [inline]\n sock_wmalloc+0xfe/0x1a0 net/core/sock.c:2732\n pppoe_sendmsg+0x3a7/0xb90 drivers/net/ppp/pppoe.c:867\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:744\n ____sys_sendmsg+0x903/0xb60 net/socket.c:2602\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656\n __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742\n __do_sys_sendmmsg net/socket.c:2771 [inline]\n __se_sys_sendmmsg net/socket.c:2768 [inline]\n __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768\n x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 1 UID: 0 PID: 5411 Comm: syz.1.14 Not tainted 6.12.0-rc1-syzkaller-00165-g360c1f1f24c6 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50035",
"url": "https://www.suse.com/security/cve/CVE-2024-50035"
},
{
"category": "external",
"summary": "SUSE Bug 1232392 for CVE-2024-50035",
"url": "https://bugzilla.suse.com/1232392"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50035"
},
{
"cve": "CVE-2024-50040",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50040"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nigb: Do not bring the device up after non-fatal error\n\nCommit 004d25060c78 (\"igb: Fix igb_down hung on surprise removal\")\nchanged igb_io_error_detected() to ignore non-fatal pcie errors in order\nto avoid hung task that can happen when igb_down() is called multiple\ntimes. This caused an issue when processing transient non-fatal errors.\nigb_io_resume(), which is called after igb_io_error_detected(), assumes\nthat device is brought down by igb_io_error_detected() if the interface\nis up. This resulted in panic with stacktrace below.\n\n[ T3256] igb 0000:09:00.0 haeth0: igb: haeth0 NIC Link is Down\n[ T292] pcieport 0000:00:1c.5: AER: Uncorrected (Non-Fatal) error received: 0000:09:00.0\n[ T292] igb 0000:09:00.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)\n[ T292] igb 0000:09:00.0: device [8086:1537] error status/mask=00004000/00000000\n[ T292] igb 0000:09:00.0: [14] CmpltTO [ 200.105524,009][ T292] igb 0000:09:00.0: AER: TLP Header: 00000000 00000000 00000000 00000000\n[ T292] pcieport 0000:00:1c.5: AER: broadcast error_detected message\n[ T292] igb 0000:09:00.0: Non-correctable non-fatal error reported.\n[ T292] pcieport 0000:00:1c.5: AER: broadcast mmio_enabled message\n[ T292] pcieport 0000:00:1c.5: AER: broadcast resume message\n[ T292] ------------[ cut here ]------------\n[ T292] kernel BUG at net/core/dev.c:6539!\n[ T292] invalid opcode: 0000 [#1] PREEMPT SMP\n[ T292] RIP: 0010:napi_enable+0x37/0x40\n[ T292] Call Trace:\n[ T292] \u003cTASK\u003e\n[ T292] ? die+0x33/0x90\n[ T292] ? do_trap+0xdc/0x110\n[ T292] ? napi_enable+0x37/0x40\n[ T292] ? do_error_trap+0x70/0xb0\n[ T292] ? napi_enable+0x37/0x40\n[ T292] ? napi_enable+0x37/0x40\n[ T292] ? exc_invalid_op+0x4e/0x70\n[ T292] ? napi_enable+0x37/0x40\n[ T292] ? asm_exc_invalid_op+0x16/0x20\n[ T292] ? napi_enable+0x37/0x40\n[ T292] igb_up+0x41/0x150\n[ T292] igb_io_resume+0x25/0x70\n[ T292] report_resume+0x54/0x70\n[ T292] ? report_frozen_detected+0x20/0x20\n[ T292] pci_walk_bus+0x6c/0x90\n[ T292] ? aer_print_port_info+0xa0/0xa0\n[ T292] pcie_do_recovery+0x22f/0x380\n[ T292] aer_process_err_devices+0x110/0x160\n[ T292] aer_isr+0x1c1/0x1e0\n[ T292] ? disable_irq_nosync+0x10/0x10\n[ T292] irq_thread_fn+0x1a/0x60\n[ T292] irq_thread+0xe3/0x1a0\n[ T292] ? irq_set_affinity_notifier+0x120/0x120\n[ T292] ? irq_affinity_notify+0x100/0x100\n[ T292] kthread+0xe2/0x110\n[ T292] ? kthread_complete_and_exit+0x20/0x20\n[ T292] ret_from_fork+0x2d/0x50\n[ T292] ? kthread_complete_and_exit+0x20/0x20\n[ T292] ret_from_fork_asm+0x11/0x20\n[ T292] \u003c/TASK\u003e\n\nTo fix this issue igb_io_resume() checks if the interface is running and\nthe device is not down this means igb_io_error_detected() did not bring\nthe device down and there is no need to bring it up.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50040",
"url": "https://www.suse.com/security/cve/CVE-2024-50040"
},
{
"category": "external",
"summary": "SUSE Bug 1231908 for CVE-2024-50040",
"url": "https://bugzilla.suse.com/1231908"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50040"
},
{
"cve": "CVE-2024-50041",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50041"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Fix macvlan leak by synchronizing access to mac_filter_hash\n\nThis patch addresses a macvlan leak issue in the i40e driver caused by\nconcurrent access to vsi-\u003emac_filter_hash. The leak occurs when multiple\nthreads attempt to modify the mac_filter_hash simultaneously, leading to\ninconsistent state and potential memory leaks.\n\nTo fix this, we now wrap the calls to i40e_del_mac_filter() and zeroing\nvf-\u003edefault_lan_addr.addr with spin_lock/unlock_bh(\u0026vsi-\u003emac_filter_hash_lock),\nensuring atomic operations and preventing concurrent access.\n\nAdditionally, we add lockdep_assert_held(\u0026vsi-\u003emac_filter_hash_lock) in\ni40e_add_mac_filter() to help catch similar issues in the future.\n\nReproduction steps:\n1. Spawn VFs and configure port vlan on them.\n2. Trigger concurrent macvlan operations (e.g., adding and deleting\n\tportvlan and/or mac filters).\n3. Observe the potential memory leak and inconsistent state in the\n\tmac_filter_hash.\n\nThis synchronization ensures the integrity of the mac_filter_hash and prevents\nthe described leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50041",
"url": "https://www.suse.com/security/cve/CVE-2024-50041"
},
{
"category": "external",
"summary": "SUSE Bug 1231907 for CVE-2024-50041",
"url": "https://bugzilla.suse.com/1231907"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50041"
},
{
"cve": "CVE-2024-50042",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50042"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix increasing MSI-X on VF\n\nIncreasing MSI-X value on a VF leads to invalid memory operations. This\nis caused by not reallocating some arrays.\n\nReproducer:\n modprobe ice\n echo 0 \u003e /sys/bus/pci/devices/$PF_PCI/sriov_drivers_autoprobe\n echo 1 \u003e /sys/bus/pci/devices/$PF_PCI/sriov_numvfs\n echo 17 \u003e /sys/bus/pci/devices/$VF0_PCI/sriov_vf_msix_count\n\nDefault MSI-X is 16, so 17 and above triggers this issue.\n\nKASAN reports:\n\n BUG: KASAN: slab-out-of-bounds in ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice]\n Read of size 8 at addr ffff8888b937d180 by task bash/28433\n (...)\n\n Call Trace:\n (...)\n ? ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice]\n kasan_report+0xed/0x120\n ? ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice]\n ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice]\n ice_vsi_cfg_def+0x3360/0x4770 [ice]\n ? mutex_unlock+0x83/0xd0\n ? __pfx_ice_vsi_cfg_def+0x10/0x10 [ice]\n ? __pfx_ice_remove_vsi_lkup_fltr+0x10/0x10 [ice]\n ice_vsi_cfg+0x7f/0x3b0 [ice]\n ice_vf_reconfig_vsi+0x114/0x210 [ice]\n ice_sriov_set_msix_vec_count+0x3d0/0x960 [ice]\n sriov_vf_msix_count_store+0x21c/0x300\n (...)\n\n Allocated by task 28201:\n (...)\n ice_vsi_cfg_def+0x1c8e/0x4770 [ice]\n ice_vsi_cfg+0x7f/0x3b0 [ice]\n ice_vsi_setup+0x179/0xa30 [ice]\n ice_sriov_configure+0xcaa/0x1520 [ice]\n sriov_numvfs_store+0x212/0x390\n (...)\n\nTo fix it, use ice_vsi_rebuild() instead of ice_vf_reconfig_vsi(). This\ncauses the required arrays to be reallocated taking the new queue count\ninto account (ice_vsi_realloc_stat_arrays()). Set req_txq and req_rxq\nbefore ice_vsi_rebuild(), so that realloc uses the newly set queue\ncount.\n\nAdditionally, ice_vsi_rebuild() does not remove VSI filters\n(ice_fltr_remove_all()), so ice_vf_init_host_cfg() is no longer\nnecessary.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50042",
"url": "https://www.suse.com/security/cve/CVE-2024-50042"
},
{
"category": "external",
"summary": "SUSE Bug 1231906 for CVE-2024-50042",
"url": "https://bugzilla.suse.com/1231906"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50042"
},
{
"cve": "CVE-2024-50044",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50044"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change\n\nrfcomm_sk_state_change attempts to use sock_lock so it must never be\ncalled with it locked but rfcomm_sock_ioctl always attempt to lock it\ncausing the following trace:\n\n======================================================\nWARNING: possible circular locking dependency detected\n6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted\n------------------------------------------------------\nsyz-executor386/5093 is trying to acquire lock:\nffff88807c396258 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1671 [inline]\nffff88807c396258 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sk_state_change+0x5b/0x310 net/bluetooth/rfcomm/sock.c:73\n\nbut task is already holding lock:\nffff88807badfd28 (\u0026d-\u003elock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x226/0x6a0 net/bluetooth/rfcomm/core.c:491",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50044",
"url": "https://www.suse.com/security/cve/CVE-2024-50044"
},
{
"category": "external",
"summary": "SUSE Bug 1231904 for CVE-2024-50044",
"url": "https://bugzilla.suse.com/1231904"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50044"
},
{
"cve": "CVE-2024-50045",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50045"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: br_netfilter: fix panic with metadata_dst skb\n\nFix a kernel panic in the br_netfilter module when sending untagged\ntraffic via a VxLAN device.\nThis happens during the check for fragmentation in br_nf_dev_queue_xmit.\n\nIt is dependent on:\n1) the br_netfilter module being loaded;\n2) net.bridge.bridge-nf-call-iptables set to 1;\n3) a bridge with a VxLAN (single-vxlan-device) netdevice as a bridge port;\n4) untagged frames with size higher than the VxLAN MTU forwarded/flooded\n\nWhen forwarding the untagged packet to the VxLAN bridge port, before\nthe netfilter hooks are called, br_handle_egress_vlan_tunnel is called and\nchanges the skb_dst to the tunnel dst. The tunnel_dst is a metadata type\nof dst, i.e., skb_valid_dst(skb) is false, and metadata-\u003edst.dev is NULL.\n\nThen in the br_netfilter hooks, in br_nf_dev_queue_xmit, there\u0027s a check\nfor frames that needs to be fragmented: frames with higher MTU than the\nVxLAN device end up calling br_nf_ip_fragment, which in turns call\nip_skb_dst_mtu.\n\nThe ip_dst_mtu tries to use the skb_dst(skb) as if it was a valid dst\nwith valid dst-\u003edev, thus the crash.\n\nThis case was never supported in the first place, so drop the packet\ninstead.\n\nPING 10.0.0.2 (10.0.0.2) from 0.0.0.0 h1-eth0: 2000(2028) bytes of data.\n[ 176.291791] Unable to handle kernel NULL pointer dereference at\nvirtual address 0000000000000110\n[ 176.292101] Mem abort info:\n[ 176.292184] ESR = 0x0000000096000004\n[ 176.292322] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 176.292530] SET = 0, FnV = 0\n[ 176.292709] EA = 0, S1PTW = 0\n[ 176.292862] FSC = 0x04: level 0 translation fault\n[ 176.293013] Data abort info:\n[ 176.293104] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[ 176.293488] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 176.293787] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 176.293995] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000043ef5000\n[ 176.294166] [0000000000000110] pgd=0000000000000000,\np4d=0000000000000000\n[ 176.294827] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 176.295252] Modules linked in: vxlan ip6_udp_tunnel udp_tunnel veth\nbr_netfilter bridge stp llc ipv6 crct10dif_ce\n[ 176.295923] CPU: 0 PID: 188 Comm: ping Not tainted\n6.8.0-rc3-g5b3fbd61b9d1 #2\n[ 176.296314] Hardware name: linux,dummy-virt (DT)\n[ 176.296535] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS\nBTYPE=--)\n[ 176.296808] pc : br_nf_dev_queue_xmit+0x390/0x4ec [br_netfilter]\n[ 176.297382] lr : br_nf_dev_queue_xmit+0x2ac/0x4ec [br_netfilter]\n[ 176.297636] sp : ffff800080003630\n[ 176.297743] x29: ffff800080003630 x28: 0000000000000008 x27:\nffff6828c49ad9f8\n[ 176.298093] x26: ffff6828c49ad000 x25: 0000000000000000 x24:\n00000000000003e8\n[ 176.298430] x23: 0000000000000000 x22: ffff6828c4960b40 x21:\nffff6828c3b16d28\n[ 176.298652] x20: ffff6828c3167048 x19: ffff6828c3b16d00 x18:\n0000000000000014\n[ 176.298926] x17: ffffb0476322f000 x16: ffffb7e164023730 x15:\n0000000095744632\n[ 176.299296] x14: ffff6828c3f1c880 x13: 0000000000000002 x12:\nffffb7e137926a70\n[ 176.299574] x11: 0000000000000001 x10: ffff6828c3f1c898 x9 :\n0000000000000000\n[ 176.300049] x8 : ffff6828c49bf070 x7 : 0008460f18d5f20e x6 :\nf20e0100bebafeca\n[ 176.300302] x5 : ffff6828c7f918fe x4 : ffff6828c49bf070 x3 :\n0000000000000000\n[ 176.300586] x2 : 0000000000000000 x1 : ffff6828c3c7ad00 x0 :\nffff6828c7f918f0\n[ 176.300889] Call trace:\n[ 176.301123] br_nf_dev_queue_xmit+0x390/0x4ec [br_netfilter]\n[ 176.301411] br_nf_post_routing+0x2a8/0x3e4 [br_netfilter]\n[ 176.301703] nf_hook_slow+0x48/0x124\n[ 176.302060] br_forward_finish+0xc8/0xe8 [bridge]\n[ 176.302371] br_nf_hook_thresh+0x124/0x134 [br_netfilter]\n[ 176.302605] br_nf_forward_finish+0x118/0x22c [br_netfilter]\n[ 176.302824] br_nf_forward_ip.part.0+0x264/0x290 [br_netfilter]\n[ 176.303136] br_nf_forward+0x2b8/0x4e0 [br_netfilter]\n[ 176.303359] nf_hook_slow+0x48/0x124\n[ 176.303\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50045",
"url": "https://www.suse.com/security/cve/CVE-2024-50045"
},
{
"category": "external",
"summary": "SUSE Bug 1231903 for CVE-2024-50045",
"url": "https://bugzilla.suse.com/1231903"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50045"
},
{
"cve": "CVE-2024-50046",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50046"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies()\n\nOn the node of an NFS client, some files saved in the mountpoint of the\nNFS server were copied to another location of the same NFS server.\nAccidentally, the nfs42_complete_copies() got a NULL-pointer dereference\ncrash with the following syslog:\n\n[232064.838881] NFSv4: state recovery failed for open file nfs/pvc-12b5200d-cd0f-46a3-b9f0-af8f4fe0ef64.qcow2, error = -116\n[232064.839360] NFSv4: state recovery failed for open file nfs/pvc-12b5200d-cd0f-46a3-b9f0-af8f4fe0ef64.qcow2, error = -116\n[232066.588183] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000058\n[232066.588586] Mem abort info:\n[232066.588701] ESR = 0x0000000096000007\n[232066.588862] EC = 0x25: DABT (current EL), IL = 32 bits\n[232066.589084] SET = 0, FnV = 0\n[232066.589216] EA = 0, S1PTW = 0\n[232066.589340] FSC = 0x07: level 3 translation fault\n[232066.589559] Data abort info:\n[232066.589683] ISV = 0, ISS = 0x00000007\n[232066.589842] CM = 0, WnR = 0\n[232066.589967] user pgtable: 64k pages, 48-bit VAs, pgdp=00002000956ff400\n[232066.590231] [0000000000000058] pgd=08001100ae100003, p4d=08001100ae100003, pud=08001100ae100003, pmd=08001100b3c00003, pte=0000000000000000\n[232066.590757] Internal error: Oops: 96000007 [#1] SMP\n[232066.590958] Modules linked in: rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs ocfs2_dlmfs ocfs2_stack_o2cb ocfs2_dlm vhost_net vhost vhost_iotlb tap tun ipt_rpfilter xt_multiport ip_set_hash_ip ip_set_hash_net xfrm_interface xfrm6_tunnel tunnel4 tunnel6 esp4 ah4 wireguard libcurve25519_generic veth xt_addrtype xt_set nf_conntrack_netlink ip_set_hash_ipportnet ip_set_hash_ipportip ip_set_bitmap_port ip_set_hash_ipport dummy ip_set ip_vs_sh ip_vs_wrr ip_vs_rr ip_vs iptable_filter sch_ingress nfnetlink_cttimeout vport_gre ip_gre ip_tunnel gre vport_geneve geneve vport_vxlan vxlan ip6_udp_tunnel udp_tunnel openvswitch nf_conncount dm_round_robin dm_service_time dm_multipath xt_nat xt_MASQUERADE nft_chain_nat nf_nat xt_mark xt_conntrack xt_comment nft_compat nft_counter nf_tables nfnetlink ocfs2 ocfs2_nodemanager ocfs2_stackglue iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ipmi_ssif nbd overlay 8021q garp mrp bonding tls rfkill sunrpc ext4 mbcache jbd2\n[232066.591052] vfat fat cas_cache cas_disk ses enclosure scsi_transport_sas sg acpi_ipmi ipmi_si ipmi_devintf ipmi_msghandler ip_tables vfio_pci vfio_pci_core vfio_virqfd vfio_iommu_type1 vfio dm_mirror dm_region_hash dm_log dm_mod nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 br_netfilter bridge stp llc fuse xfs libcrc32c ast drm_vram_helper qla2xxx drm_kms_helper syscopyarea crct10dif_ce sysfillrect ghash_ce sysimgblt sha2_ce fb_sys_fops cec sha256_arm64 sha1_ce drm_ttm_helper ttm nvme_fc igb sbsa_gwdt nvme_fabrics drm nvme_core i2c_algo_bit i40e scsi_transport_fc megaraid_sas aes_neon_bs\n[232066.596953] CPU: 6 PID: 4124696 Comm: 10.253.166.125- Kdump: loaded Not tainted 5.15.131-9.cl9_ocfs2.aarch64 #1\n[232066.597356] Hardware name: Great Wall .\\x93\\x8e...RF6260 V5/GWMSSE2GL1T, BIOS T656FBE_V3.0.18 2024-01-06\n[232066.597721] pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[232066.598034] pc : nfs4_reclaim_open_state+0x220/0x800 [nfsv4]\n[232066.598327] lr : nfs4_reclaim_open_state+0x12c/0x800 [nfsv4]\n[232066.598595] sp : ffff8000f568fc70\n[232066.598731] x29: ffff8000f568fc70 x28: 0000000000001000 x27: ffff21003db33000\n[232066.599030] x26: ffff800005521ae0 x25: ffff0100f98fa3f0 x24: 0000000000000001\n[232066.599319] x23: ffff800009920008 x22: ffff21003db33040 x21: ffff21003db33050\n[232066.599628] x20: ffff410172fe9e40 x19: ffff410172fe9e00 x18: 0000000000000000\n[232066.599914] x17: 0000000000000000 x16: 0000000000000004 x15: 0000000000000000\n[232066.600195] x14: 0000000000000000 x13: ffff800008e685a8 x12: 00000000eac0c6e6\n[232066.600498] x11: 00000000000000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50046",
"url": "https://www.suse.com/security/cve/CVE-2024-50046"
},
{
"category": "external",
"summary": "SUSE Bug 1231902 for CVE-2024-50046",
"url": "https://bugzilla.suse.com/1231902"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50046"
},
{
"cve": "CVE-2024-50047",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50047"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix UAF in async decryption\n\nDoing an async decryption (large read) crashes with a\nslab-use-after-free way down in the crypto API.\n\nReproducer:\n # mount.cifs -o ...,seal,esize=1 //srv/share /mnt\n # dd if=/mnt/largefile of=/dev/null\n ...\n [ 194.196391] ==================================================================\n [ 194.196844] BUG: KASAN: slab-use-after-free in gf128mul_4k_lle+0xc1/0x110\n [ 194.197269] Read of size 8 at addr ffff888112bd0448 by task kworker/u77:2/899\n [ 194.197707]\n [ 194.197818] CPU: 12 UID: 0 PID: 899 Comm: kworker/u77:2 Not tainted 6.11.0-lku-00028-gfca3ca14a17a-dirty #43\n [ 194.198400] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.2-3-gd478f380-prebuilt.qemu.org 04/01/2014\n [ 194.199046] Workqueue: smb3decryptd smb2_decrypt_offload [cifs]\n [ 194.200032] Call Trace:\n [ 194.200191] \u003cTASK\u003e\n [ 194.200327] dump_stack_lvl+0x4e/0x70\n [ 194.200558] ? gf128mul_4k_lle+0xc1/0x110\n [ 194.200809] print_report+0x174/0x505\n [ 194.201040] ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n [ 194.201352] ? srso_return_thunk+0x5/0x5f\n [ 194.201604] ? __virt_addr_valid+0xdf/0x1c0\n [ 194.201868] ? gf128mul_4k_lle+0xc1/0x110\n [ 194.202128] kasan_report+0xc8/0x150\n [ 194.202361] ? gf128mul_4k_lle+0xc1/0x110\n [ 194.202616] gf128mul_4k_lle+0xc1/0x110\n [ 194.202863] ghash_update+0x184/0x210\n [ 194.203103] shash_ahash_update+0x184/0x2a0\n [ 194.203377] ? __pfx_shash_ahash_update+0x10/0x10\n [ 194.203651] ? srso_return_thunk+0x5/0x5f\n [ 194.203877] ? crypto_gcm_init_common+0x1ba/0x340\n [ 194.204142] gcm_hash_assoc_remain_continue+0x10a/0x140\n [ 194.204434] crypt_message+0xec1/0x10a0 [cifs]\n [ 194.206489] ? __pfx_crypt_message+0x10/0x10 [cifs]\n [ 194.208507] ? srso_return_thunk+0x5/0x5f\n [ 194.209205] ? srso_return_thunk+0x5/0x5f\n [ 194.209925] ? srso_return_thunk+0x5/0x5f\n [ 194.210443] ? srso_return_thunk+0x5/0x5f\n [ 194.211037] decrypt_raw_data+0x15f/0x250 [cifs]\n [ 194.212906] ? __pfx_decrypt_raw_data+0x10/0x10 [cifs]\n [ 194.214670] ? srso_return_thunk+0x5/0x5f\n [ 194.215193] smb2_decrypt_offload+0x12a/0x6c0 [cifs]\n\nThis is because TFM is being used in parallel.\n\nFix this by allocating a new AEAD TFM for async decryption, but keep\nthe existing one for synchronous READ cases (similar to what is done\nin smb3_calc_signature()).\n\nAlso remove the calls to aead_request_set_callback() and\ncrypto_wait_req() since it\u0027s always going to be a synchronous operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50047",
"url": "https://www.suse.com/security/cve/CVE-2024-50047"
},
{
"category": "external",
"summary": "SUSE Bug 1232418 for CVE-2024-50047",
"url": "https://bugzilla.suse.com/1232418"
},
{
"category": "external",
"summary": "SUSE Bug 1232576 for CVE-2024-50047",
"url": "https://bugzilla.suse.com/1232576"
},
{
"category": "external",
"summary": "SUSE Bug 1232638 for CVE-2024-50047",
"url": "https://bugzilla.suse.com/1232638"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-50047"
},
{
"cve": "CVE-2024-50048",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50048"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbcon: Fix a NULL pointer dereference issue in fbcon_putcs\n\nsyzbot has found a NULL pointer dereference bug in fbcon.\nHere is the simplified C reproducer:\n\nstruct param {\n\tuint8_t type;\n\tstruct tiocl_selection ts;\n};\n\nint main()\n{\n\tstruct fb_con2fbmap con2fb;\n\tstruct param param;\n\n\tint fd = open(\"/dev/fb1\", 0, 0);\n\n\tcon2fb.console = 0x19;\n\tcon2fb.framebuffer = 0;\n\tioctl(fd, FBIOPUT_CON2FBMAP, \u0026con2fb);\n\n\tparam.type = 2;\n\tparam.ts.xs = 0; param.ts.ys = 0;\n\tparam.ts.xe = 0; param.ts.ye = 0;\n\tparam.ts.sel_mode = 0;\n\n\tint fd1 = open(\"/dev/tty1\", O_RDWR, 0);\n\tioctl(fd1, TIOCLINUX, \u0026param);\n\n\tcon2fb.console = 1;\n\tcon2fb.framebuffer = 0;\n\tioctl(fd, FBIOPUT_CON2FBMAP, \u0026con2fb);\n\n\treturn 0;\n}\n\nAfter calling ioctl(fd1, TIOCLINUX, \u0026param), the subsequent ioctl(fd, FBIOPUT_CON2FBMAP, \u0026con2fb)\ncauses the kernel to follow a different execution path:\n\n set_con2fb_map\n -\u003e con2fb_init_display\n -\u003e fbcon_set_disp\n -\u003e redraw_screen\n -\u003e hide_cursor\n -\u003e clear_selection\n -\u003e highlight\n -\u003e invert_screen\n -\u003e do_update_region\n -\u003e fbcon_putcs\n -\u003e ops-\u003eputcs\n\nSince ops-\u003eputcs is a NULL pointer, this leads to a kernel panic.\nTo prevent this, we need to call set_blitting_type() within set_con2fb_map()\nto properly initialize ops-\u003eputcs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50048",
"url": "https://www.suse.com/security/cve/CVE-2024-50048"
},
{
"category": "external",
"summary": "SUSE Bug 1232310 for CVE-2024-50048",
"url": "https://bugzilla.suse.com/1232310"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50048"
},
{
"cve": "CVE-2024-50049",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50049"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check null pointer before dereferencing se\n\n[WHAT \u0026 HOW]\nse is null checked previously in the same function, indicating\nit might be null; therefore, it must be checked when used again.\n\nThis fixes 1 FORWARD_NULL issue reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50049",
"url": "https://www.suse.com/security/cve/CVE-2024-50049"
},
{
"category": "external",
"summary": "SUSE Bug 1232309 for CVE-2024-50049",
"url": "https://bugzilla.suse.com/1232309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50049"
},
{
"cve": "CVE-2024-50055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50055"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: bus: Fix double free in driver API bus_register()\n\nFor bus_register(), any error which happens after kset_register() will\ncause that @priv are freed twice, fixed by setting @priv with NULL after\nthe first free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50055",
"url": "https://www.suse.com/security/cve/CVE-2024-50055"
},
{
"category": "external",
"summary": "SUSE Bug 1232329 for CVE-2024-50055",
"url": "https://bugzilla.suse.com/1232329"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50055"
},
{
"cve": "CVE-2024-50058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: protect uart_port_dtr_rts() in uart_shutdown() too\n\nCommit af224ca2df29 (serial: core: Prevent unsafe uart port access, part\n3) added few uport == NULL checks. It added one to uart_shutdown(), so\nthe commit assumes, uport can be NULL in there. But right after that\nprotection, there is an unprotected \"uart_port_dtr_rts(uport, false);\"\ncall. That is invoked only if HUPCL is set, so I assume that is the\nreason why we do not see lots of these reports.\n\nOr it cannot be NULL at this point at all for some reason :P.\n\nUntil the above is investigated, stay on the safe side and move this\ndereference to the if too.\n\nI got this inconsistency from Coverity under CID 1585130. Thanks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50058",
"url": "https://www.suse.com/security/cve/CVE-2024-50058"
},
{
"category": "external",
"summary": "SUSE Bug 1232285 for CVE-2024-50058",
"url": "https://bugzilla.suse.com/1232285"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50058"
},
{
"cve": "CVE-2024-50059",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50059"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition\n\nIn the switchtec_ntb_add function, it can call switchtec_ntb_init_sndev\nfunction, then \u0026sndev-\u003echeck_link_status_work is bound with\ncheck_link_status_work. switchtec_ntb_link_notification may be called\nto start the work.\n\nIf we remove the module which will call switchtec_ntb_remove to make\ncleanup, it will free sndev through kfree(sndev), while the work\nmentioned above will be used. The sequence of operations that may lead\nto a UAF bug is as follows:\n\nCPU0 CPU1\n\n | check_link_status_work\nswitchtec_ntb_remove |\nkfree(sndev); |\n | if (sndev-\u003elink_force_down)\n | // use sndev\n\nFix it by ensuring that the work is canceled before proceeding with\nthe cleanup in switchtec_ntb_remove.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50059",
"url": "https://www.suse.com/security/cve/CVE-2024-50059"
},
{
"category": "external",
"summary": "SUSE Bug 1232345 for CVE-2024-50059",
"url": "https://bugzilla.suse.com/1232345"
},
{
"category": "external",
"summary": "SUSE Bug 1232348 for CVE-2024-50059",
"url": "https://bugzilla.suse.com/1232348"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-50059"
},
{
"cve": "CVE-2024-50060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50060"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: check if we need to reschedule during overflow flush\n\nIn terms of normal application usage, this list will always be empty.\nAnd if an application does overflow a bit, it\u0027ll have a few entries.\nHowever, nothing obviously prevents syzbot from running a test case\nthat generates a ton of overflow entries, and then flushing them can\ntake quite a while.\n\nCheck for needing to reschedule while flushing, and drop our locks and\ndo so if necessary. There\u0027s no state to maintain here as overflows\nalways prune from head-of-list, hence it\u0027s fine to drop and reacquire\nthe locks at the end of the loop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50060",
"url": "https://www.suse.com/security/cve/CVE-2024-50060"
},
{
"category": "external",
"summary": "SUSE Bug 1232417 for CVE-2024-50060",
"url": "https://bugzilla.suse.com/1232417"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50060"
},
{
"cve": "CVE-2024-50061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50061"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition\n\nIn the cdns_i3c_master_probe function, \u0026master-\u003ehj_work is bound with\ncdns_i3c_master_hj. And cdns_i3c_master_interrupt can call\ncnds_i3c_master_demux_ibis function to start the work.\n\nIf we remove the module which will call cdns_i3c_master_remove to\nmake cleanup, it will free master-\u003ebase through i3c_master_unregister\nwhile the work mentioned above will be used. The sequence of operations\nthat may lead to a UAF bug is as follows:\n\nCPU0 CPU1\n\n | cdns_i3c_master_hj\ncdns_i3c_master_remove |\ni3c_master_unregister(\u0026master-\u003ebase) |\ndevice_unregister(\u0026master-\u003edev) |\ndevice_release |\n//free master-\u003ebase |\n | i3c_master_do_daa(\u0026master-\u003ebase)\n | //use master-\u003ebase\n\nFix it by ensuring that the work is canceled before proceeding with\nthe cleanup in cdns_i3c_master_remove.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50061",
"url": "https://www.suse.com/security/cve/CVE-2024-50061"
},
{
"category": "external",
"summary": "SUSE Bug 1232263 for CVE-2024-50061",
"url": "https://bugzilla.suse.com/1232263"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50061"
},
{
"cve": "CVE-2024-50062",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50062"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rtrs-srv: Avoid null pointer deref during path establishment\n\nFor RTRS path establishment, RTRS client initiates and completes con_num\nof connections. After establishing all its connections, the information\nis exchanged between the client and server through the info_req message.\nDuring this exchange, it is essential that all connections have been\nestablished, and the state of the RTRS srv path is CONNECTED.\n\nSo add these sanity checks, to make sure we detect and abort process in\nerror scenarios to avoid null pointer deref.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50062",
"url": "https://www.suse.com/security/cve/CVE-2024-50062"
},
{
"category": "external",
"summary": "SUSE Bug 1232232 for CVE-2024-50062",
"url": "https://bugzilla.suse.com/1232232"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50062"
},
{
"cve": "CVE-2024-50063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50063"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Prevent tail call between progs attached to different hooks\n\nbpf progs can be attached to kernel functions, and the attached functions\ncan take different parameters or return different return values. If\nprog attached to one kernel function tail calls prog attached to another\nkernel function, the ctx access or return value verification could be\nbypassed.\n\nFor example, if prog1 is attached to func1 which takes only 1 parameter\nand prog2 is attached to func2 which takes two parameters. Since verifier\nassumes the bpf ctx passed to prog2 is constructed based on func2\u0027s\nprototype, verifier allows prog2 to access the second parameter from\nthe bpf ctx passed to it. The problem is that verifier does not prevent\nprog1 from passing its bpf ctx to prog2 via tail call. In this case,\nthe bpf ctx passed to prog2 is constructed from func1 instead of func2,\nthat is, the assumption for ctx access verification is bypassed.\n\nAnother example, if BPF LSM prog1 is attached to hook file_alloc_security,\nand BPF LSM prog2 is attached to hook bpf_lsm_audit_rule_known. Verifier\nknows the return value rules for these two hooks, e.g. it is legal for\nbpf_lsm_audit_rule_known to return positive number 1, and it is illegal\nfor file_alloc_security to return positive number. So verifier allows\nprog2 to return positive number 1, but does not allow prog1 to return\npositive number. The problem is that verifier does not prevent prog1\nfrom calling prog2 via tail call. In this case, prog2\u0027s return value 1\nwill be used as the return value for prog1\u0027s hook file_alloc_security.\nThat is, the return value rule is bypassed.\n\nThis patch adds restriction for tail call to prevent such bypasses.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50063",
"url": "https://www.suse.com/security/cve/CVE-2024-50063"
},
{
"category": "external",
"summary": "SUSE Bug 1232435 for CVE-2024-50063",
"url": "https://bugzilla.suse.com/1232435"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50063"
},
{
"cve": "CVE-2024-50064",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50064"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nzram: free secondary algorithms names\n\nWe need to kfree() secondary algorithms names when reset zram device that\nhad multi-streams, otherwise we leak memory.\n\n[senozhatsky@chromium.org: kfree(NULL) is legal]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50064",
"url": "https://www.suse.com/security/cve/CVE-2024-50064"
},
{
"category": "external",
"summary": "SUSE Bug 1231901 for CVE-2024-50064",
"url": "https://bugzilla.suse.com/1231901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50064"
},
{
"cve": "CVE-2024-50067",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50067"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nuprobe: avoid out-of-bounds memory access of fetching args\n\nUprobe needs to fetch args into a percpu buffer, and then copy to ring\nbuffer to avoid non-atomic context problem.\n\nSometimes user-space strings, arrays can be very large, but the size of\npercpu buffer is only page size. And store_trace_args() won\u0027t check\nwhether these data exceeds a single page or not, caused out-of-bounds\nmemory access.\n\nIt could be reproduced by following steps:\n1. build kernel with CONFIG_KASAN enabled\n2. save follow program as test.c\n\n```\n\\#include \u003cstdio.h\u003e\n\\#include \u003cstdlib.h\u003e\n\\#include \u003cstring.h\u003e\n\n// If string length large than MAX_STRING_SIZE, the fetch_store_strlen()\n// will return 0, cause __get_data_size() return shorter size, and\n// store_trace_args() will not trigger out-of-bounds access.\n// So make string length less than 4096.\n\\#define STRLEN 4093\n\nvoid generate_string(char *str, int n)\n{\n int i;\n for (i = 0; i \u003c n; ++i)\n {\n char c = i % 26 + \u0027a\u0027;\n str[i] = c;\n }\n str[n-1] = \u0027\\0\u0027;\n}\n\nvoid print_string(char *str)\n{\n printf(\"%s\\n\", str);\n}\n\nint main()\n{\n char tmp[STRLEN];\n\n generate_string(tmp, STRLEN);\n print_string(tmp);\n\n return 0;\n}\n```\n3. compile program\n`gcc -o test test.c`\n\n4. get the offset of `print_string()`\n```\nobjdump -t test | grep -w print_string\n0000000000401199 g F .text 000000000000001b print_string\n```\n\n5. configure uprobe with offset 0x1199\n```\noff=0x1199\n\ncd /sys/kernel/debug/tracing/\necho \"p /root/test:${off} arg1=+0(%di):ustring arg2=\\$comm arg3=+0(%di):ustring\"\n \u003e uprobe_events\necho 1 \u003e events/uprobes/enable\necho 1 \u003e tracing_on\n```\n\n6. run `test`, and kasan will report error.\n==================================================================\nBUG: KASAN: use-after-free in strncpy_from_user+0x1d6/0x1f0\nWrite of size 8 at addr ffff88812311c004 by task test/499CPU: 0 UID: 0 PID: 499 Comm: test Not tainted 6.12.0-rc3+ #18\nHardware name: Red Hat KVM, BIOS 1.16.0-4.al8 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x55/0x70\n print_address_description.constprop.0+0x27/0x310\n kasan_report+0x10f/0x120\n ? strncpy_from_user+0x1d6/0x1f0\n strncpy_from_user+0x1d6/0x1f0\n ? rmqueue.constprop.0+0x70d/0x2ad0\n process_fetch_insn+0xb26/0x1470\n ? __pfx_process_fetch_insn+0x10/0x10\n ? _raw_spin_lock+0x85/0xe0\n ? __pfx__raw_spin_lock+0x10/0x10\n ? __pte_offset_map+0x1f/0x2d0\n ? unwind_next_frame+0xc5f/0x1f80\n ? arch_stack_walk+0x68/0xf0\n ? is_bpf_text_address+0x23/0x30\n ? kernel_text_address.part.0+0xbb/0xd0\n ? __kernel_text_address+0x66/0xb0\n ? unwind_get_return_address+0x5e/0xa0\n ? __pfx_stack_trace_consume_entry+0x10/0x10\n ? arch_stack_walk+0xa2/0xf0\n ? _raw_spin_lock_irqsave+0x8b/0xf0\n ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n ? depot_alloc_stack+0x4c/0x1f0\n ? _raw_spin_unlock_irqrestore+0xe/0x30\n ? stack_depot_save_flags+0x35d/0x4f0\n ? kasan_save_stack+0x34/0x50\n ? kasan_save_stack+0x24/0x50\n ? mutex_lock+0x91/0xe0\n ? __pfx_mutex_lock+0x10/0x10\n prepare_uprobe_buffer.part.0+0x2cd/0x500\n uprobe_dispatcher+0x2c3/0x6a0\n ? __pfx_uprobe_dispatcher+0x10/0x10\n ? __kasan_slab_alloc+0x4d/0x90\n handler_chain+0xdd/0x3e0\n handle_swbp+0x26e/0x3d0\n ? __pfx_handle_swbp+0x10/0x10\n ? uprobe_pre_sstep_notifier+0x151/0x1b0\n irqentry_exit_to_user_mode+0xe2/0x1b0\n asm_exc_int3+0x39/0x40\nRIP: 0033:0x401199\nCode: 01 c2 0f b6 45 fb 88 02 83 45 fc 01 8b 45 fc 3b 45 e4 7c b7 8b 45 e4 48 98 48 8d 50 ff 48 8b 45 e8 48 01 d0 ce\nRSP: 002b:00007ffdf00576a8 EFLAGS: 00000206\nRAX: 00007ffdf00576b0 RBX: 0000000000000000 RCX: 0000000000000ff2\nRDX: 0000000000000ffc RSI: 0000000000000ffd RDI: 00007ffdf00576b0\nRBP: 00007ffdf00586b0 R08: 00007feb2f9c0d20 R09: 00007feb2f9c0d20\nR10: 0000000000000001 R11: 0000000000000202 R12: 0000000000401040\nR13: 00007ffdf0058780 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\nThis commit enforces the buffer\u0027s maxlen less than a page-size to avoid\nstore_trace_args() out-of-memory access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50067",
"url": "https://www.suse.com/security/cve/CVE-2024-50067"
},
{
"category": "external",
"summary": "SUSE Bug 1232416 for CVE-2024-50067",
"url": "https://bugzilla.suse.com/1232416"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50067"
},
{
"cve": "CVE-2024-50069",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50069"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: apple: check devm_kasprintf() returned value\n\ndevm_kasprintf() can return a NULL pointer on failure but this returned\nvalue is not checked. Fix this lack and check the returned value.\n\nFound by code review.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50069",
"url": "https://www.suse.com/security/cve/CVE-2024-50069"
},
{
"category": "external",
"summary": "SUSE Bug 1232511 for CVE-2024-50069",
"url": "https://bugzilla.suse.com/1232511"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50069"
},
{
"cve": "CVE-2024-50073",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50073"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: Fix use-after-free in gsm_cleanup_mux\n\nBUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0\ndrivers/tty/n_gsm.c:3160 [n_gsm]\nRead of size 8 at addr ffff88815fe99c00 by task poc/3379\nCPU: 0 UID: 0 PID: 3379 Comm: poc Not tainted 6.11.0+ #56\nHardware name: VMware, Inc. VMware Virtual Platform/440BX\nDesktop Reference Platform, BIOS 6.00 11/12/2020\nCall Trace:\n \u003cTASK\u003e\n gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n __pfx_gsm_cleanup_mux+0x10/0x10 drivers/tty/n_gsm.c:3124 [n_gsm]\n __pfx_sched_clock_cpu+0x10/0x10 kernel/sched/clock.c:389\n update_load_avg+0x1c1/0x27b0 kernel/sched/fair.c:4500\n __pfx_min_vruntime_cb_rotate+0x10/0x10 kernel/sched/fair.c:846\n __rb_insert_augmented+0x492/0xbf0 lib/rbtree.c:161\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n _raw_spin_lock_irqsave+0x92/0xf0 arch/x86/include/asm/atomic.h:107\n __pfx_gsmld_ioctl+0x10/0x10 drivers/tty/n_gsm.c:3822 [n_gsm]\n ktime_get+0x5e/0x140 kernel/time/timekeeping.c:195\n ldsem_down_read+0x94/0x4e0 arch/x86/include/asm/atomic64_64.h:79\n __pfx_ldsem_down_read+0x10/0x10 drivers/tty/tty_ldsem.c:338\n __pfx_do_vfs_ioctl+0x10/0x10 fs/ioctl.c:805\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\nAllocated by task 65:\n gsm_data_alloc.constprop.0+0x27/0x190 drivers/tty/n_gsm.c:926 [n_gsm]\n gsm_send+0x2c/0x580 drivers/tty/n_gsm.c:819 [n_gsm]\n gsm1_receive+0x547/0xad0 drivers/tty/n_gsm.c:3038 [n_gsm]\n gsmld_receive_buf+0x176/0x280 drivers/tty/n_gsm.c:3609 [n_gsm]\n tty_ldisc_receive_buf+0x101/0x1e0 drivers/tty/tty_buffer.c:391\n tty_port_default_receive_buf+0x61/0xa0 drivers/tty/tty_port.c:39\n flush_to_ldisc+0x1b0/0x750 drivers/tty/tty_buffer.c:445\n process_scheduled_works+0x2b0/0x10d0 kernel/workqueue.c:3229\n worker_thread+0x3dc/0x950 kernel/workqueue.c:3391\n kthread+0x2a3/0x370 kernel/kthread.c:389\n ret_from_fork+0x2d/0x70 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:257\n\nFreed by task 3367:\n kfree+0x126/0x420 mm/slub.c:4580\n gsm_cleanup_mux+0x36c/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\n[Analysis]\ngsm_msg on the tx_ctrl_list or tx_data_list of gsm_mux\ncan be freed by multi threads through ioctl,which leads\nto the occurrence of uaf. Protect it by gsm tx lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50073",
"url": "https://www.suse.com/security/cve/CVE-2024-50073"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50073",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232520 for CVE-2024-50073",
"url": "https://bugzilla.suse.com/1232520"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-50073"
},
{
"cve": "CVE-2024-50074",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50074"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nparport: Proper fix for array out-of-bounds access\n\nThe recent fix for array out-of-bounds accesses replaced sprintf()\ncalls blindly with snprintf(). However, since snprintf() returns the\nwould-be-printed size, not the actually output size, the length\ncalculation can still go over the given limit.\n\nUse scnprintf() instead of snprintf(), which returns the actually\noutput letters, for addressing the potential out-of-bounds access\nproperly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50074",
"url": "https://www.suse.com/security/cve/CVE-2024-50074"
},
{
"category": "external",
"summary": "SUSE Bug 1232507 for CVE-2024-50074",
"url": "https://bugzilla.suse.com/1232507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50074"
},
{
"cve": "CVE-2024-50075",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50075"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: tegra: fix checked USB2 port number\n\nIf USB virtualizatoin is enabled, USB2 ports are shared between all\nVirtual Functions. The USB2 port number owned by an USB2 root hub in\na Virtual Function may be less than total USB2 phy number supported\nby the Tegra XUSB controller.\n\nUsing total USB2 phy number as port number to check all PORTSC values\nwould cause invalid memory access.\n\n[ 116.923438] Unable to handle kernel paging request at virtual address 006c622f7665642f\n...\n[ 117.213640] Call trace:\n[ 117.216783] tegra_xusb_enter_elpg+0x23c/0x658\n[ 117.222021] tegra_xusb_runtime_suspend+0x40/0x68\n[ 117.227260] pm_generic_runtime_suspend+0x30/0x50\n[ 117.232847] __rpm_callback+0x84/0x3c0\n[ 117.237038] rpm_suspend+0x2dc/0x740\n[ 117.241229] pm_runtime_work+0xa0/0xb8\n[ 117.245769] process_scheduled_works+0x24c/0x478\n[ 117.251007] worker_thread+0x23c/0x328\n[ 117.255547] kthread+0x104/0x1b0\n[ 117.259389] ret_from_fork+0x10/0x20\n[ 117.263582] Code: 54000222 f9461ae8 f8747908 b4ffff48 (f9400100)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50075",
"url": "https://www.suse.com/security/cve/CVE-2024-50075"
},
{
"category": "external",
"summary": "SUSE Bug 1232506 for CVE-2024-50075",
"url": "https://bugzilla.suse.com/1232506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50075"
},
{
"cve": "CVE-2024-50076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50076"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvt: prevent kernel-infoleak in con_font_get()\n\nfont.data may not initialize all memory spaces depending on the implementation\nof vc-\u003evc_sw-\u003econ_font_get. This may cause info-leak, so to prevent this, it\nis safest to modify it to initialize the allocated memory space to 0, and it\ngenerally does not affect the overall performance of the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50076",
"url": "https://www.suse.com/security/cve/CVE-2024-50076"
},
{
"category": "external",
"summary": "SUSE Bug 1232505 for CVE-2024-50076",
"url": "https://bugzilla.suse.com/1232505"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50076"
},
{
"cve": "CVE-2024-50077",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50077"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: ISO: Fix multiple init when debugfs is disabled\n\nIf bt_debugfs is not created successfully, which happens if either\nCONFIG_DEBUG_FS or CONFIG_DEBUG_FS_ALLOW_ALL is unset, then iso_init()\nreturns early and does not set iso_inited to true. This means that a\nsubsequent call to iso_init() will result in duplicate calls to\nproto_register(), bt_sock_register(), etc.\n\nWith CONFIG_LIST_HARDENED and CONFIG_BUG_ON_DATA_CORRUPTION enabled, the\nduplicate call to proto_register() triggers this BUG():\n\n list_add double add: new=ffffffffc0b280d0, prev=ffffffffbab56250,\n next=ffffffffc0b280d0.\n ------------[ cut here ]------------\n kernel BUG at lib/list_debug.c:35!\n Oops: invalid opcode: 0000 [#1] PREEMPT SMP PTI\n CPU: 2 PID: 887 Comm: bluetoothd Not tainted 6.10.11-1-ao-desktop #1\n RIP: 0010:__list_add_valid_or_report+0x9a/0xa0\n ...\n __list_add_valid_or_report+0x9a/0xa0\n proto_register+0x2b5/0x340\n iso_init+0x23/0x150 [bluetooth]\n set_iso_socket_func+0x68/0x1b0 [bluetooth]\n kmem_cache_free+0x308/0x330\n hci_sock_sendmsg+0x990/0x9e0 [bluetooth]\n __sock_sendmsg+0x7b/0x80\n sock_write_iter+0x9a/0x110\n do_iter_readv_writev+0x11d/0x220\n vfs_writev+0x180/0x3e0\n do_writev+0xca/0x100\n ...\n\nThis change removes the early return. The check for iso_debugfs being\nNULL was unnecessary, it is always NULL when iso_inited is false.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50077",
"url": "https://www.suse.com/security/cve/CVE-2024-50077"
},
{
"category": "external",
"summary": "SUSE Bug 1232504 for CVE-2024-50077",
"url": "https://bugzilla.suse.com/1232504"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50077"
},
{
"cve": "CVE-2024-50078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50078"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Call iso_exit() on module unload\n\nIf iso_init() has been called, iso_exit() must be called on module\nunload. Without that, the struct proto that iso_init() registered with\nproto_register() becomes invalid, which could cause unpredictable\nproblems later. In my case, with CONFIG_LIST_HARDENED and\nCONFIG_BUG_ON_DATA_CORRUPTION enabled, loading the module again usually\ntriggers this BUG():\n\n list_add corruption. next-\u003eprev should be prev (ffffffffb5355fd0),\n but was 0000000000000068. (next=ffffffffc0a010d0).\n ------------[ cut here ]------------\n kernel BUG at lib/list_debug.c:29!\n Oops: invalid opcode: 0000 [#1] PREEMPT SMP PTI\n CPU: 1 PID: 4159 Comm: modprobe Not tainted 6.10.11-4+bt2-ao-desktop #1\n RIP: 0010:__list_add_valid_or_report+0x61/0xa0\n ...\n __list_add_valid_or_report+0x61/0xa0\n proto_register+0x299/0x320\n hci_sock_init+0x16/0xc0 [bluetooth]\n bt_init+0x68/0xd0 [bluetooth]\n __pfx_bt_init+0x10/0x10 [bluetooth]\n do_one_initcall+0x80/0x2f0\n do_init_module+0x8b/0x230\n __do_sys_init_module+0x15f/0x190\n do_syscall_64+0x68/0x110\n ...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50078",
"url": "https://www.suse.com/security/cve/CVE-2024-50078"
},
{
"category": "external",
"summary": "SUSE Bug 1232503 for CVE-2024-50078",
"url": "https://bugzilla.suse.com/1232503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50078"
},
{
"cve": "CVE-2024-50080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50080"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nublk: don\u0027t allow user copy for unprivileged device\n\nUBLK_F_USER_COPY requires userspace to call write() on ublk char\ndevice for filling request buffer, and unprivileged device can\u0027t\nbe trusted.\n\nSo don\u0027t allow user copy for unprivileged device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50080",
"url": "https://www.suse.com/security/cve/CVE-2024-50080"
},
{
"category": "external",
"summary": "SUSE Bug 1232502 for CVE-2024-50080",
"url": "https://bugzilla.suse.com/1232502"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50080"
},
{
"cve": "CVE-2024-50081",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50081"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-mq: setup queue -\u003etag_set before initializing hctx\n\nCommit 7b815817aa58 (\"blk-mq: add helper for checking if one CPU is mapped to specified hctx\")\nneeds to check queue mapping via tag set in hctx\u0027s cpuhp handler.\n\nHowever, q-\u003etag_set may not be setup yet when the cpuhp handler is\nenabled, then kernel oops is triggered.\n\nFix the issue by setup queue tag_set before initializing hctx.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50081",
"url": "https://www.suse.com/security/cve/CVE-2024-50081"
},
{
"category": "external",
"summary": "SUSE Bug 1232501 for CVE-2024-50081",
"url": "https://bugzilla.suse.com/1232501"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50081"
},
{
"cve": "CVE-2024-50082",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50082"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race\n\nWe\u0027re seeing crashes from rq_qos_wake_function that look like this:\n\n BUG: unable to handle page fault for address: ffffafe180a40084\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 100000067 P4D 100000067 PUD 10027c067 PMD 10115d067 PTE 0\n Oops: Oops: 0002 [#1] PREEMPT SMP PTI\n CPU: 17 UID: 0 PID: 0 Comm: swapper/17 Not tainted 6.12.0-rc3-00013-geca631b8fe80 #11\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\n RIP: 0010:_raw_spin_lock_irqsave+0x1d/0x40\n Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 9c 41 5c fa 65 ff 05 62 97 30 4c 31 c0 ba 01 00 00 00 \u003cf0\u003e 0f b1 17 75 0a 4c 89 e0 41 5c c3 cc cc cc cc 89 c6 e8 2c 0b 00\n RSP: 0018:ffffafe180580ca0 EFLAGS: 00010046\n RAX: 0000000000000000 RBX: ffffafe180a3f7a8 RCX: 0000000000000011\n RDX: 0000000000000001 RSI: 0000000000000003 RDI: ffffafe180a40084\n RBP: 0000000000000000 R08: 00000000001e7240 R09: 0000000000000011\n R10: 0000000000000028 R11: 0000000000000888 R12: 0000000000000002\n R13: ffffafe180a40084 R14: 0000000000000000 R15: 0000000000000003\n FS: 0000000000000000(0000) GS:ffff9aaf1f280000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: ffffafe180a40084 CR3: 000000010e428002 CR4: 0000000000770ef0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cIRQ\u003e\n try_to_wake_up+0x5a/0x6a0\n rq_qos_wake_function+0x71/0x80\n __wake_up_common+0x75/0xa0\n __wake_up+0x36/0x60\n scale_up.part.0+0x50/0x110\n wb_timer_fn+0x227/0x450\n ...\n\nSo rq_qos_wake_function() calls wake_up_process(data-\u003etask), which calls\ntry_to_wake_up(), which faults in raw_spin_lock_irqsave(\u0026p-\u003epi_lock).\n\np comes from data-\u003etask, and data comes from the waitqueue entry, which\nis stored on the waiter\u0027s stack in rq_qos_wait(). Analyzing the core\ndump with drgn, I found that the waiter had already woken up and moved\non to a completely unrelated code path, clobbering what was previously\ndata-\u003etask. Meanwhile, the waker was passing the clobbered garbage in\ndata-\u003etask to wake_up_process(), leading to the crash.\n\nWhat\u0027s happening is that in between rq_qos_wake_function() deleting the\nwaitqueue entry and calling wake_up_process(), rq_qos_wait() is finding\nthat it already got a token and returning. The race looks like this:\n\nrq_qos_wait() rq_qos_wake_function()\n==============================================================\nprepare_to_wait_exclusive()\n data-\u003egot_token = true;\n list_del_init(\u0026curr-\u003eentry);\nif (data.got_token)\n break;\nfinish_wait(\u0026rqw-\u003ewait, \u0026data.wq);\n ^- returns immediately because\n list_empty_careful(\u0026wq_entry-\u003eentry)\n is true\n... return, go do something else ...\n wake_up_process(data-\u003etask)\n (NO LONGER VALID!)-^\n\nNormally, finish_wait() is supposed to synchronize against the waker.\nBut, as noted above, it is returning immediately because the waitqueue\nentry has already been removed from the waitqueue.\n\nThe bug is that rq_qos_wake_function() is accessing the waitqueue entry\nAFTER deleting it. Note that autoremove_wake_function() wakes the waiter\nand THEN deletes the waitqueue entry, which is the proper order.\n\nFix it by swapping the order. We also need to use\nlist_del_init_careful() to match the list_empty_careful() in\nfinish_wait().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50082",
"url": "https://www.suse.com/security/cve/CVE-2024-50082"
},
{
"category": "external",
"summary": "SUSE Bug 1232500 for CVE-2024-50082",
"url": "https://bugzilla.suse.com/1232500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50082"
},
{
"cve": "CVE-2024-50084",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50084"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test()\n\nCommit a3c1e45156ad (\"net: microchip: vcap: Fix use-after-free error in\nkunit test\") fixed the use-after-free error, but introduced below\nmemory leaks by removing necessary vcap_free_rule(), add it to fix it.\n\n\tunreferenced object 0xffffff80ca58b700 (size 192):\n\t comm \"kunit_try_catch\", pid 1215, jiffies 4294898264\n\t hex dump (first 32 bytes):\n\t 00 12 7a 00 05 00 00 00 0a 00 00 00 64 00 00 00 ..z.........d...\n\t 00 00 00 00 00 00 00 00 00 04 0b cc 80 ff ff ff ................\n\t backtrace (crc 9c09c3fe):\n\t [\u003c0000000052a0be73\u003e] kmemleak_alloc+0x34/0x40\n\t [\u003c0000000043605459\u003e] __kmalloc_cache_noprof+0x26c/0x2f4\n\t [\u003c0000000040a01b8d\u003e] vcap_alloc_rule+0x3cc/0x9c4\n\t [\u003c000000003fe86110\u003e] vcap_api_encode_rule_test+0x1ac/0x16b0\n\t [\u003c00000000b3595fc4\u003e] kunit_try_run_case+0x13c/0x3ac\n\t [\u003c0000000010f5d2bf\u003e] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t [\u003c00000000c5d82c9a\u003e] kthread+0x2e8/0x374\n\t [\u003c00000000f4287308\u003e] ret_from_fork+0x10/0x20\n\tunreferenced object 0xffffff80cc0b0400 (size 64):\n\t comm \"kunit_try_catch\", pid 1215, jiffies 4294898265\n\t hex dump (first 32 bytes):\n\t 80 04 0b cc 80 ff ff ff 18 b7 58 ca 80 ff ff ff ..........X.....\n\t 39 00 00 00 02 00 00 00 06 05 04 03 02 01 ff ff 9...............\n\t backtrace (crc daf014e9):\n\t [\u003c0000000052a0be73\u003e] kmemleak_alloc+0x34/0x40\n\t [\u003c0000000043605459\u003e] __kmalloc_cache_noprof+0x26c/0x2f4\n\t [\u003c000000000ff63fd4\u003e] vcap_rule_add_key+0x2cc/0x528\n\t [\u003c00000000dfdb1e81\u003e] vcap_api_encode_rule_test+0x224/0x16b0\n\t [\u003c00000000b3595fc4\u003e] kunit_try_run_case+0x13c/0x3ac\n\t [\u003c0000000010f5d2bf\u003e] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t [\u003c00000000c5d82c9a\u003e] kthread+0x2e8/0x374\n\t [\u003c00000000f4287308\u003e] ret_from_fork+0x10/0x20\n\tunreferenced object 0xffffff80cc0b0700 (size 64):\n\t comm \"kunit_try_catch\", pid 1215, jiffies 4294898265\n\t hex dump (first 32 bytes):\n\t 80 07 0b cc 80 ff ff ff 28 b7 58 ca 80 ff ff ff ........(.X.....\n\t 3c 00 00 00 00 00 00 00 01 2f 03 b3 ec ff ff ff \u003c......../......\n\t backtrace (crc 8d877792):\n\t [\u003c0000000052a0be73\u003e] kmemleak_alloc+0x34/0x40\n\t [\u003c0000000043605459\u003e] __kmalloc_cache_noprof+0x26c/0x2f4\n\t [\u003c000000006eadfab7\u003e] vcap_rule_add_action+0x2d0/0x52c\n\t [\u003c00000000323475d1\u003e] vcap_api_encode_rule_test+0x4d4/0x16b0\n\t [\u003c00000000b3595fc4\u003e] kunit_try_run_case+0x13c/0x3ac\n\t [\u003c0000000010f5d2bf\u003e] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t [\u003c00000000c5d82c9a\u003e] kthread+0x2e8/0x374\n\t [\u003c00000000f4287308\u003e] ret_from_fork+0x10/0x20\n\tunreferenced object 0xffffff80cc0b0900 (size 64):\n\t comm \"kunit_try_catch\", pid 1215, jiffies 4294898266\n\t hex dump (first 32 bytes):\n\t 80 09 0b cc 80 ff ff ff 80 06 0b cc 80 ff ff ff ................\n\t 7d 00 00 00 01 00 00 00 00 00 00 00 ff 00 00 00 }...............\n\t backtrace (crc 34181e56):\n\t [\u003c0000000052a0be73\u003e] kmemleak_alloc+0x34/0x40\n\t [\u003c0000000043605459\u003e] __kmalloc_cache_noprof+0x26c/0x2f4\n\t [\u003c000000000ff63fd4\u003e] vcap_rule_add_key+0x2cc/0x528\n\t [\u003c00000000991e3564\u003e] vcap_val_rule+0xcf0/0x13e8\n\t [\u003c00000000fc9868e5\u003e] vcap_api_encode_rule_test+0x678/0x16b0\n\t [\u003c00000000b3595fc4\u003e] kunit_try_run_case+0x13c/0x3ac\n\t [\u003c0000000010f5d2bf\u003e] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t [\u003c00000000c5d82c9a\u003e] kthread+0x2e8/0x374\n\t [\u003c00000000f4287308\u003e] ret_from_fork+0x10/0x20\n\tunreferenced object 0xffffff80cc0b0980 (size 64):\n\t comm \"kunit_try_catch\", pid 1215, jiffies 4294898266\n\t hex dump (first 32 bytes):\n\t 18 b7 58 ca 80 ff ff ff 00 09 0b cc 80 ff ff ff ..X.............\n\t 67 00 00 00 00 00 00 00 01 01 74 88 c0 ff ff ff g.........t.....\n\t backtrace (crc 275fd9be):\n\t [\u003c0000000052a0be73\u003e] kmemleak_alloc+0x34/0x40\n\t [\u003c0000000043605459\u003e] __kmalloc_cache_noprof+0x26c/0x2f4\n\t [\u003c000000000ff63fd4\u003e] vcap_rule_add_key+0x2cc/0x528\n\t [\u003c000000001396a1a2\u003e] test_add_de\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50084",
"url": "https://www.suse.com/security/cve/CVE-2024-50084"
},
{
"category": "external",
"summary": "SUSE Bug 1232494 for CVE-2024-50084",
"url": "https://bugzilla.suse.com/1232494"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50084"
},
{
"cve": "CVE-2024-50087",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50087"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix uninitialized pointer free on read_alloc_one_name() error\n\nThe function read_alloc_one_name() does not initialize the name field of\nthe passed fscrypt_str struct if kmalloc fails to allocate the\ncorresponding buffer. Thus, it is not guaranteed that\nfscrypt_str.name is initialized when freeing it.\n\nThis is a follow-up to the linked patch that fixes the remaining\ninstances of the bug introduced by commit e43eec81c516 (\"btrfs: use\nstruct qstr instead of name and namelen pairs\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50087",
"url": "https://www.suse.com/security/cve/CVE-2024-50087"
},
{
"category": "external",
"summary": "SUSE Bug 1232499 for CVE-2024-50087",
"url": "https://bugzilla.suse.com/1232499"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50087"
},
{
"cve": "CVE-2024-50088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50088"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix uninitialized pointer free in add_inode_ref()\n\nThe add_inode_ref() function does not initialize the \"name\" struct when\nit is declared. If any of the following calls to \"read_one_inode()\nreturns NULL,\n\n\tdir = read_one_inode(root, parent_objectid);\n\tif (!dir) {\n\t\tret = -ENOENT;\n\t\tgoto out;\n\t}\n\n\tinode = read_one_inode(root, inode_objectid);\n\tif (!inode) {\n\t\tret = -EIO;\n\t\tgoto out;\n\t}\n\nthen \"name.name\" would be freed on \"out\" before being initialized.\n\nout:\n\t...\n\tkfree(name.name);\n\nThis issue was reported by Coverity with CID 1526744.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50088",
"url": "https://www.suse.com/security/cve/CVE-2024-50088"
},
{
"category": "external",
"summary": "SUSE Bug 1232498 for CVE-2024-50088",
"url": "https://bugzilla.suse.com/1232498"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50088"
},
{
"cve": "CVE-2024-50089",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50089"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50089",
"url": "https://www.suse.com/security/cve/CVE-2024-50089"
},
{
"category": "external",
"summary": "SUSE Bug 1232860 for CVE-2024-50089",
"url": "https://bugzilla.suse.com/1232860"
},
{
"category": "external",
"summary": "SUSE Bug 1233250 for CVE-2024-50089",
"url": "https://bugzilla.suse.com/1233250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-50089"
},
{
"cve": "CVE-2024-50093",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50093"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: intel: int340x: processor: Fix warning during module unload\n\nThe processor_thermal driver uses pcim_device_enable() to enable a PCI\ndevice, which means the device will be automatically disabled on driver\ndetach. Thus there is no need to call pci_disable_device() again on it.\n\nWith recent PCI device resource management improvements, e.g. commit\nf748a07a0b64 (\"PCI: Remove legacy pcim_release()\"), this problem is\nexposed and triggers the warining below.\n\n [ 224.010735] proc_thermal_pci 0000:00:04.0: disabling already-disabled device\n [ 224.010747] WARNING: CPU: 8 PID: 4442 at drivers/pci/pci.c:2250 pci_disable_device+0xe5/0x100\n ...\n [ 224.010844] Call Trace:\n [ 224.010845] \u003cTASK\u003e\n [ 224.010847] ? show_regs+0x6d/0x80\n [ 224.010851] ? __warn+0x8c/0x140\n [ 224.010854] ? pci_disable_device+0xe5/0x100\n [ 224.010856] ? report_bug+0x1c9/0x1e0\n [ 224.010859] ? handle_bug+0x46/0x80\n [ 224.010862] ? exc_invalid_op+0x1d/0x80\n [ 224.010863] ? asm_exc_invalid_op+0x1f/0x30\n [ 224.010867] ? pci_disable_device+0xe5/0x100\n [ 224.010869] ? pci_disable_device+0xe5/0x100\n [ 224.010871] ? kfree+0x21a/0x2b0\n [ 224.010873] pcim_disable_device+0x20/0x30\n [ 224.010875] devm_action_release+0x16/0x20\n [ 224.010878] release_nodes+0x47/0xc0\n [ 224.010880] devres_release_all+0x9f/0xe0\n [ 224.010883] device_unbind_cleanup+0x12/0x80\n [ 224.010885] device_release_driver_internal+0x1ca/0x210\n [ 224.010887] driver_detach+0x4e/0xa0\n [ 224.010889] bus_remove_driver+0x6f/0xf0\n [ 224.010890] driver_unregister+0x35/0x60\n [ 224.010892] pci_unregister_driver+0x44/0x90\n [ 224.010894] proc_thermal_pci_driver_exit+0x14/0x5f0 [processor_thermal_device_pci]\n ...\n [ 224.010921] ---[ end trace 0000000000000000 ]---\n\nRemove the excess pci_disable_device() calls.\n\n[ rjw: Subject and changelog edits ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50093",
"url": "https://www.suse.com/security/cve/CVE-2024-50093"
},
{
"category": "external",
"summary": "SUSE Bug 1232877 for CVE-2024-50093",
"url": "https://bugzilla.suse.com/1232877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50093"
},
{
"cve": "CVE-2024-50095",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50095"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mad: Improve handling of timed out WRs of mad agent\n\nCurrent timeout handler of mad agent acquires/releases mad_agent_priv\nlock for every timed out WRs. This causes heavy locking contention\nwhen higher no. of WRs are to be handled inside timeout handler.\n\nThis leads to softlockup with below trace in some use cases where\nrdma-cm path is used to establish connection between peer nodes\n\nTrace:\n-----\n BUG: soft lockup - CPU#4 stuck for 26s! [kworker/u128:3:19767]\n CPU: 4 PID: 19767 Comm: kworker/u128:3 Kdump: loaded Tainted: G OE\n ------- --- 5.14.0-427.13.1.el9_4.x86_64 #1\n Hardware name: Dell Inc. PowerEdge R740/01YM03, BIOS 2.4.8 11/26/2019\n Workqueue: ib_mad1 timeout_sends [ib_core]\n RIP: 0010:__do_softirq+0x78/0x2ac\n RSP: 0018:ffffb253449e4f98 EFLAGS: 00000246\n RAX: 00000000ffffffff RBX: 0000000000000000 RCX: 000000000000001f\n RDX: 000000000000001d RSI: 000000003d1879ab RDI: fff363b66fd3a86b\n RBP: ffffb253604cbcd8 R08: 0000009065635f3b R09: 0000000000000000\n R10: 0000000000000040 R11: ffffb253449e4ff8 R12: 0000000000000000\n R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000040\n FS: 0000000000000000(0000) GS:ffff8caa1fc80000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fd9ec9db900 CR3: 0000000891934006 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cIRQ\u003e\n ? show_trace_log_lvl+0x1c4/0x2df\n ? show_trace_log_lvl+0x1c4/0x2df\n ? __irq_exit_rcu+0xa1/0xc0\n ? watchdog_timer_fn+0x1b2/0x210\n ? __pfx_watchdog_timer_fn+0x10/0x10\n ? __hrtimer_run_queues+0x127/0x2c0\n ? hrtimer_interrupt+0xfc/0x210\n ? __sysvec_apic_timer_interrupt+0x5c/0x110\n ? sysvec_apic_timer_interrupt+0x37/0x90\n ? asm_sysvec_apic_timer_interrupt+0x16/0x20\n ? __do_softirq+0x78/0x2ac\n ? __do_softirq+0x60/0x2ac\n __irq_exit_rcu+0xa1/0xc0\n sysvec_call_function_single+0x72/0x90\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_sysvec_call_function_single+0x16/0x20\n RIP: 0010:_raw_spin_unlock_irq+0x14/0x30\n RSP: 0018:ffffb253604cbd88 EFLAGS: 00000247\n RAX: 000000000001960d RBX: 0000000000000002 RCX: ffff8cad2a064800\n RDX: 000000008020001b RSI: 0000000000000001 RDI: ffff8cad5d39f66c\n RBP: ffff8cad5d39f600 R08: 0000000000000001 R09: 0000000000000000\n R10: ffff8caa443e0c00 R11: ffffb253604cbcd8 R12: ffff8cacb8682538\n R13: 0000000000000005 R14: ffffb253604cbd90 R15: ffff8cad5d39f66c\n cm_process_send_error+0x122/0x1d0 [ib_cm]\n timeout_sends+0x1dd/0x270 [ib_core]\n process_one_work+0x1e2/0x3b0\n ? __pfx_worker_thread+0x10/0x10\n worker_thread+0x50/0x3a0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xdd/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x29/0x50\n \u003c/TASK\u003e\n\nSimplified timeout handler by creating local list of timed out WRs\nand invoke send handler post creating the list. The new method acquires/\nreleases lock once to fetch the list and hence helps to reduce locking\ncontetiong when processing higher no. of WRs",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50095",
"url": "https://www.suse.com/security/cve/CVE-2024-50095"
},
{
"category": "external",
"summary": "SUSE Bug 1232873 for CVE-2024-50095",
"url": "https://bugzilla.suse.com/1232873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50095"
},
{
"cve": "CVE-2024-50096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50096"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error\n\nThe `nouveau_dmem_copy_one` function ensures that the copy push command is\nsent to the device firmware but does not track whether it was executed\nsuccessfully.\n\nIn the case of a copy error (e.g., firmware or hardware failure), the\ncopy push command will be sent via the firmware channel, and\n`nouveau_dmem_copy_one` will likely report success, leading to the\n`migrate_to_ram` function returning a dirty HIGH_USER page to the user.\n\nThis can result in a security vulnerability, as a HIGH_USER page that may\ncontain sensitive or corrupted data could be returned to the user.\n\nTo prevent this vulnerability, we allocate a zero page. Thus, in case of\nan error, a non-dirty (zero) page will be returned to the user.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50096",
"url": "https://www.suse.com/security/cve/CVE-2024-50096"
},
{
"category": "external",
"summary": "SUSE Bug 1232870 for CVE-2024-50096",
"url": "https://bugzilla.suse.com/1232870"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50096"
},
{
"cve": "CVE-2024-50098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50098"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down\n\nThere is a history of deadlock if reboot is performed at the beginning\nof booting. SDEV_QUIESCE was set for all LU\u0027s scsi_devices by UFS\nshutdown, and at that time the audio driver was waiting on\nblk_mq_submit_bio() holding a mutex_lock while reading the fw binary.\nAfter that, a deadlock issue occurred while audio driver shutdown was\nwaiting for mutex_unlock of blk_mq_submit_bio(). To solve this, set\nSDEV_OFFLINE for all LUs except WLUN, so that any I/O that comes down\nafter a UFS shutdown will return an error.\n\n[ 31.907781]I[0: swapper/0: 0] 1 130705007 1651079834 11289729804 0 D( 2) 3 ffffff882e208000 * init [device_shutdown]\n[ 31.907793]I[0: swapper/0: 0] Mutex: 0xffffff8849a2b8b0: owner[0xffffff882e28cb00 kworker/6:0 :49]\n[ 31.907806]I[0: swapper/0: 0] Call trace:\n[ 31.907810]I[0: swapper/0: 0] __switch_to+0x174/0x338\n[ 31.907819]I[0: swapper/0: 0] __schedule+0x5ec/0x9cc\n[ 31.907826]I[0: swapper/0: 0] schedule+0x7c/0xe8\n[ 31.907834]I[0: swapper/0: 0] schedule_preempt_disabled+0x24/0x40\n[ 31.907842]I[0: swapper/0: 0] __mutex_lock+0x408/0xdac\n[ 31.907849]I[0: swapper/0: 0] __mutex_lock_slowpath+0x14/0x24\n[ 31.907858]I[0: swapper/0: 0] mutex_lock+0x40/0xec\n[ 31.907866]I[0: swapper/0: 0] device_shutdown+0x108/0x280\n[ 31.907875]I[0: swapper/0: 0] kernel_restart+0x4c/0x11c\n[ 31.907883]I[0: swapper/0: 0] __arm64_sys_reboot+0x15c/0x280\n[ 31.907890]I[0: swapper/0: 0] invoke_syscall+0x70/0x158\n[ 31.907899]I[0: swapper/0: 0] el0_svc_common+0xb4/0xf4\n[ 31.907909]I[0: swapper/0: 0] do_el0_svc+0x2c/0xb0\n[ 31.907918]I[0: swapper/0: 0] el0_svc+0x34/0xe0\n[ 31.907928]I[0: swapper/0: 0] el0t_64_sync_handler+0x68/0xb4\n[ 31.907937]I[0: swapper/0: 0] el0t_64_sync+0x1a0/0x1a4\n\n[ 31.908774]I[0: swapper/0: 0] 49 0 11960702 11236868007 0 D( 2) 6 ffffff882e28cb00 * kworker/6:0 [__bio_queue_enter]\n[ 31.908783]I[0: swapper/0: 0] Call trace:\n[ 31.908788]I[0: swapper/0: 0] __switch_to+0x174/0x338\n[ 31.908796]I[0: swapper/0: 0] __schedule+0x5ec/0x9cc\n[ 31.908803]I[0: swapper/0: 0] schedule+0x7c/0xe8\n[ 31.908811]I[0: swapper/0: 0] __bio_queue_enter+0xb8/0x178\n[ 31.908818]I[0: swapper/0: 0] blk_mq_submit_bio+0x194/0x67c\n[ 31.908827]I[0: swapper/0: 0] __submit_bio+0xb8/0x19c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50098",
"url": "https://www.suse.com/security/cve/CVE-2024-50098"
},
{
"category": "external",
"summary": "SUSE Bug 1232881 for CVE-2024-50098",
"url": "https://bugzilla.suse.com/1232881"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50098"
},
{
"cve": "CVE-2024-50099",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50099"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: probes: Remove broken LDR (literal) uprobe support\n\nThe simulate_ldr_literal() and simulate_ldrsw_literal() functions are\nunsafe to use for uprobes. Both functions were originally written for\nuse with kprobes, and access memory with plain C accesses. When uprobes\nwas added, these were reused unmodified even though they cannot safely\naccess user memory.\n\nThere are three key problems:\n\n1) The plain C accesses do not have corresponding extable entries, and\n thus if they encounter a fault the kernel will treat these as\n unintentional accesses to user memory, resulting in a BUG() which\n will kill the kernel thread, and likely lead to further issues (e.g.\n lockup or panic()).\n\n2) The plain C accesses are subject to HW PAN and SW PAN, and so when\n either is in use, any attempt to simulate an access to user memory\n will fault. Thus neither simulate_ldr_literal() nor\n simulate_ldrsw_literal() can do anything useful when simulating a\n user instruction on any system with HW PAN or SW PAN.\n\n3) The plain C accesses are privileged, as they run in kernel context,\n and in practice can access a small range of kernel virtual addresses.\n The instructions they simulate have a range of +/-1MiB, and since the\n simulated instructions must itself be a user instructions in the\n TTBR0 address range, these can address the final 1MiB of the TTBR1\n acddress range by wrapping downwards from an address in the first\n 1MiB of the TTBR0 address range.\n\n In contemporary kernels the last 8MiB of TTBR1 address range is\n reserved, and accesses to this will always fault, meaning this is no\n worse than (1).\n\n Historically, it was theoretically possible for the linear map or\n vmemmap to spill into the final 8MiB of the TTBR1 address range, but\n in practice this is extremely unlikely to occur as this would\n require either:\n\n * Having enough physical memory to fill the entire linear map all the\n way to the final 1MiB of the TTBR1 address range.\n\n * Getting unlucky with KASLR randomization of the linear map such\n that the populated region happens to overlap with the last 1MiB of\n the TTBR address range.\n\n ... and in either case if we were to spill into the final page there\n would be larger problems as the final page would alias with error\n pointers.\n\nPractically speaking, (1) and (2) are the big issues. Given there have\nbeen no reports of problems since the broken code was introduced, it\nappears that no-one is relying on probing these instructions with\nuprobes.\n\nAvoid these issues by not allowing uprobes on LDR (literal) and LDRSW\n(literal), limiting the use of simulate_ldr_literal() and\nsimulate_ldrsw_literal() to kprobes. Attempts to place uprobes on LDR\n(literal) and LDRSW (literal) will be rejected as\narm_probe_decode_insn() will return INSN_REJECTED. In future we can\nconsider introducing working uprobes support for these instructions, but\nthis will require more significant work.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50099",
"url": "https://www.suse.com/security/cve/CVE-2024-50099"
},
{
"category": "external",
"summary": "SUSE Bug 1232887 for CVE-2024-50099",
"url": "https://bugzilla.suse.com/1232887"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50099"
},
{
"cve": "CVE-2024-50100",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50100"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: dummy-hcd: Fix \"task hung\" problem\n\nThe syzbot fuzzer has been encountering \"task hung\" problems ever\nsince the dummy-hcd driver was changed to use hrtimers instead of\nregular timers. It turns out that the problems are caused by a subtle\ndifference between the timer_pending() and hrtimer_active() APIs.\n\nThe changeover blindly replaced the first by the second. However,\ntimer_pending() returns True when the timer is queued but not when its\ncallback is running, whereas hrtimer_active() returns True when the\nhrtimer is queued _or_ its callback is running. This difference\noccasionally caused dummy_urb_enqueue() to think that the callback\nroutine had not yet started when in fact it was almost finished. As a\nresult the hrtimer was not restarted, which made it impossible for the\ndriver to dequeue later the URB that was just enqueued. This caused\nusb_kill_urb() to hang, and things got worse from there.\n\nSince hrtimers have no API for telling when they are queued and the\ncallback isn\u0027t running, the driver must keep track of this for itself.\nThat\u0027s what this patch does, adding a new \"timer_pending\" flag and\nsetting or clearing it at the appropriate times.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50100",
"url": "https://www.suse.com/security/cve/CVE-2024-50100"
},
{
"category": "external",
"summary": "SUSE Bug 1232876 for CVE-2024-50100",
"url": "https://bugzilla.suse.com/1232876"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50100"
},
{
"cve": "CVE-2024-50101",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50101"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices\n\nPreviously, the domain_context_clear() function incorrectly called\npci_for_each_dma_alias() to set up context entries for non-PCI devices.\nThis could lead to kernel hangs or other unexpected behavior.\n\nAdd a check to only call pci_for_each_dma_alias() for PCI devices. For\nnon-PCI devices, domain_context_clear_one() is called directly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50101",
"url": "https://www.suse.com/security/cve/CVE-2024-50101"
},
{
"category": "external",
"summary": "SUSE Bug 1232869 for CVE-2024-50101",
"url": "https://bugzilla.suse.com/1232869"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50101"
},
{
"cve": "CVE-2024-50102",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50102"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86: fix user address masking non-canonical speculation issue\n\nIt turns out that AMD has a \"Meltdown Lite(tm)\" issue with non-canonical\naccesses in kernel space. And so using just the high bit to decide\nwhether an access is in user space or kernel space ends up with the good\nold \"leak speculative data\" if you have the right gadget using the\nresult:\n\n CVE-2020-12965 \"Transient Execution of Non-Canonical Accesses\"\n\nNow, the kernel surrounds the access with a STAC/CLAC pair, and those\ninstructions end up serializing execution on older Zen architectures,\nwhich closes the speculation window.\n\nBut that was true only up until Zen 5, which renames the AC bit [1].\nThat improves performance of STAC/CLAC a lot, but also means that the\nspeculation window is now open.\n\nNote that this affects not just the new address masking, but also the\nregular valid_user_address() check used by access_ok(), and the asm\nversion of the sign bit check in the get_user() helpers.\n\nIt does not affect put_user() or clear_user() variants, since there\u0027s no\nspeculative result to be used in a gadget for those operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50102",
"url": "https://www.suse.com/security/cve/CVE-2024-50102"
},
{
"category": "external",
"summary": "SUSE Bug 1232880 for CVE-2024-50102",
"url": "https://bugzilla.suse.com/1232880"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50102"
},
{
"cve": "CVE-2024-50103",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50103"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe()\n\nA devm_kzalloc() in asoc_qcom_lpass_cpu_platform_probe() could\npossibly return NULL pointer. NULL Pointer Dereference may be\ntriggerred without addtional check.\nAdd a NULL check for the returned pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50103",
"url": "https://www.suse.com/security/cve/CVE-2024-50103"
},
{
"category": "external",
"summary": "SUSE Bug 1232878 for CVE-2024-50103",
"url": "https://bugzilla.suse.com/1232878"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50103"
},
{
"cve": "CVE-2024-50108",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50108"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Disable PSR-SU on Parade 08-01 TCON too\n\nStuart Hayhurst has found that both at bootup and fullscreen VA-API video\nis leading to black screens for around 1 second and kernel WARNING [1] traces\nwhen calling dmub_psr_enable() with Parade 08-01 TCON.\n\nThese symptoms all go away with PSR-SU disabled for this TCON, so disable\nit for now while DMUB traces [2] from the failure can be analyzed and the failure\nstate properly root caused.\n\n(cherry picked from commit afb634a6823d8d9db23c5fb04f79c5549349628b)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50108",
"url": "https://www.suse.com/security/cve/CVE-2024-50108"
},
{
"category": "external",
"summary": "SUSE Bug 1232884 for CVE-2024-50108",
"url": "https://bugzilla.suse.com/1232884"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50108"
},
{
"cve": "CVE-2024-50110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50110"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: fix one more kernel-infoleak in algo dumping\n\nDuring fuzz testing, the following issue was discovered:\n\nBUG: KMSAN: kernel-infoleak in _copy_to_iter+0x598/0x2a30\n _copy_to_iter+0x598/0x2a30\n __skb_datagram_iter+0x168/0x1060\n skb_copy_datagram_iter+0x5b/0x220\n netlink_recvmsg+0x362/0x1700\n sock_recvmsg+0x2dc/0x390\n __sys_recvfrom+0x381/0x6d0\n __x64_sys_recvfrom+0x130/0x200\n x64_sys_call+0x32c8/0x3cc0\n do_syscall_64+0xd8/0x1c0\n entry_SYSCALL_64_after_hwframe+0x79/0x81\n\nUninit was stored to memory at:\n copy_to_user_state_extra+0xcc1/0x1e00\n dump_one_state+0x28c/0x5f0\n xfrm_state_walk+0x548/0x11e0\n xfrm_dump_sa+0x1e0/0x840\n netlink_dump+0x943/0x1c40\n __netlink_dump_start+0x746/0xdb0\n xfrm_user_rcv_msg+0x429/0xc00\n netlink_rcv_skb+0x613/0x780\n xfrm_netlink_rcv+0x77/0xc0\n netlink_unicast+0xe90/0x1280\n netlink_sendmsg+0x126d/0x1490\n __sock_sendmsg+0x332/0x3d0\n ____sys_sendmsg+0x863/0xc30\n ___sys_sendmsg+0x285/0x3e0\n __x64_sys_sendmsg+0x2d6/0x560\n x64_sys_call+0x1316/0x3cc0\n do_syscall_64+0xd8/0x1c0\n entry_SYSCALL_64_after_hwframe+0x79/0x81\n\nUninit was created at:\n __kmalloc+0x571/0xd30\n attach_auth+0x106/0x3e0\n xfrm_add_sa+0x2aa0/0x4230\n xfrm_user_rcv_msg+0x832/0xc00\n netlink_rcv_skb+0x613/0x780\n xfrm_netlink_rcv+0x77/0xc0\n netlink_unicast+0xe90/0x1280\n netlink_sendmsg+0x126d/0x1490\n __sock_sendmsg+0x332/0x3d0\n ____sys_sendmsg+0x863/0xc30\n ___sys_sendmsg+0x285/0x3e0\n __x64_sys_sendmsg+0x2d6/0x560\n x64_sys_call+0x1316/0x3cc0\n do_syscall_64+0xd8/0x1c0\n entry_SYSCALL_64_after_hwframe+0x79/0x81\n\nBytes 328-379 of 732 are uninitialized\nMemory access of size 732 starts at ffff88800e18e000\nData copied to user address 00007ff30f48aff0\n\nCPU: 2 PID: 18167 Comm: syz-executor.0 Not tainted 6.8.11 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n\nFixes copying of xfrm algorithms where some random\ndata of the structure fields can end up in userspace.\nPadding in structures may be filled with random (possibly sensitve)\ndata and should never be given directly to user-space.\n\nA similar issue was resolved in the commit\n8222d5910dae (\"xfrm: Zero padding when dumping algos and encap\")\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50110",
"url": "https://www.suse.com/security/cve/CVE-2024-50110"
},
{
"category": "external",
"summary": "SUSE Bug 1232885 for CVE-2024-50110",
"url": "https://bugzilla.suse.com/1232885"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50110"
},
{
"cve": "CVE-2024-50115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50115"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory\n\nIgnore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits\n4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn\u0027t\nenforce 32-byte alignment of nCR3.\n\nIn the absolute worst case scenario, failure to ignore bits 4:0 can result\nin an out-of-bounds read, e.g. if the target page is at the end of a\nmemslot, and the VMM isn\u0027t using guard pages.\n\nPer the APM:\n\n The CR3 register points to the base address of the page-directory-pointer\n table. The page-directory-pointer table is aligned on a 32-byte boundary,\n with the low 5 address bits 4:0 assumed to be 0.\n\nAnd the SDM\u0027s much more explicit:\n\n 4:0 Ignored\n\nNote, KVM gets this right when loading PDPTRs, it\u0027s only the nSVM flow\nthat is broken.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50115",
"url": "https://www.suse.com/security/cve/CVE-2024-50115"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232919 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "external",
"summary": "SUSE Bug 1233019 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1233019"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-50115"
},
{
"cve": "CVE-2024-50116",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50116"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix kernel bug due to missing clearing of buffer delay flag\n\nSyzbot reported that after nilfs2 reads a corrupted file system image\nand degrades to read-only, the BUG_ON check for the buffer delay flag\nin submit_bh_wbc() may fail, causing a kernel bug.\n\nThis is because the buffer delay flag is not cleared when clearing the\nbuffer state flags to discard a page/folio or a buffer head. So, fix\nthis.\n\nThis became necessary when the use of nilfs2\u0027s own page clear routine\nwas expanded. This state inconsistency does not occur if the buffer\nis written normally by log writing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50116",
"url": "https://www.suse.com/security/cve/CVE-2024-50116"
},
{
"category": "external",
"summary": "SUSE Bug 1232892 for CVE-2024-50116",
"url": "https://bugzilla.suse.com/1232892"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50116"
},
{
"cve": "CVE-2024-50117",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50117"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd: Guard against bad data for ATIF ACPI method\n\nIf a BIOS provides bad data in response to an ATIF method call\nthis causes a NULL pointer dereference in the caller.\n\n```\n? show_regs (arch/x86/kernel/dumpstack.c:478 (discriminator 1))\n? __die (arch/x86/kernel/dumpstack.c:423 arch/x86/kernel/dumpstack.c:434)\n? page_fault_oops (arch/x86/mm/fault.c:544 (discriminator 2) arch/x86/mm/fault.c:705 (discriminator 2))\n? do_user_addr_fault (arch/x86/mm/fault.c:440 (discriminator 1) arch/x86/mm/fault.c:1232 (discriminator 1))\n? acpi_ut_update_object_reference (drivers/acpi/acpica/utdelete.c:642)\n? exc_page_fault (arch/x86/mm/fault.c:1542)\n? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:623)\n? amdgpu_atif_query_backlight_caps.constprop.0 (drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c:387 (discriminator 2)) amdgpu\n? amdgpu_atif_query_backlight_caps.constprop.0 (drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c:386 (discriminator 1)) amdgpu\n```\n\nIt has been encountered on at least one system, so guard for it.\n\n(cherry picked from commit c9b7c809b89f24e9372a4e7f02d64c950b07fdee)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50117",
"url": "https://www.suse.com/security/cve/CVE-2024-50117"
},
{
"category": "external",
"summary": "SUSE Bug 1232897 for CVE-2024-50117",
"url": "https://bugzilla.suse.com/1232897"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50117"
},
{
"cve": "CVE-2024-50121",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50121"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net\n\nIn the normal case, when we excute `echo 0 \u003e /proc/fs/nfsd/threads`, the\nfunction `nfs4_state_destroy_net` in `nfs4_state_shutdown_net` will\nrelease all resources related to the hashed `nfs4_client`. If the\n`nfsd_client_shrinker` is running concurrently, the `expire_client`\nfunction will first unhash this client and then destroy it. This can\nlead to the following warning. Additionally, numerous use-after-free\nerrors may occur as well.\n\nnfsd_client_shrinker echo 0 \u003e /proc/fs/nfsd/threads\n\nexpire_client nfsd_shutdown_net\n unhash_client ...\n nfs4_state_shutdown_net\n /* won\u0027t wait shrinker exit */\n /* cancel_work(\u0026nn-\u003enfsd_shrinker_work)\n * nfsd_file for this /* won\u0027t destroy unhashed client1 */\n * client1 still alive nfs4_state_destroy_net\n */\n\n nfsd_file_cache_shutdown\n /* trigger warning */\n kmem_cache_destroy(nfsd_file_slab)\n kmem_cache_destroy(nfsd_file_mark_slab)\n /* release nfsd_file and mark */\n __destroy_client\n\n====================================================================\nBUG nfsd_file (Not tainted): Objects remaining in nfsd_file on\n__kmem_cache_shutdown()\n--------------------------------------------------------------------\nCPU: 4 UID: 0 PID: 764 Comm: sh Not tainted 6.12.0-rc3+ #1\n\n dump_stack_lvl+0x53/0x70\n slab_err+0xb0/0xf0\n __kmem_cache_shutdown+0x15c/0x310\n kmem_cache_destroy+0x66/0x160\n nfsd_file_cache_shutdown+0xac/0x210 [nfsd]\n nfsd_destroy_serv+0x251/0x2a0 [nfsd]\n nfsd_svc+0x125/0x1e0 [nfsd]\n write_threads+0x16a/0x2a0 [nfsd]\n nfsctl_transaction_write+0x74/0xa0 [nfsd]\n vfs_write+0x1a5/0x6d0\n ksys_write+0xc1/0x160\n do_syscall_64+0x5f/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n====================================================================\nBUG nfsd_file_mark (Tainted: G B W ): Objects remaining\nnfsd_file_mark on __kmem_cache_shutdown()\n--------------------------------------------------------------------\n\n dump_stack_lvl+0x53/0x70\n slab_err+0xb0/0xf0\n __kmem_cache_shutdown+0x15c/0x310\n kmem_cache_destroy+0x66/0x160\n nfsd_file_cache_shutdown+0xc8/0x210 [nfsd]\n nfsd_destroy_serv+0x251/0x2a0 [nfsd]\n nfsd_svc+0x125/0x1e0 [nfsd]\n write_threads+0x16a/0x2a0 [nfsd]\n nfsctl_transaction_write+0x74/0xa0 [nfsd]\n vfs_write+0x1a5/0x6d0\n ksys_write+0xc1/0x160\n do_syscall_64+0x5f/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nTo resolve this issue, cancel `nfsd_shrinker_work` using synchronous\nmode in nfs4_state_shutdown_net.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50121",
"url": "https://www.suse.com/security/cve/CVE-2024-50121"
},
{
"category": "external",
"summary": "SUSE Bug 1232925 for CVE-2024-50121",
"url": "https://bugzilla.suse.com/1232925"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50121"
},
{
"cve": "CVE-2024-50124",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50124"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: ISO: Fix UAF on iso_sock_timeout\n\nconn-\u003esk maybe have been unlinked/freed while waiting for iso_conn_lock\nso this checks if the conn-\u003esk is still valid by checking if it part of\niso_sk_list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50124",
"url": "https://www.suse.com/security/cve/CVE-2024-50124"
},
{
"category": "external",
"summary": "SUSE Bug 1232926 for CVE-2024-50124",
"url": "https://bugzilla.suse.com/1232926"
},
{
"category": "external",
"summary": "SUSE Bug 1232927 for CVE-2024-50124",
"url": "https://bugzilla.suse.com/1232927"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-50124"
},
{
"cve": "CVE-2024-50125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50125"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: SCO: Fix UAF on sco_sock_timeout\n\nconn-\u003esk maybe have been unlinked/freed while waiting for sco_conn_lock\nso this checks if the conn-\u003esk is still valid by checking if it part of\nsco_sk_list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50125",
"url": "https://www.suse.com/security/cve/CVE-2024-50125"
},
{
"category": "external",
"summary": "SUSE Bug 1232928 for CVE-2024-50125",
"url": "https://bugzilla.suse.com/1232928"
},
{
"category": "external",
"summary": "SUSE Bug 1232929 for CVE-2024-50125",
"url": "https://bugzilla.suse.com/1232929"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-50125"
},
{
"cve": "CVE-2024-50127",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50127"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix use-after-free in taprio_change()\n\nIn \u0027taprio_change()\u0027, \u0027admin\u0027 pointer may become dangling due to sched\nswitch / removal caused by \u0027advance_sched()\u0027, and critical section\nprotected by \u0027q-\u003ecurrent_entry_lock\u0027 is too small to prevent from such\na scenario (which causes use-after-free detected by KASAN). Fix this\nby prefer \u0027rcu_replace_pointer()\u0027 over \u0027rcu_assign_pointer()\u0027 to update\n\u0027admin\u0027 immediately before an attempt to schedule freeing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50127",
"url": "https://www.suse.com/security/cve/CVE-2024-50127"
},
{
"category": "external",
"summary": "SUSE Bug 1232907 for CVE-2024-50127",
"url": "https://bugzilla.suse.com/1232907"
},
{
"category": "external",
"summary": "SUSE Bug 1232908 for CVE-2024-50127",
"url": "https://bugzilla.suse.com/1232908"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-50127"
},
{
"cve": "CVE-2024-50128",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50128"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: wwan: fix global oob in wwan_rtnl_policy\n\nThe variable wwan_rtnl_link_ops assign a *bigger* maxtype which leads to\na global out-of-bounds read when parsing the netlink attributes. Exactly\nsame bug cause as the oob fixed in commit b33fb5b801c6 (\"net: qualcomm:\nrmnet: fix global oob in rmnet_policy\").\n\n==================================================================\nBUG: KASAN: global-out-of-bounds in validate_nla lib/nlattr.c:388 [inline]\nBUG: KASAN: global-out-of-bounds in __nla_validate_parse+0x19d7/0x29a0 lib/nlattr.c:603\nRead of size 1 at addr ffffffff8b09cb60 by task syz.1.66276/323862\n\nCPU: 0 PID: 323862 Comm: syz.1.66276 Not tainted 6.1.70 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x177/0x231 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:284 [inline]\n print_report+0x14f/0x750 mm/kasan/report.c:395\n kasan_report+0x139/0x170 mm/kasan/report.c:495\n validate_nla lib/nlattr.c:388 [inline]\n __nla_validate_parse+0x19d7/0x29a0 lib/nlattr.c:603\n __nla_parse+0x3c/0x50 lib/nlattr.c:700\n nla_parse_nested_deprecated include/net/netlink.h:1269 [inline]\n __rtnl_newlink net/core/rtnetlink.c:3514 [inline]\n rtnl_newlink+0x7bc/0x1fd0 net/core/rtnetlink.c:3623\n rtnetlink_rcv_msg+0x794/0xef0 net/core/rtnetlink.c:6122\n netlink_rcv_skb+0x1de/0x420 net/netlink/af_netlink.c:2508\n netlink_unicast_kernel net/netlink/af_netlink.c:1326 [inline]\n netlink_unicast+0x74b/0x8c0 net/netlink/af_netlink.c:1352\n netlink_sendmsg+0x882/0xb90 net/netlink/af_netlink.c:1874\n sock_sendmsg_nosec net/socket.c:716 [inline]\n __sock_sendmsg net/socket.c:728 [inline]\n ____sys_sendmsg+0x5cc/0x8f0 net/socket.c:2499\n ___sys_sendmsg+0x21c/0x290 net/socket.c:2553\n __sys_sendmsg net/socket.c:2582 [inline]\n __do_sys_sendmsg net/socket.c:2591 [inline]\n __se_sys_sendmsg+0x19e/0x270 net/socket.c:2589\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x45/0x90 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7f67b19a24ad\nRSP: 002b:00007f67b17febb8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f67b1b45f80 RCX: 00007f67b19a24ad\nRDX: 0000000000000000 RSI: 0000000020005e40 RDI: 0000000000000004\nRBP: 00007f67b1a1e01d R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007ffd2513764f R14: 00007ffd251376e0 R15: 00007f67b17fed40\n \u003c/TASK\u003e\n\nThe buggy address belongs to the variable:\n wwan_rtnl_policy+0x20/0x40\n\nThe buggy address belongs to the physical page:\npage:ffffea00002c2700 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xb09c\nflags: 0xfff00000001000(reserved|node=0|zone=1|lastcpupid=0x7ff)\nraw: 00fff00000001000 ffffea00002c2708 ffffea00002c2708 0000000000000000\nraw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner info is not present (never set?)\n\nMemory state around the buggy address:\n ffffffff8b09ca00: 05 f9 f9 f9 05 f9 f9 f9 00 01 f9 f9 00 01 f9 f9\n ffffffff8b09ca80: 00 00 00 05 f9 f9 f9 f9 00 00 03 f9 f9 f9 f9 f9\n\u003effffffff8b09cb00: 00 00 00 00 05 f9 f9 f9 00 00 00 00 f9 f9 f9 f9\n ^\n ffffffff8b09cb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n==================================================================\n\nAccording to the comment of `nla_parse_nested_deprecated`, use correct size\n`IFLA_WWAN_MAX` here to fix this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50128",
"url": "https://www.suse.com/security/cve/CVE-2024-50128"
},
{
"category": "external",
"summary": "SUSE Bug 1232905 for CVE-2024-50128",
"url": "https://bugzilla.suse.com/1232905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50128"
},
{
"cve": "CVE-2024-50130",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50130"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: bpf: must hold reference on net namespace\n\nBUG: KASAN: slab-use-after-free in __nf_unregister_net_hook+0x640/0x6b0\nRead of size 8 at addr ffff8880106fe400 by task repro/72=\nbpf_nf_link_release+0xda/0x1e0\nbpf_link_free+0x139/0x2d0\nbpf_link_release+0x68/0x80\n__fput+0x414/0xb60\n\nEric says:\n It seems that bpf was able to defer the __nf_unregister_net_hook()\n after exit()/close() time.\n Perhaps a netns reference is missing, because the netns has been\n dismantled/freed already.\n bpf_nf_link_attach() does :\n link-\u003enet = net;\n But I do not see a reference being taken on net.\n\nAdd such a reference and release it after hook unreg.\nNote that I was unable to get syzbot reproducer to work, so I\ndo not know if this resolves this splat.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50130",
"url": "https://www.suse.com/security/cve/CVE-2024-50130"
},
{
"category": "external",
"summary": "SUSE Bug 1232894 for CVE-2024-50130",
"url": "https://bugzilla.suse.com/1232894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50130"
},
{
"cve": "CVE-2024-50131",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50131"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Consider the NULL character when validating the event length\n\nstrlen() returns a string length excluding the null byte. If the string\nlength equals to the maximum buffer length, the buffer will have no\nspace for the NULL terminating character.\n\nThis commit checks this condition and returns failure for it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50131",
"url": "https://www.suse.com/security/cve/CVE-2024-50131"
},
{
"category": "external",
"summary": "SUSE Bug 1232896 for CVE-2024-50131",
"url": "https://bugzilla.suse.com/1232896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50131"
},
{
"cve": "CVE-2024-50134",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50134"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA\n\nReplace the fake VLA at end of the vbva_mouse_pointer_shape shape with\na real VLA to fix a \"memcpy: detected field-spanning write error\" warning:\n\n[ 13.319813] memcpy: detected field-spanning write (size 16896) of single field \"p-\u003edata\" at drivers/gpu/drm/vboxvideo/hgsmi_base.c:154 (size 4)\n[ 13.319841] WARNING: CPU: 0 PID: 1105 at drivers/gpu/drm/vboxvideo/hgsmi_base.c:154 hgsmi_update_pointer_shape+0x192/0x1c0 [vboxvideo]\n[ 13.320038] Call Trace:\n[ 13.320173] hgsmi_update_pointer_shape [vboxvideo]\n[ 13.320184] vbox_cursor_atomic_update [vboxvideo]\n\nNote as mentioned in the added comment it seems the original length\ncalculation for the allocated and send hgsmi buffer is 4 bytes too large.\nChanging this is not the goal of this patch, so this behavior is kept.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50134",
"url": "https://www.suse.com/security/cve/CVE-2024-50134"
},
{
"category": "external",
"summary": "SUSE Bug 1232890 for CVE-2024-50134",
"url": "https://bugzilla.suse.com/1232890"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50134"
},
{
"cve": "CVE-2024-50135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50135"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: fix race condition between reset and nvme_dev_disable()\n\nnvme_dev_disable() modifies the dev-\u003eonline_queues field, therefore\nnvme_pci_update_nr_queues() should avoid racing against it, otherwise\nwe could end up passing invalid values to blk_mq_update_nr_hw_queues().\n\n WARNING: CPU: 39 PID: 61303 at drivers/pci/msi/api.c:347\n pci_irq_get_affinity+0x187/0x210\n Workqueue: nvme-reset-wq nvme_reset_work [nvme]\n RIP: 0010:pci_irq_get_affinity+0x187/0x210\n Call Trace:\n \u003cTASK\u003e\n ? blk_mq_pci_map_queues+0x87/0x3c0\n ? pci_irq_get_affinity+0x187/0x210\n blk_mq_pci_map_queues+0x87/0x3c0\n nvme_pci_map_queues+0x189/0x460 [nvme]\n blk_mq_update_nr_hw_queues+0x2a/0x40\n nvme_reset_work+0x1be/0x2a0 [nvme]\n\nFix the bug by locking the shutdown_lock mutex before using\ndev-\u003eonline_queues. Give up if nvme_dev_disable() is running or if\nit has been executed already.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50135",
"url": "https://www.suse.com/security/cve/CVE-2024-50135"
},
{
"category": "external",
"summary": "SUSE Bug 1232888 for CVE-2024-50135",
"url": "https://bugzilla.suse.com/1232888"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50135"
},
{
"cve": "CVE-2024-50136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50136"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Unregister notifier on eswitch init failure\n\nIt otherwise remains registered and a subsequent attempt at eswitch\nenabling might trigger warnings of the sort:\n\n[ 682.589148] ------------[ cut here ]------------\n[ 682.590204] notifier callback eswitch_vport_event [mlx5_core] already registered\n[ 682.590256] WARNING: CPU: 13 PID: 2660 at kernel/notifier.c:31 notifier_chain_register+0x3e/0x90\n[...snipped]\n[ 682.610052] Call Trace:\n[ 682.610369] \u003cTASK\u003e\n[ 682.610663] ? __warn+0x7c/0x110\n[ 682.611050] ? notifier_chain_register+0x3e/0x90\n[ 682.611556] ? report_bug+0x148/0x170\n[ 682.611977] ? handle_bug+0x36/0x70\n[ 682.612384] ? exc_invalid_op+0x13/0x60\n[ 682.612817] ? asm_exc_invalid_op+0x16/0x20\n[ 682.613284] ? notifier_chain_register+0x3e/0x90\n[ 682.613789] atomic_notifier_chain_register+0x25/0x40\n[ 682.614322] mlx5_eswitch_enable_locked+0x1d4/0x3b0 [mlx5_core]\n[ 682.614965] mlx5_eswitch_enable+0xc9/0x100 [mlx5_core]\n[ 682.615551] mlx5_device_enable_sriov+0x25/0x340 [mlx5_core]\n[ 682.616170] mlx5_core_sriov_configure+0x50/0x170 [mlx5_core]\n[ 682.616789] sriov_numvfs_store+0xb0/0x1b0\n[ 682.617248] kernfs_fop_write_iter+0x117/0x1a0\n[ 682.617734] vfs_write+0x231/0x3f0\n[ 682.618138] ksys_write+0x63/0xe0\n[ 682.618536] do_syscall_64+0x4c/0x100\n[ 682.618958] entry_SYSCALL_64_after_hwframe+0x4b/0x53",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50136",
"url": "https://www.suse.com/security/cve/CVE-2024-50136"
},
{
"category": "external",
"summary": "SUSE Bug 1232914 for CVE-2024-50136",
"url": "https://bugzilla.suse.com/1232914"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50136"
},
{
"cve": "CVE-2024-50138",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50138"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Use raw_spinlock_t in ringbuf\n\nThe function __bpf_ringbuf_reserve is invoked from a tracepoint, which\ndisables preemption. Using spinlock_t in this context can lead to a\n\"sleep in atomic\" warning in the RT variant. This issue is illustrated\nin the example below:\n\nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\nin_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 556208, name: test_progs\npreempt_count: 1, expected: 0\nRCU nest depth: 1, expected: 1\nINFO: lockdep is turned off.\nPreemption disabled at:\n[\u003cffffd33a5c88ea44\u003e] migrate_enable+0xc0/0x39c\nCPU: 7 PID: 556208 Comm: test_progs Tainted: G\nHardware name: Qualcomm SA8775P Ride (DT)\nCall trace:\n dump_backtrace+0xac/0x130\n show_stack+0x1c/0x30\n dump_stack_lvl+0xac/0xe8\n dump_stack+0x18/0x30\n __might_resched+0x3bc/0x4fc\n rt_spin_lock+0x8c/0x1a4\n __bpf_ringbuf_reserve+0xc4/0x254\n bpf_ringbuf_reserve_dynptr+0x5c/0xdc\n bpf_prog_ac3d15160d62622a_test_read_write+0x104/0x238\n trace_call_bpf+0x238/0x774\n perf_call_bpf_enter.isra.0+0x104/0x194\n perf_syscall_enter+0x2f8/0x510\n trace_sys_enter+0x39c/0x564\n syscall_trace_enter+0x220/0x3c0\n do_el0_svc+0x138/0x1dc\n el0_svc+0x54/0x130\n el0t_64_sync_handler+0x134/0x150\n el0t_64_sync+0x17c/0x180\n\nSwitch the spinlock to raw_spinlock_t to avoid this error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50138",
"url": "https://www.suse.com/security/cve/CVE-2024-50138"
},
{
"category": "external",
"summary": "SUSE Bug 1232935 for CVE-2024-50138",
"url": "https://bugzilla.suse.com/1232935"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50138"
},
{
"cve": "CVE-2024-50139",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50139"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Fix shift-out-of-bounds bug\n\nFix a shift-out-of-bounds bug reported by UBSAN when running\nVM with MTE enabled host kernel.\n\nUBSAN: shift-out-of-bounds in arch/arm64/kvm/sys_regs.c:1988:14\nshift exponent 33 is too large for 32-bit type \u0027int\u0027\nCPU: 26 UID: 0 PID: 7629 Comm: qemu-kvm Not tainted 6.12.0-rc2 #34\nHardware name: IEI NF5280R7/Mitchell MB, BIOS 00.00. 2024-10-12 09:28:54 10/14/2024\nCall trace:\n dump_backtrace+0xa0/0x128\n show_stack+0x20/0x38\n dump_stack_lvl+0x74/0x90\n dump_stack+0x18/0x28\n __ubsan_handle_shift_out_of_bounds+0xf8/0x1e0\n reset_clidr+0x10c/0x1c8\n kvm_reset_sys_regs+0x50/0x1c8\n kvm_reset_vcpu+0xec/0x2b0\n __kvm_vcpu_set_target+0x84/0x158\n kvm_vcpu_set_target+0x138/0x168\n kvm_arch_vcpu_ioctl_vcpu_init+0x40/0x2b0\n kvm_arch_vcpu_ioctl+0x28c/0x4b8\n kvm_vcpu_ioctl+0x4bc/0x7a8\n __arm64_sys_ioctl+0xb4/0x100\n invoke_syscall+0x70/0x100\n el0_svc_common.constprop.0+0x48/0xf0\n do_el0_svc+0x24/0x38\n el0_svc+0x3c/0x158\n el0t_64_sync_handler+0x120/0x130\n el0t_64_sync+0x194/0x198",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50139",
"url": "https://www.suse.com/security/cve/CVE-2024-50139"
},
{
"category": "external",
"summary": "SUSE Bug 1233062 for CVE-2024-50139",
"url": "https://bugzilla.suse.com/1233062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50139"
},
{
"cve": "CVE-2024-50141",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50141"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context\n\nPRMT needs to find the correct type of block to translate the PA-VA\nmapping for EFI runtime services.\n\nThe issue arises because the PRMT is finding a block of type\nEFI_CONVENTIONAL_MEMORY, which is not appropriate for runtime services\nas described in Section 2.2.2 (Runtime Services) of the UEFI\nSpecification [1]. Since the PRM handler is a type of runtime service,\nthis causes an exception when the PRM handler is called.\n\n [Firmware Bug]: Unable to handle paging request in EFI runtime service\n WARNING: CPU: 22 PID: 4330 at drivers/firmware/efi/runtime-wrappers.c:341\n __efi_queue_work+0x11c/0x170\n Call trace:\n\nLet PRMT find a block with EFI_MEMORY_RUNTIME for PRM handler and PRM\ncontext.\n\nIf no suitable block is found, a warning message will be printed, but\nthe procedure continues to manage the next PRM handler.\n\nHowever, if the PRM handler is actually called without proper allocation,\nit would result in a failure during error handling.\n\nBy using the correct memory types for runtime services, ensure that the\nPRM handler and the context are properly mapped in the virtual address\nspace during runtime, preventing the paging request error.\n\nThe issue is really that only memory that has been remapped for runtime\nby the firmware can be used by the PRM handler, and so the region needs\nto have the EFI_MEMORY_RUNTIME attribute.\n\n[ rjw: Subject and changelog edits ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50141",
"url": "https://www.suse.com/security/cve/CVE-2024-50141"
},
{
"category": "external",
"summary": "SUSE Bug 1233065 for CVE-2024-50141",
"url": "https://bugzilla.suse.com/1233065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50141"
},
{
"cve": "CVE-2024-50145",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50145"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteon_ep: Add SKB allocation failures handling in __octep_oq_process_rx()\n\nbuild_skb() returns NULL in case of a memory allocation failure so handle\nit inside __octep_oq_process_rx() to avoid NULL pointer dereference.\n\n__octep_oq_process_rx() is called during NAPI polling by the driver. If\nskb allocation fails, keep on pulling packets out of the Rx DMA queue: we\nshouldn\u0027t break the polling immediately and thus falsely indicate to the\noctep_napi_poll() that the Rx pressure is going down. As there is no\nassociated skb in this case, don\u0027t process the packets and don\u0027t push them\nup the network stack - they are skipped.\n\nHelper function is implemented to unmmap/flush all the fragment buffers\nused by the dropped packet. \u0027alloc_failures\u0027 counter is incremented to\nmark the skb allocation error in driver statistics.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50145",
"url": "https://www.suse.com/security/cve/CVE-2024-50145"
},
{
"category": "external",
"summary": "SUSE Bug 1233044 for CVE-2024-50145",
"url": "https://bugzilla.suse.com/1233044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50145"
},
{
"cve": "CVE-2024-50146",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50146"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Don\u0027t call cleanup on profile rollback failure\n\nWhen profile rollback fails in mlx5e_netdev_change_profile, the netdev\nprofile var is left set to NULL. Avoid a crash when unloading the driver\nby not calling profile-\u003ecleanup in such a case.\n\nThis was encountered while testing, with the original trigger that\nthe wq rescuer thread creation got interrupted (presumably due to\nCtrl+C-ing modprobe), which gets converted to ENOMEM (-12) by\nmlx5e_priv_init, the profile rollback also fails for the same reason\n(signal still active) so the profile is left as NULL, leading to a crash\nlater in _mlx5e_remove.\n\n [ 732.473932] mlx5_core 0000:08:00.1: E-Switch: Unload vfs: mode(OFFLOADS), nvfs(2), necvfs(0), active vports(2)\n [ 734.525513] workqueue: Failed to create a rescuer kthread for wq \"mlx5e\": -EINTR\n [ 734.557372] mlx5_core 0000:08:00.1: mlx5e_netdev_init_profile:6235:(pid 6086): mlx5e_priv_init failed, err=-12\n [ 734.559187] mlx5_core 0000:08:00.1 eth3: mlx5e_netdev_change_profile: new profile init failed, -12\n [ 734.560153] workqueue: Failed to create a rescuer kthread for wq \"mlx5e\": -EINTR\n [ 734.589378] mlx5_core 0000:08:00.1: mlx5e_netdev_init_profile:6235:(pid 6086): mlx5e_priv_init failed, err=-12\n [ 734.591136] mlx5_core 0000:08:00.1 eth3: mlx5e_netdev_change_profile: failed to rollback to orig profile, -12\n [ 745.537492] BUG: kernel NULL pointer dereference, address: 0000000000000008\n [ 745.538222] #PF: supervisor read access in kernel mode\n\u003csnipped\u003e\n [ 745.551290] Call Trace:\n [ 745.551590] \u003cTASK\u003e\n [ 745.551866] ? __die+0x20/0x60\n [ 745.552218] ? page_fault_oops+0x150/0x400\n [ 745.555307] ? exc_page_fault+0x79/0x240\n [ 745.555729] ? asm_exc_page_fault+0x22/0x30\n [ 745.556166] ? mlx5e_remove+0x6b/0xb0 [mlx5_core]\n [ 745.556698] auxiliary_bus_remove+0x18/0x30\n [ 745.557134] device_release_driver_internal+0x1df/0x240\n [ 745.557654] bus_remove_device+0xd7/0x140\n [ 745.558075] device_del+0x15b/0x3c0\n [ 745.558456] mlx5_rescan_drivers_locked.part.0+0xb1/0x2f0 [mlx5_core]\n [ 745.559112] mlx5_unregister_device+0x34/0x50 [mlx5_core]\n [ 745.559686] mlx5_uninit_one+0x46/0xf0 [mlx5_core]\n [ 745.560203] remove_one+0x4e/0xd0 [mlx5_core]\n [ 745.560694] pci_device_remove+0x39/0xa0\n [ 745.561112] device_release_driver_internal+0x1df/0x240\n [ 745.561631] driver_detach+0x47/0x90\n [ 745.562022] bus_remove_driver+0x84/0x100\n [ 745.562444] pci_unregister_driver+0x3b/0x90\n [ 745.562890] mlx5_cleanup+0xc/0x1b [mlx5_core]\n [ 745.563415] __x64_sys_delete_module+0x14d/0x2f0\n [ 745.563886] ? kmem_cache_free+0x1b0/0x460\n [ 745.564313] ? lockdep_hardirqs_on_prepare+0xe2/0x190\n [ 745.564825] do_syscall_64+0x6d/0x140\n [ 745.565223] entry_SYSCALL_64_after_hwframe+0x4b/0x53\n [ 745.565725] RIP: 0033:0x7f1579b1288b",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50146",
"url": "https://www.suse.com/security/cve/CVE-2024-50146"
},
{
"category": "external",
"summary": "SUSE Bug 1233056 for CVE-2024-50146",
"url": "https://bugzilla.suse.com/1233056"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50146"
},
{
"cve": "CVE-2024-50147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50147"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix command bitmask initialization\n\nCommand bitmask have a dedicated bit for MANAGE_PAGES command, this bit\nisn\u0027t Initialize during command bitmask Initialization, only during\nMANAGE_PAGES.\n\nIn addition, mlx5_cmd_trigger_completions() is trying to trigger\ncompletion for MANAGE_PAGES command as well.\n\nHence, in case health error occurred before any MANAGE_PAGES command\nhave been invoke (for example, during mlx5_enable_hca()),\nmlx5_cmd_trigger_completions() will try to trigger completion for\nMANAGE_PAGES command, which will result in null-ptr-deref error.[1]\n\nFix it by Initialize command bitmask correctly.\n\nWhile at it, re-write the code for better understanding.\n\n[1]\nBUG: KASAN: null-ptr-deref in mlx5_cmd_trigger_completions+0x1db/0x600 [mlx5_core]\nWrite of size 4 at addr 0000000000000214 by task kworker/u96:2/12078\nCPU: 10 PID: 12078 Comm: kworker/u96:2 Not tainted 6.9.0-rc2_for_upstream_debug_2024_04_07_19_01 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nWorkqueue: mlx5_health0000:08:00.0 mlx5_fw_fatal_reporter_err_work [mlx5_core]\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x7e/0xc0\n kasan_report+0xb9/0xf0\n kasan_check_range+0xec/0x190\n mlx5_cmd_trigger_completions+0x1db/0x600 [mlx5_core]\n mlx5_cmd_flush+0x94/0x240 [mlx5_core]\n enter_error_state+0x6c/0xd0 [mlx5_core]\n mlx5_fw_fatal_reporter_err_work+0xf3/0x480 [mlx5_core]\n process_one_work+0x787/0x1490\n ? lockdep_hardirqs_on_prepare+0x400/0x400\n ? pwq_dec_nr_in_flight+0xda0/0xda0\n ? assign_work+0x168/0x240\n worker_thread+0x586/0xd30\n ? rescuer_thread+0xae0/0xae0\n kthread+0x2df/0x3b0\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x2d/0x70\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50147",
"url": "https://www.suse.com/security/cve/CVE-2024-50147"
},
{
"category": "external",
"summary": "SUSE Bug 1233067 for CVE-2024-50147",
"url": "https://bugzilla.suse.com/1233067"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50147"
},
{
"cve": "CVE-2024-50148",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50148"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: bnep: fix wild-memory-access in proto_unregister\n\nThere\u0027s issue as follows:\n KASAN: maybe wild-memory-access in range [0xdead...108-0xdead...10f]\n CPU: 3 UID: 0 PID: 2805 Comm: rmmod Tainted: G W\n RIP: 0010:proto_unregister+0xee/0x400\n Call Trace:\n \u003cTASK\u003e\n __do_sys_delete_module+0x318/0x580\n do_syscall_64+0xc1/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nAs bnep_init() ignore bnep_sock_init()\u0027s return value, and bnep_sock_init()\nwill cleanup all resource. Then when remove bnep module will call\nbnep_sock_cleanup() to cleanup sock\u0027s resource.\nTo solve above issue just return bnep_sock_init()\u0027s return value in\nbnep_exit().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50148",
"url": "https://www.suse.com/security/cve/CVE-2024-50148"
},
{
"category": "external",
"summary": "SUSE Bug 1233063 for CVE-2024-50148",
"url": "https://bugzilla.suse.com/1233063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50148"
},
{
"cve": "CVE-2024-50150",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50150"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: altmode should keep reference to parent\n\nThe altmode device release refers to its parent device, but without keeping\na reference to it.\n\nWhen registering the altmode, get a reference to the parent and put it in\nthe release function.\n\nBefore this fix, when using CONFIG_DEBUG_KOBJECT_RELEASE, we see issues\nlike this:\n\n[ 43.572860] kobject: \u0027port0.0\u0027 (ffff8880057ba008): kobject_release, parent 0000000000000000 (delayed 3000)\n[ 43.573532] kobject: \u0027port0.1\u0027 (ffff8880057bd008): kobject_release, parent 0000000000000000 (delayed 1000)\n[ 43.574407] kobject: \u0027port0\u0027 (ffff8880057b9008): kobject_release, parent 0000000000000000 (delayed 3000)\n[ 43.575059] kobject: \u0027port1.0\u0027 (ffff8880057ca008): kobject_release, parent 0000000000000000 (delayed 4000)\n[ 43.575908] kobject: \u0027port1.1\u0027 (ffff8880057c9008): kobject_release, parent 0000000000000000 (delayed 4000)\n[ 43.576908] kobject: \u0027typec\u0027 (ffff8880062dbc00): kobject_release, parent 0000000000000000 (delayed 4000)\n[ 43.577769] kobject: \u0027port1\u0027 (ffff8880057bf008): kobject_release, parent 0000000000000000 (delayed 3000)\n[ 46.612867] ==================================================================\n[ 46.613402] BUG: KASAN: slab-use-after-free in typec_altmode_release+0x38/0x129\n[ 46.614003] Read of size 8 at addr ffff8880057b9118 by task kworker/2:1/48\n[ 46.614538]\n[ 46.614668] CPU: 2 UID: 0 PID: 48 Comm: kworker/2:1 Not tainted 6.12.0-rc1-00138-gedbae730ad31 #535\n[ 46.615391] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[ 46.616042] Workqueue: events kobject_delayed_cleanup\n[ 46.616446] Call Trace:\n[ 46.616648] \u003cTASK\u003e\n[ 46.616820] dump_stack_lvl+0x5b/0x7c\n[ 46.617112] ? typec_altmode_release+0x38/0x129\n[ 46.617470] print_report+0x14c/0x49e\n[ 46.617769] ? rcu_read_unlock_sched+0x56/0x69\n[ 46.618117] ? __virt_addr_valid+0x19a/0x1ab\n[ 46.618456] ? kmem_cache_debug_flags+0xc/0x1d\n[ 46.618807] ? typec_altmode_release+0x38/0x129\n[ 46.619161] kasan_report+0x8d/0xb4\n[ 46.619447] ? typec_altmode_release+0x38/0x129\n[ 46.619809] ? process_scheduled_works+0x3cb/0x85f\n[ 46.620185] typec_altmode_release+0x38/0x129\n[ 46.620537] ? process_scheduled_works+0x3cb/0x85f\n[ 46.620907] device_release+0xaf/0xf2\n[ 46.621206] kobject_delayed_cleanup+0x13b/0x17a\n[ 46.621584] process_scheduled_works+0x4f6/0x85f\n[ 46.621955] ? __pfx_process_scheduled_works+0x10/0x10\n[ 46.622353] ? hlock_class+0x31/0x9a\n[ 46.622647] ? lock_acquired+0x361/0x3c3\n[ 46.622956] ? move_linked_works+0x46/0x7d\n[ 46.623277] worker_thread+0x1ce/0x291\n[ 46.623582] ? __kthread_parkme+0xc8/0xdf\n[ 46.623900] ? __pfx_worker_thread+0x10/0x10\n[ 46.624236] kthread+0x17e/0x190\n[ 46.624501] ? kthread+0xfb/0x190\n[ 46.624756] ? __pfx_kthread+0x10/0x10\n[ 46.625015] ret_from_fork+0x20/0x40\n[ 46.625268] ? __pfx_kthread+0x10/0x10\n[ 46.625532] ret_from_fork_asm+0x1a/0x30\n[ 46.625805] \u003c/TASK\u003e\n[ 46.625953]\n[ 46.626056] Allocated by task 678:\n[ 46.626287] kasan_save_stack+0x24/0x44\n[ 46.626555] kasan_save_track+0x14/0x2d\n[ 46.626811] __kasan_kmalloc+0x3f/0x4d\n[ 46.627049] __kmalloc_noprof+0x1bf/0x1f0\n[ 46.627362] typec_register_port+0x23/0x491\n[ 46.627698] cros_typec_probe+0x634/0xbb6\n[ 46.628026] platform_probe+0x47/0x8c\n[ 46.628311] really_probe+0x20a/0x47d\n[ 46.628605] device_driver_attach+0x39/0x72\n[ 46.628940] bind_store+0x87/0xd7\n[ 46.629213] kernfs_fop_write_iter+0x1aa/0x218\n[ 46.629574] vfs_write+0x1d6/0x29b\n[ 46.629856] ksys_write+0xcd/0x13b\n[ 46.630128] do_syscall_64+0xd4/0x139\n[ 46.630420] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 46.630820]\n[ 46.630946] Freed by task 48:\n[ 46.631182] kasan_save_stack+0x24/0x44\n[ 46.631493] kasan_save_track+0x14/0x2d\n[ 46.631799] kasan_save_free_info+0x3f/0x4d\n[ 46.632144] __kasan_slab_free+0x37/0x45\n[ 46.632474]\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50150",
"url": "https://www.suse.com/security/cve/CVE-2024-50150"
},
{
"category": "external",
"summary": "SUSE Bug 1233051 for CVE-2024-50150",
"url": "https://bugzilla.suse.com/1233051"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50150"
},
{
"cve": "CVE-2024-50153",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50153"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: core: Fix null-ptr-deref in target_alloc_device()\n\nThere is a null-ptr-deref issue reported by KASAN:\n\nBUG: KASAN: null-ptr-deref in target_alloc_device+0xbc4/0xbe0 [target_core_mod]\n...\n kasan_report+0xb9/0xf0\n target_alloc_device+0xbc4/0xbe0 [target_core_mod]\n core_dev_setup_virtual_lun0+0xef/0x1f0 [target_core_mod]\n target_core_init_configfs+0x205/0x420 [target_core_mod]\n do_one_initcall+0xdd/0x4e0\n...\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nIn target_alloc_device(), if allocing memory for dev queues fails, then\ndev will be freed by dev-\u003etransport-\u003efree_device(), but dev-\u003etransport\nis not initialized at that time, which will lead to a null pointer\nreference problem.\n\nFixing this bug by freeing dev with hba-\u003ebackend-\u003eops-\u003efree_device().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50153",
"url": "https://www.suse.com/security/cve/CVE-2024-50153"
},
{
"category": "external",
"summary": "SUSE Bug 1233061 for CVE-2024-50153",
"url": "https://bugzilla.suse.com/1233061"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50153"
},
{
"cve": "CVE-2024-50154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50154"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp/dccp: Don\u0027t use timer_pending() in reqsk_queue_unlink().\n\nMartin KaFai Lau reported use-after-free [0] in reqsk_timer_handler().\n\n \"\"\"\n We are seeing a use-after-free from a bpf prog attached to\n trace_tcp_retransmit_synack. The program passes the req-\u003esk to the\n bpf_sk_storage_get_tracing kernel helper which does check for null\n before using it.\n \"\"\"\n\nThe commit 83fccfc3940c (\"inet: fix potential deadlock in\nreqsk_queue_unlink()\") added timer_pending() in reqsk_queue_unlink() not\nto call del_timer_sync() from reqsk_timer_handler(), but it introduced a\nsmall race window.\n\nBefore the timer is called, expire_timers() calls detach_timer(timer, true)\nto clear timer-\u003eentry.pprev and marks it as not pending.\n\nIf reqsk_queue_unlink() checks timer_pending() just after expire_timers()\ncalls detach_timer(), TCP will miss del_timer_sync(); the reqsk timer will\ncontinue running and send multiple SYN+ACKs until it expires.\n\nThe reported UAF could happen if req-\u003esk is close()d earlier than the timer\nexpiration, which is 63s by default.\n\nThe scenario would be\n\n 1. inet_csk_complete_hashdance() calls inet_csk_reqsk_queue_drop(),\n but del_timer_sync() is missed\n\n 2. reqsk timer is executed and scheduled again\n\n 3. req-\u003esk is accept()ed and reqsk_put() decrements rsk_refcnt, but\n reqsk timer still has another one, and inet_csk_accept() does not\n clear req-\u003esk for non-TFO sockets\n\n 4. sk is close()d\n\n 5. reqsk timer is executed again, and BPF touches req-\u003esk\n\nLet\u0027s not use timer_pending() by passing the caller context to\n__inet_csk_reqsk_queue_drop().\n\nNote that reqsk timer is pinned, so the issue does not happen in most\nuse cases. [1]\n\n[0]\nBUG: KFENCE: use-after-free read in bpf_sk_storage_get_tracing+0x2e/0x1b0\n\nUse-after-free read at 0x00000000a891fb3a (in kfence-#1):\nbpf_sk_storage_get_tracing+0x2e/0x1b0\nbpf_prog_5ea3e95db6da0438_tcp_retransmit_synack+0x1d20/0x1dda\nbpf_trace_run2+0x4c/0xc0\ntcp_rtx_synack+0xf9/0x100\nreqsk_timer_handler+0xda/0x3d0\nrun_timer_softirq+0x292/0x8a0\nirq_exit_rcu+0xf5/0x320\nsysvec_apic_timer_interrupt+0x6d/0x80\nasm_sysvec_apic_timer_interrupt+0x16/0x20\nintel_idle_irq+0x5a/0xa0\ncpuidle_enter_state+0x94/0x273\ncpu_startup_entry+0x15e/0x260\nstart_secondary+0x8a/0x90\nsecondary_startup_64_no_verify+0xfa/0xfb\n\nkfence-#1: 0x00000000a72cc7b6-0x00000000d97616d9, size=2376, cache=TCPv6\n\nallocated by task 0 on cpu 9 at 260507.901592s:\nsk_prot_alloc+0x35/0x140\nsk_clone_lock+0x1f/0x3f0\ninet_csk_clone_lock+0x15/0x160\ntcp_create_openreq_child+0x1f/0x410\ntcp_v6_syn_recv_sock+0x1da/0x700\ntcp_check_req+0x1fb/0x510\ntcp_v6_rcv+0x98b/0x1420\nipv6_list_rcv+0x2258/0x26e0\nnapi_complete_done+0x5b1/0x2990\nmlx5e_napi_poll+0x2ae/0x8d0\nnet_rx_action+0x13e/0x590\nirq_exit_rcu+0xf5/0x320\ncommon_interrupt+0x80/0x90\nasm_common_interrupt+0x22/0x40\ncpuidle_enter_state+0xfb/0x273\ncpu_startup_entry+0x15e/0x260\nstart_secondary+0x8a/0x90\nsecondary_startup_64_no_verify+0xfa/0xfb\n\nfreed by task 0 on cpu 9 at 260507.927527s:\nrcu_core_si+0x4ff/0xf10\nirq_exit_rcu+0xf5/0x320\nsysvec_apic_timer_interrupt+0x6d/0x80\nasm_sysvec_apic_timer_interrupt+0x16/0x20\ncpuidle_enter_state+0xfb/0x273\ncpu_startup_entry+0x15e/0x260\nstart_secondary+0x8a/0x90\nsecondary_startup_64_no_verify+0xfa/0xfb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50154",
"url": "https://www.suse.com/security/cve/CVE-2024-50154"
},
{
"category": "external",
"summary": "SUSE Bug 1233070 for CVE-2024-50154",
"url": "https://bugzilla.suse.com/1233070"
},
{
"category": "external",
"summary": "SUSE Bug 1233072 for CVE-2024-50154",
"url": "https://bugzilla.suse.com/1233072"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-50154"
},
{
"cve": "CVE-2024-50155",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50155"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetdevsim: use cond_resched() in nsim_dev_trap_report_work()\n\nI am still seeing many syzbot reports hinting that syzbot\nmight fool nsim_dev_trap_report_work() with hundreds of ports [1]\n\nLets use cond_resched(), and system_unbound_wq\ninstead of implicit system_wq.\n\n[1]\nINFO: task syz-executor:20633 blocked for more than 143 seconds.\n Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:syz-executor state:D stack:25856 pid:20633 tgid:20633 ppid:1 flags:0x00004006\n...\nNMI backtrace for cpu 1\nCPU: 1 UID: 0 PID: 16760 Comm: kworker/1:0 Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: events nsim_dev_trap_report_work\n RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70 kernel/kcov.c:210\nCode: 89 fb e8 23 00 00 00 48 8b 3d 04 fb 9c 0c 48 89 de 5b e9 c3 c7 5d 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 \u003cf3\u003e 0f 1e fa 48 8b 04 24 65 48 8b 0c 25 c0 d7 03 00 65 8b 15 60 f0\nRSP: 0018:ffffc90000a187e8 EFLAGS: 00000246\nRAX: 0000000000000100 RBX: ffffc90000a188e0 RCX: ffff888027d3bc00\nRDX: ffff888027d3bc00 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffff88804a2e6000 R08: ffffffff8a4bc495 R09: ffffffff89da3577\nR10: 0000000000000004 R11: ffffffff8a4bc2b0 R12: dffffc0000000000\nR13: ffff88806573b503 R14: dffffc0000000000 R15: ffff8880663cca00\nFS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fc90a747f98 CR3: 000000000e734000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 000000000000002b DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cNMI\u003e\n \u003c/NMI\u003e\n \u003cTASK\u003e\n __local_bh_enable_ip+0x1bb/0x200 kernel/softirq.c:382\n spin_unlock_bh include/linux/spinlock.h:396 [inline]\n nsim_dev_trap_report drivers/net/netdevsim/dev.c:820 [inline]\n nsim_dev_trap_report_work+0x75d/0xaa0 drivers/net/netdevsim/dev.c:850\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50155",
"url": "https://www.suse.com/security/cve/CVE-2024-50155"
},
{
"category": "external",
"summary": "SUSE Bug 1233035 for CVE-2024-50155",
"url": "https://bugzilla.suse.com/1233035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50155"
},
{
"cve": "CVE-2024-50156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50156"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: Avoid NULL dereference in msm_disp_state_print_regs()\n\nIf the allocation in msm_disp_state_dump_regs() failed then\n`block-\u003estate` can be NULL. The msm_disp_state_print_regs() function\n_does_ have code to try to handle it with:\n\n if (*reg)\n dump_addr = *reg;\n\n...but since \"dump_addr\" is initialized to NULL the above is actually\na noop. The code then goes on to dereference `dump_addr`.\n\nMake the function print \"Registers not stored\" when it sees a NULL to\nsolve this. Since we\u0027re touching the code, fix\nmsm_disp_state_print_regs() not to pointlessly take a double-pointer\nand properly mark the pointer as `const`.\n\nPatchwork: https://patchwork.freedesktop.org/patch/619657/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50156",
"url": "https://www.suse.com/security/cve/CVE-2024-50156"
},
{
"category": "external",
"summary": "SUSE Bug 1233073 for CVE-2024-50156",
"url": "https://bugzilla.suse.com/1233073"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50156"
},
{
"cve": "CVE-2024-50157",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50157"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop\n\nDriver waits indefinitely for the fifo occupancy to go below a threshold\nas soon as the pacing interrupt is received. This can cause soft lockup on\none of the processors, if the rate of DB is very high.\n\nAdd a loop count for FPGA and exit the __wait_for_fifo_occupancy_below_th\nif the loop is taking more time. Pacing will be continuing until the\noccupancy is below the threshold. This is ensured by the checks in\nbnxt_re_pacing_timer_exp and further scheduling the work for pacing based\non the fifo occupancy.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50157",
"url": "https://www.suse.com/security/cve/CVE-2024-50157"
},
{
"category": "external",
"summary": "SUSE Bug 1233032 for CVE-2024-50157",
"url": "https://bugzilla.suse.com/1233032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50157"
},
{
"cve": "CVE-2024-50158",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50158"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Fix out of bound check\n\nDriver exports pacing stats only on GenP5 and P7 adapters. But while\nparsing the pacing stats, driver has a check for \"rdev-\u003edbr_pacing\". This\ncaused a trace when KASAN is enabled.\n\nBUG: KASAN: slab-out-of-bounds in bnxt_re_get_hw_stats+0x2b6a/0x2e00 [bnxt_re]\nWrite of size 8 at addr ffff8885942a6340 by task modprobe/4809",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50158",
"url": "https://www.suse.com/security/cve/CVE-2024-50158"
},
{
"category": "external",
"summary": "SUSE Bug 1233036 for CVE-2024-50158",
"url": "https://bugzilla.suse.com/1233036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50158"
},
{
"cve": "CVE-2024-50159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50159"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup()\n\nClang static checker(scan-build) throws below warning:\n | drivers/firmware/arm_scmi/driver.c:line 2915, column 2\n | Attempt to free released memory.\n\nWhen devm_add_action_or_reset() fails, scmi_debugfs_common_cleanup()\nwill run twice which causes double free of \u0027dbg-\u003ename\u0027.\n\nRemove the redundant scmi_debugfs_common_cleanup() to fix this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50159",
"url": "https://www.suse.com/security/cve/CVE-2024-50159"
},
{
"category": "external",
"summary": "SUSE Bug 1233041 for CVE-2024-50159",
"url": "https://bugzilla.suse.com/1233041"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50159"
},
{
"cve": "CVE-2024-50160",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50160"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda/cs8409: Fix possible NULL dereference\n\nIf snd_hda_gen_add_kctl fails to allocate memory and returns NULL, then\nNULL pointer dereference will occur in the next line.\n\nSince dolphin_fixups function is a hda_fixup function which is not supposed\nto return any errors, add simple check before dereference, ignore the fail.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50160",
"url": "https://www.suse.com/security/cve/CVE-2024-50160"
},
{
"category": "external",
"summary": "SUSE Bug 1233074 for CVE-2024-50160",
"url": "https://bugzilla.suse.com/1233074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50160"
},
{
"cve": "CVE-2024-50166",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50166"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfsl/fman: Fix refcount handling of fman-related devices\n\nIn mac_probe() there are multiple calls to of_find_device_by_node(),\nfman_bind() and fman_port_bind() which takes references to of_dev-\u003edev.\nNot all references taken by these calls are released later on error path\nin mac_probe() and in mac_remove() which lead to reference leaks.\n\nAdd references release.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50166",
"url": "https://www.suse.com/security/cve/CVE-2024-50166"
},
{
"category": "external",
"summary": "SUSE Bug 1233050 for CVE-2024-50166",
"url": "https://bugzilla.suse.com/1233050"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50166"
},
{
"cve": "CVE-2024-50167",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50167"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbe2net: fix potential memory leak in be_xmit()\n\nThe be_xmit() returns NETDEV_TX_OK without freeing skb\nin case of be_xmit_enqueue() fails, add dev_kfree_skb_any() to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50167",
"url": "https://www.suse.com/security/cve/CVE-2024-50167"
},
{
"category": "external",
"summary": "SUSE Bug 1233049 for CVE-2024-50167",
"url": "https://bugzilla.suse.com/1233049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50167"
},
{
"cve": "CVE-2024-50169",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50169"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Update rx_bytes on read_skb()\n\nMake sure virtio_transport_inc_rx_pkt() and virtio_transport_dec_rx_pkt()\ncalls are balanced (i.e. virtio_vsock_sock::rx_bytes doesn\u0027t lie) after\nvsock_transport::read_skb().\n\nWhile here, also inform the peer that we\u0027ve freed up space and it has more\ncredit.\n\nFailing to update rx_bytes after packet is dequeued leads to a warning on\nSOCK_STREAM recv():\n\n[ 233.396654] rx_queue is empty, but rx_bytes is non-zero\n[ 233.396702] WARNING: CPU: 11 PID: 40601 at net/vmw_vsock/virtio_transport_common.c:589",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50169",
"url": "https://www.suse.com/security/cve/CVE-2024-50169"
},
{
"category": "external",
"summary": "SUSE Bug 1233320 for CVE-2024-50169",
"url": "https://bugzilla.suse.com/1233320"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50169"
},
{
"cve": "CVE-2024-50171",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50171"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: systemport: fix potential memory leak in bcm_sysport_xmit()\n\nThe bcm_sysport_xmit() returns NETDEV_TX_OK without freeing skb\nin case of dma_map_single() fails, add dev_kfree_skb() to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50171",
"url": "https://www.suse.com/security/cve/CVE-2024-50171"
},
{
"category": "external",
"summary": "SUSE Bug 1233057 for CVE-2024-50171",
"url": "https://bugzilla.suse.com/1233057"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50171"
},
{
"cve": "CVE-2024-50172",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50172"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Fix a possible memory leak\n\nIn bnxt_re_setup_chip_ctx() when bnxt_qplib_map_db_bar() fails\ndriver is not freeing the memory allocated for \"rdev-\u003echip_ctx\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50172",
"url": "https://www.suse.com/security/cve/CVE-2024-50172"
},
{
"category": "external",
"summary": "SUSE Bug 1233029 for CVE-2024-50172",
"url": "https://bugzilla.suse.com/1233029"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50172"
},
{
"cve": "CVE-2024-50175",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50175"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: qcom: camss: Remove use_count guard in stop_streaming\n\nThe use_count check was introduced so that multiple concurrent Raw Data\nInterfaces RDIs could be driven by different virtual channels VCs on the\nCSIPHY input driving the video pipeline.\n\nThis is an invalid use of use_count though as use_count pertains to the\nnumber of times a video entity has been opened by user-space not the number\nof active streams.\n\nIf use_count and stream-on count don\u0027t agree then stop_streaming() will\nbreak as is currently the case and has become apparent when using CAMSS\nwith libcamera\u0027s released softisp 0.3.\n\nThe use of use_count like this is a bit hacky and right now breaks regular\nusage of CAMSS for a single stream case. Stopping qcam results in the splat\nbelow, and then it cannot be started again and any attempts to do so fails\nwith -EBUSY.\n\n[ 1265.509831] WARNING: CPU: 5 PID: 919 at drivers/media/common/videobuf2/videobuf2-core.c:2183 __vb2_queue_cancel+0x230/0x2c8 [videobuf2_common]\n...\n[ 1265.510630] Call trace:\n[ 1265.510636] __vb2_queue_cancel+0x230/0x2c8 [videobuf2_common]\n[ 1265.510648] vb2_core_streamoff+0x24/0xcc [videobuf2_common]\n[ 1265.510660] vb2_ioctl_streamoff+0x5c/0xa8 [videobuf2_v4l2]\n[ 1265.510673] v4l_streamoff+0x24/0x30 [videodev]\n[ 1265.510707] __video_do_ioctl+0x190/0x3f4 [videodev]\n[ 1265.510732] video_usercopy+0x304/0x8c4 [videodev]\n[ 1265.510757] video_ioctl2+0x18/0x34 [videodev]\n[ 1265.510782] v4l2_ioctl+0x40/0x60 [videodev]\n...\n[ 1265.510944] videobuf2_common: driver bug: stop_streaming operation is leaving buffer 0 in active state\n[ 1265.511175] videobuf2_common: driver bug: stop_streaming operation is leaving buffer 1 in active state\n[ 1265.511398] videobuf2_common: driver bug: stop_streaming operation is leaving buffer 2 in active st\n\nOne CAMSS specific way to handle multiple VCs on the same RDI might be:\n\n- Reference count each pipeline enable for CSIPHY, CSID, VFE and RDIx.\n- The video buffers are already associated with msm_vfeN_rdiX so\n release video buffers when told to do so by stop_streaming.\n- Only release the power-domains for the CSIPHY, CSID and VFE when\n their internal refcounts drop.\n\nEither way refusing to release video buffers based on use_count is\nerroneous and should be reverted. The silicon enabling code for selecting\nVCs is perfectly fine. Its a \"known missing feature\" that concurrent VCs\nwon\u0027t work with CAMSS right now.\n\nInitial testing with this code didn\u0027t show an error but, SoftISP and \"real\"\nusage with Google Hangouts breaks the upstream code pretty quickly, we need\nto do a partial revert and take another pass at VCs.\n\nThis commit partially reverts commit 89013969e232 (\"media: camss: sm8250:\nPipeline starting and stopping for multiple virtual channels\")",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50175",
"url": "https://www.suse.com/security/cve/CVE-2024-50175"
},
{
"category": "external",
"summary": "SUSE Bug 1233092 for CVE-2024-50175",
"url": "https://bugzilla.suse.com/1233092"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50175"
},
{
"cve": "CVE-2024-50176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50176"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: k3-r5: Fix error handling when power-up failed\n\nBy simply bailing out, the driver was violating its rule and internal\nassumptions that either both or no rproc should be initialized. E.g.,\nthis could cause the first core to be available but not the second one,\nleading to crashes on its shutdown later on while trying to dereference\nthat second instance.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50176",
"url": "https://www.suse.com/security/cve/CVE-2024-50176"
},
{
"category": "external",
"summary": "SUSE Bug 1233091 for CVE-2024-50176",
"url": "https://bugzilla.suse.com/1233091"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50176"
},
{
"cve": "CVE-2024-50177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50177"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix a UBSAN warning in DML2.1\n\nWhen programming phantom pipe, since cursor_width is explicity set to 0,\nthis causes calculation logic to trigger overflow for an unsigned int\ntriggering the kernel\u0027s UBSAN check as below:\n\n[ 40.962845] UBSAN: shift-out-of-bounds in /tmp/amd.EfpumTkO/amd/amdgpu/../display/dc/dml2/dml21/src/dml2_core/dml2_core_dcn4_calcs.c:3312:34\n[ 40.962849] shift exponent 4294967170 is too large for 32-bit type \u0027unsigned int\u0027\n[ 40.962852] CPU: 1 PID: 1670 Comm: gnome-shell Tainted: G W OE 6.5.0-41-generic #41~22.04.2-Ubuntu\n[ 40.962854] Hardware name: Gigabyte Technology Co., Ltd. X670E AORUS PRO X/X670E AORUS PRO X, BIOS F21 01/10/2024\n[ 40.962856] Call Trace:\n[ 40.962857] \u003cTASK\u003e\n[ 40.962860] dump_stack_lvl+0x48/0x70\n[ 40.962870] dump_stack+0x10/0x20\n[ 40.962872] __ubsan_handle_shift_out_of_bounds+0x1ac/0x360\n[ 40.962878] calculate_cursor_req_attributes.cold+0x1b/0x28 [amdgpu]\n[ 40.963099] dml_core_mode_support+0x6b91/0x16bc0 [amdgpu]\n[ 40.963327] ? srso_alias_return_thunk+0x5/0x7f\n[ 40.963331] ? CalculateWatermarksMALLUseAndDRAMSpeedChangeSupport+0x18b8/0x2790 [amdgpu]\n[ 40.963534] ? srso_alias_return_thunk+0x5/0x7f\n[ 40.963536] ? dml_core_mode_support+0xb3db/0x16bc0 [amdgpu]\n[ 40.963730] dml2_core_calcs_mode_support_ex+0x2c/0x90 [amdgpu]\n[ 40.963906] ? srso_alias_return_thunk+0x5/0x7f\n[ 40.963909] ? dml2_core_calcs_mode_support_ex+0x2c/0x90 [amdgpu]\n[ 40.964078] core_dcn4_mode_support+0x72/0xbf0 [amdgpu]\n[ 40.964247] dml2_top_optimization_perform_optimization_phase+0x1d3/0x2a0 [amdgpu]\n[ 40.964420] dml2_build_mode_programming+0x23d/0x750 [amdgpu]\n[ 40.964587] dml21_validate+0x274/0x770 [amdgpu]\n[ 40.964761] ? srso_alias_return_thunk+0x5/0x7f\n[ 40.964763] ? resource_append_dpp_pipes_for_plane_composition+0x27c/0x3b0 [amdgpu]\n[ 40.964942] dml2_validate+0x504/0x750 [amdgpu]\n[ 40.965117] ? dml21_copy+0x95/0xb0 [amdgpu]\n[ 40.965291] ? srso_alias_return_thunk+0x5/0x7f\n[ 40.965295] dcn401_validate_bandwidth+0x4e/0x70 [amdgpu]\n[ 40.965491] update_planes_and_stream_state+0x38d/0x5c0 [amdgpu]\n[ 40.965672] update_planes_and_stream_v3+0x52/0x1e0 [amdgpu]\n[ 40.965845] ? srso_alias_return_thunk+0x5/0x7f\n[ 40.965849] dc_update_planes_and_stream+0x71/0xb0 [amdgpu]\n\nFix this by adding a guard for checking cursor width before triggering\nthe size calculation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50177",
"url": "https://www.suse.com/security/cve/CVE-2024-50177"
},
{
"category": "external",
"summary": "SUSE Bug 1233115 for CVE-2024-50177",
"url": "https://bugzilla.suse.com/1233115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50177"
},
{
"cve": "CVE-2024-50179",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50179"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: remove the incorrect Fw reference check when dirtying pages\n\nWhen doing the direct-io reads it will also try to mark pages dirty,\nbut for the read path it won\u0027t hold the Fw caps and there is case\nwill it get the Fw reference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50179",
"url": "https://www.suse.com/security/cve/CVE-2024-50179"
},
{
"category": "external",
"summary": "SUSE Bug 1233123 for CVE-2024-50179",
"url": "https://bugzilla.suse.com/1233123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50179"
},
{
"cve": "CVE-2024-50180",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50180"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: sisfb: Fix strbuf array overflow\n\nThe values of the variables xres and yres are placed in strbuf.\nThese variables are obtained from strbuf1.\nThe strbuf1 array contains digit characters\nand a space if the array contains non-digit characters.\nThen, when executing sprintf(strbuf, \"%ux%ux8\", xres, yres);\nmore than 16 bytes will be written to strbuf.\nIt is suggested to increase the size of the strbuf array to 24.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50180",
"url": "https://www.suse.com/security/cve/CVE-2024-50180"
},
{
"category": "external",
"summary": "SUSE Bug 1233125 for CVE-2024-50180",
"url": "https://bugzilla.suse.com/1233125"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50180"
},
{
"cve": "CVE-2024-50181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50181"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50181",
"url": "https://www.suse.com/security/cve/CVE-2024-50181"
},
{
"category": "external",
"summary": "SUSE Bug 1233127 for CVE-2024-50181",
"url": "https://bugzilla.suse.com/1233127"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50181"
},
{
"cve": "CVE-2024-50182",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50182"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsecretmem: disable memfd_secret() if arch cannot set direct map\n\nReturn -ENOSYS from memfd_secret() syscall if !can_set_direct_map(). This\nis the case for example on some arm64 configurations, where marking 4k\nPTEs in the direct map not present can only be done if the direct map is\nset up at 4k granularity in the first place (as ARM\u0027s break-before-make\nsemantics do not easily allow breaking apart large/gigantic pages).\n\nMore precisely, on arm64 systems with !can_set_direct_map(),\nset_direct_map_invalid_noflush() is a no-op, however it returns success\n(0) instead of an error. This means that memfd_secret will seemingly\n\"work\" (e.g. syscall succeeds, you can mmap the fd and fault in pages),\nbut it does not actually achieve its goal of removing its memory from the\ndirect map.\n\nNote that with this patch, memfd_secret() will start erroring on systems\nwhere can_set_direct_map() returns false (arm64 with\nCONFIG_RODATA_FULL_DEFAULT_ENABLED=n, CONFIG_DEBUG_PAGEALLOC=n and\nCONFIG_KFENCE=n), but that still seems better than the current silent\nfailure. Since CONFIG_RODATA_FULL_DEFAULT_ENABLED defaults to \u0027y\u0027, most\narm64 systems actually have a working memfd_secret() and aren\u0027t be\naffected.\n\nFrom going through the iterations of the original memfd_secret patch\nseries, it seems that disabling the syscall in these scenarios was the\nintended behavior [1] (preferred over having\nset_direct_map_invalid_noflush return an error as that would result in\nSIGBUSes at page-fault time), however the check for it got dropped between\nv16 [2] and v17 [3], when secretmem moved away from CMA allocations.\n\n[1]: https://lore.kernel.org/lkml/20201124164930.GK8537@kernel.org/\n[2]: https://lore.kernel.org/lkml/20210121122723.3446-11-rppt@kernel.org/#t\n[3]: https://lore.kernel.org/lkml/20201125092208.12544-10-rppt@kernel.org/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50182",
"url": "https://www.suse.com/security/cve/CVE-2024-50182"
},
{
"category": "external",
"summary": "SUSE Bug 1233129 for CVE-2024-50182",
"url": "https://bugzilla.suse.com/1233129"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50182"
},
{
"cve": "CVE-2024-50183",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50183"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance\n\nDeleting an NPIV instance requires all fabric ndlps to be released before\nan NPIV\u0027s resources can be torn down. Failure to release fabric ndlps\nbeforehand opens kref imbalance race conditions. Fix by forcing the DA_ID\nto complete synchronously with usage of wait_queue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50183",
"url": "https://www.suse.com/security/cve/CVE-2024-50183"
},
{
"category": "external",
"summary": "SUSE Bug 1233130 for CVE-2024-50183",
"url": "https://bugzilla.suse.com/1233130"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50183"
},
{
"cve": "CVE-2024-50184",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50184"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_pmem: Check device status before requesting flush\n\nIf a pmem device is in a bad status, the driver side could wait for\nhost ack forever in virtio_pmem_flush(), causing the system to hang.\n\nSo add a status check in the beginning of virtio_pmem_flush() to return\nearly if the device is not activated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50184",
"url": "https://www.suse.com/security/cve/CVE-2024-50184"
},
{
"category": "external",
"summary": "SUSE Bug 1233135 for CVE-2024-50184",
"url": "https://bugzilla.suse.com/1233135"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50184"
},
{
"cve": "CVE-2024-50186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50186"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: explicitly clear the sk pointer, when pf-\u003ecreate fails\n\nWe have recently noticed the exact same KASAN splat as in commit\n6cd4a78d962b (\"net: do not leave a dangling sk pointer, when socket\ncreation fails\"). The problem is that commit did not fully address the\nproblem, as some pf-\u003ecreate implementations do not use sk_common_release\nin their error paths.\n\nFor example, we can use the same reproducer as in the above commit, but\nchanging ping to arping. arping uses AF_PACKET socket and if packet_create\nfails, it will just sk_free the allocated sk object.\n\nWhile we could chase all the pf-\u003ecreate implementations and make sure they\nNULL the freed sk object on error from the socket, we can\u0027t guarantee\nfuture protocols will not make the same mistake.\n\nSo it is easier to just explicitly NULL the sk pointer upon return from\npf-\u003ecreate in __sock_create. We do know that pf-\u003ecreate always releases the\nallocated sk object on error, so if the pointer is not NULL, it is\ndefinitely dangling.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50186",
"url": "https://www.suse.com/security/cve/CVE-2024-50186"
},
{
"category": "external",
"summary": "SUSE Bug 1233110 for CVE-2024-50186",
"url": "https://bugzilla.suse.com/1233110"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50186"
},
{
"cve": "CVE-2024-50187",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50187"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vc4: Stop the active perfmon before being destroyed\n\nUpon closing the file descriptor, the active performance monitor is not\nstopped. Although all perfmons are destroyed in `vc4_perfmon_close_file()`,\nthe active performance monitor\u0027s pointer (`vc4-\u003eactive_perfmon`) is still\nretained.\n\nIf we open a new file descriptor and submit a few jobs with performance\nmonitors, the driver will attempt to stop the active performance monitor\nusing the stale pointer in `vc4-\u003eactive_perfmon`. However, this pointer\nis no longer valid because the previous process has already terminated,\nand all performance monitors associated with it have been destroyed and\nfreed.\n\nTo fix this, when the active performance monitor belongs to a given\nprocess, explicitly stop it before destroying and freeing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50187",
"url": "https://www.suse.com/security/cve/CVE-2024-50187"
},
{
"category": "external",
"summary": "SUSE Bug 1233108 for CVE-2024-50187",
"url": "https://bugzilla.suse.com/1233108"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50187"
},
{
"cve": "CVE-2024-50188",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50188"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: dp83869: fix memory corruption when enabling fiber\n\nWhen configuring the fiber port, the DP83869 PHY driver incorrectly\ncalls linkmode_set_bit() with a bit mask (1 \u003c\u003c 10) rather than a bit\nnumber (10). This corrupts some other memory location -- in case of\narm64 the priv pointer in the same structure.\n\nSince the advertising flags are updated from supported at the end of the\nfunction the incorrect line isn\u0027t needed at all and can be removed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50188",
"url": "https://www.suse.com/security/cve/CVE-2024-50188"
},
{
"category": "external",
"summary": "SUSE Bug 1233107 for CVE-2024-50188",
"url": "https://bugzilla.suse.com/1233107"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50188"
},
{
"cve": "CVE-2024-50189",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50189"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: amd_sfh: Switch to device-managed dmam_alloc_coherent()\n\nUsing the device-managed version allows to simplify clean-up in probe()\nerror path.\n\nAdditionally, this device-managed ensures proper cleanup, which helps to\nresolve memory errors, page faults, btrfs going read-only, and btrfs\ndisk corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50189",
"url": "https://www.suse.com/security/cve/CVE-2024-50189"
},
{
"category": "external",
"summary": "SUSE Bug 1233105 for CVE-2024-50189",
"url": "https://bugzilla.suse.com/1233105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50189"
},
{
"cve": "CVE-2024-50192",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50192"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/gic-v4: Don\u0027t allow a VMOVP on a dying VPE\n\nKunkun Jiang reported that there is a small window of opportunity for\nuserspace to force a change of affinity for a VPE while the VPE has already\nbeen unmapped, but the corresponding doorbell interrupt still visible in\n/proc/irq/.\n\nPlug the race by checking the value of vmapp_count, which tracks whether\nthe VPE is mapped ot not, and returning an error in this case.\n\nThis involves making vmapp_count common to both GICv4.1 and its v4.0\nancestor.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50192",
"url": "https://www.suse.com/security/cve/CVE-2024-50192"
},
{
"category": "external",
"summary": "SUSE Bug 1233106 for CVE-2024-50192",
"url": "https://bugzilla.suse.com/1233106"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50192"
},
{
"cve": "CVE-2024-50194",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50194"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: probes: Fix uprobes for big-endian kernels\n\nThe arm64 uprobes code is broken for big-endian kernels as it doesn\u0027t\nconvert the in-memory instruction encoding (which is always\nlittle-endian) into the kernel\u0027s native endianness before analyzing and\nsimulating instructions. This may result in a few distinct problems:\n\n* The kernel may may erroneously reject probing an instruction which can\n safely be probed.\n\n* The kernel may erroneously erroneously permit stepping an\n instruction out-of-line when that instruction cannot be stepped\n out-of-line safely.\n\n* The kernel may erroneously simulate instruction incorrectly dur to\n interpretting the byte-swapped encoding.\n\nThe endianness mismatch isn\u0027t caught by the compiler or sparse because:\n\n* The arch_uprobe::{insn,ixol} fields are encoded as arrays of u8, so\n the compiler and sparse have no idea these contain a little-endian\n 32-bit value. The core uprobes code populates these with a memcpy()\n which similarly does not handle endianness.\n\n* While the uprobe_opcode_t type is an alias for __le32, both\n arch_uprobe_analyze_insn() and arch_uprobe_skip_sstep() cast from u8[]\n to the similarly-named probe_opcode_t, which is an alias for u32.\n Hence there is no endianness conversion warning.\n\nFix this by changing the arch_uprobe::{insn,ixol} fields to __le32 and\nadding the appropriate __le32_to_cpu() conversions prior to consuming\nthe instruction encoding. The core uprobes copies these fields as opaque\nranges of bytes, and so is unaffected by this change.\n\nAt the same time, remove MAX_UINSN_BYTES and consistently use\nAARCH64_INSN_SIZE for clarity.\n\nTested with the following:\n\n| #include \u003cstdio.h\u003e\n| #include \u003cstdbool.h\u003e\n|\n| #define noinline __attribute__((noinline))\n|\n| static noinline void *adrp_self(void)\n| {\n| void *addr;\n|\n| asm volatile(\n| \" adrp %x0, adrp_self\\n\"\n| \" add %x0, %x0, :lo12:adrp_self\\n\"\n| : \"=r\" (addr));\n| }\n|\n|\n| int main(int argc, char *argv)\n| {\n| void *ptr = adrp_self();\n| bool equal = (ptr == adrp_self);\n|\n| printf(\"adrp_self =\u003e %p\\n\"\n| \"adrp_self() =\u003e %p\\n\"\n| \"%s\\n\",\n| adrp_self, ptr, equal ? \"EQUAL\" : \"NOT EQUAL\");\n|\n| return 0;\n| }\n\n.... where the adrp_self() function was compiled to:\n\n| 00000000004007e0 \u003cadrp_self\u003e:\n| 4007e0: 90000000 adrp x0, 400000 \u003c__ehdr_start\u003e\n| 4007e4: 911f8000 add x0, x0, #0x7e0\n| 4007e8: d65f03c0 ret\n\nBefore this patch, the ADRP is not recognized, and is assumed to be\nsteppable, resulting in corruption of the result:\n\n| # ./adrp-self\n| adrp_self =\u003e 0x4007e0\n| adrp_self() =\u003e 0x4007e0\n| EQUAL\n| # echo \u0027p /root/adrp-self:0x007e0\u0027 \u003e /sys/kernel/tracing/uprobe_events\n| # echo 1 \u003e /sys/kernel/tracing/events/uprobes/enable\n| # ./adrp-self\n| adrp_self =\u003e 0x4007e0\n| adrp_self() =\u003e 0xffffffffff7e0\n| NOT EQUAL\n\nAfter this patch, the ADRP is correctly recognized and simulated:\n\n| # ./adrp-self\n| adrp_self =\u003e 0x4007e0\n| adrp_self() =\u003e 0x4007e0\n| EQUAL\n| #\n| # echo \u0027p /root/adrp-self:0x007e0\u0027 \u003e /sys/kernel/tracing/uprobe_events\n| # echo 1 \u003e /sys/kernel/tracing/events/uprobes/enable\n| # ./adrp-self\n| adrp_self =\u003e 0x4007e0\n| adrp_self() =\u003e 0x4007e0\n| EQUAL",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50194",
"url": "https://www.suse.com/security/cve/CVE-2024-50194"
},
{
"category": "external",
"summary": "SUSE Bug 1233111 for CVE-2024-50194",
"url": "https://bugzilla.suse.com/1233111"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50194"
},
{
"cve": "CVE-2024-50195",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50195"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nposix-clock: Fix missing timespec64 check in pc_clock_settime()\n\nAs Andrew pointed out, it will make sense that the PTP core\nchecked timespec64 struct\u0027s tv_sec and tv_nsec range before calling\nptp-\u003einfo-\u003esettime64().\n\nAs the man manual of clock_settime() said, if tp.tv_sec is negative or\ntp.tv_nsec is outside the range [0..999,999,999], it should return EINVAL,\nwhich include dynamic clocks which handles PTP clock, and the condition is\nconsistent with timespec64_valid(). As Thomas suggested, timespec64_valid()\nonly check the timespec is valid, but not ensure that the time is\nin a valid range, so check it ahead using timespec64_valid_strict()\nin pc_clock_settime() and return -EINVAL if not valid.\n\nThere are some drivers that use tp-\u003etv_sec and tp-\u003etv_nsec directly to\nwrite registers without validity checks and assume that the higher layer\nhas checked it, which is dangerous and will benefit from this, such as\nhclge_ptp_settime(), igb_ptp_settime_i210(), _rcar_gen4_ptp_settime(),\nand some drivers can remove the checks of itself.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50195",
"url": "https://www.suse.com/security/cve/CVE-2024-50195"
},
{
"category": "external",
"summary": "SUSE Bug 1233103 for CVE-2024-50195",
"url": "https://bugzilla.suse.com/1233103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50195"
},
{
"cve": "CVE-2024-50196",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50196"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: ocelot: fix system hang on level based interrupts\n\nThe current implementation only calls chained_irq_enter() and\nchained_irq_exit() if it detects pending interrupts.\n\n```\nfor (i = 0; i \u003c info-\u003estride; i++) {\n\turegmap_read(info-\u003emap, id_reg + 4 * i, \u0026reg);\n\tif (!reg)\n\t\tcontinue;\n\n\tchained_irq_enter(parent_chip, desc);\n```\n\nHowever, in case of GPIO pin configured in level mode and the parent\ncontroller configured in edge mode, GPIO interrupt might be lowered by the\nhardware. In the result, if the interrupt is short enough, the parent\ninterrupt is still pending while the GPIO interrupt is cleared;\nchained_irq_enter() never gets called and the system hangs trying to\nservice the parent interrupt.\n\nMoving chained_irq_enter() and chained_irq_exit() outside the for loop\nensures that they are called even when GPIO interrupt is lowered by the\nhardware.\n\nThe similar code with chained_irq_enter() / chained_irq_exit() functions\nwrapping interrupt checking loop may be found in many other drivers:\n```\ngrep -r -A 10 chained_irq_enter drivers/pinctrl\n```",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50196",
"url": "https://www.suse.com/security/cve/CVE-2024-50196"
},
{
"category": "external",
"summary": "SUSE Bug 1233113 for CVE-2024-50196",
"url": "https://bugzilla.suse.com/1233113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50196"
},
{
"cve": "CVE-2024-50198",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50198"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: light: veml6030: fix IIO device retrieval from embedded device\n\nThe dev pointer that is received as an argument in the\nin_illuminance_period_available_show function references the device\nembedded in the IIO device, not in the i2c client.\n\ndev_to_iio_dev() must be used to accessthe right data. The current\nimplementation leads to a segmentation fault on every attempt to read\nthe attribute because indio_dev gets a NULL assignment.\n\nThis bug has been present since the first appearance of the driver,\napparently since the last version (V6) before getting applied. A\nconstant attribute was used until then, and the last modifications might\nhave not been tested again.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50198",
"url": "https://www.suse.com/security/cve/CVE-2024-50198"
},
{
"category": "external",
"summary": "SUSE Bug 1233100 for CVE-2024-50198",
"url": "https://bugzilla.suse.com/1233100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50198"
},
{
"cve": "CVE-2024-50200",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50200"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmaple_tree: correct tree corruption on spanning store\n\nPatch series \"maple_tree: correct tree corruption on spanning store\", v3.\n\nThere has been a nasty yet subtle maple tree corruption bug that appears\nto have been in existence since the inception of the algorithm.\n\nThis bug seems far more likely to happen since commit f8d112a4e657\n(\"mm/mmap: avoid zeroing vma tree in mmap_region()\"), which is the point\nat which reports started to be submitted concerning this bug.\n\nWe were made definitely aware of the bug thanks to the kind efforts of\nBert Karwatzki who helped enormously in my being able to track this down\nand identify the cause of it.\n\nThe bug arises when an attempt is made to perform a spanning store across\ntwo leaf nodes, where the right leaf node is the rightmost child of the\nshared parent, AND the store completely consumes the right-mode node.\n\nThis results in mas_wr_spanning_store() mitakenly duplicating the new and\nexisting entries at the maximum pivot within the range, and thus maple\ntree corruption.\n\nThe fix patch corrects this by detecting this scenario and disallowing the\nmistaken duplicate copy.\n\nThe fix patch commit message goes into great detail as to how this occurs.\n\nThis series also includes a test which reliably reproduces the issue, and\nasserts that the fix works correctly.\n\nBert has kindly tested the fix and confirmed it resolved his issues. Also\nMikhail Gavrilov kindly reported what appears to be precisely the same\nbug, which this fix should also resolve.\n\n\nThis patch (of 2):\n\nThere has been a subtle bug present in the maple tree implementation from\nits inception.\n\nThis arises from how stores are performed - when a store occurs, it will\noverwrite overlapping ranges and adjust the tree as necessary to\naccommodate this.\n\nA range may always ultimately span two leaf nodes. In this instance we\nwalk the two leaf nodes, determine which elements are not overwritten to\nthe left and to the right of the start and end of the ranges respectively\nand then rebalance the tree to contain these entries and the newly\ninserted one.\n\nThis kind of store is dubbed a \u0027spanning store\u0027 and is implemented by\nmas_wr_spanning_store().\n\nIn order to reach this stage, mas_store_gfp() invokes\nmas_wr_preallocate(), mas_wr_store_type() and mas_wr_walk() in turn to\nwalk the tree and update the object (mas) to traverse to the location\nwhere the write should be performed, determining its store type.\n\nWhen a spanning store is required, this function returns false stopping at\nthe parent node which contains the target range, and mas_wr_store_type()\nmarks the mas-\u003estore_type as wr_spanning_store to denote this fact.\n\nWhen we go to perform the store in mas_wr_spanning_store(), we first\ndetermine the elements AFTER the END of the range we wish to store (that\nis, to the right of the entry to be inserted) - we do this by walking to\nthe NEXT pivot in the tree (i.e. r_mas.last + 1), starting at the node we\nhave just determined contains the range over which we intend to write.\n\nWe then turn our attention to the entries to the left of the entry we are\ninserting, whose state is represented by l_mas, and copy these into a \u0027big\nnode\u0027, which is a special node which contains enough slots to contain two\nleaf node\u0027s worth of data.\n\nWe then copy the entry we wish to store immediately after this - the copy\nand the insertion of the new entry is performed by mas_store_b_node().\n\nAfter this we copy the elements to the right of the end of the range which\nwe are inserting, if we have not exceeded the length of the node (i.e. \nr_mas.offset \u003c= r_mas.end).\n\nHerein lies the bug - under very specific circumstances, this logic can\nbreak and corrupt the maple tree.\n\nConsider the following tree:\n\nHeight\n 0 Root Node\n / \\\n pivot = 0xffff / \\ pivot = ULONG_MAX\n / \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50200",
"url": "https://www.suse.com/security/cve/CVE-2024-50200"
},
{
"category": "external",
"summary": "SUSE Bug 1233088 for CVE-2024-50200",
"url": "https://bugzilla.suse.com/1233088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50200"
},
{
"cve": "CVE-2024-50201",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50201"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: Fix encoder-\u003epossible_clones\n\nInclude the encoder itself in its possible_clones bitmask.\nIn the past nothing validated that drivers were populating\npossible_clones correctly, but that changed in commit\n74d2aacbe840 (\"drm: Validate encoder-\u003epossible_clones\").\nLooks like radeon never got the memo and is still not\nfollowing the rules 100% correctly.\n\nThis results in some warnings during driver initialization:\nBogus possible_clones: [ENCODER:46:TV-46] possible_clones=0x4 (full encoder mask=0x7)\nWARNING: CPU: 0 PID: 170 at drivers/gpu/drm/drm_mode_config.c:615 drm_mode_config_validate+0x113/0x39c\n...\n\n(cherry picked from commit 3b6e7d40649c0d75572039aff9d0911864c689db)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50201",
"url": "https://www.suse.com/security/cve/CVE-2024-50201"
},
{
"category": "external",
"summary": "SUSE Bug 1233104 for CVE-2024-50201",
"url": "https://bugzilla.suse.com/1233104"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50201"
},
{
"cve": "CVE-2024-50205",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50205"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()\n\nThe step variable is initialized to zero. It is changed in the loop,\nbut if it\u0027s not changed it will remain zero. Add a variable check\nbefore the division.\n\nThe observed behavior was introduced by commit 826b5de90c0b\n(\"ALSA: firewire-lib: fix insufficient PCM rule for period/buffer size\"),\nand it is difficult to show that any of the interval parameters will\nsatisfy the snd_interval_test() condition with data from the\namdtp_rate_table[] table.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50205",
"url": "https://www.suse.com/security/cve/CVE-2024-50205"
},
{
"category": "external",
"summary": "SUSE Bug 1233293 for CVE-2024-50205",
"url": "https://bugzilla.suse.com/1233293"
},
{
"category": "external",
"summary": "SUSE Bug 1233294 for CVE-2024-50205",
"url": "https://bugzilla.suse.com/1233294"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-50205"
},
{
"cve": "CVE-2024-50208",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50208"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages\n\nAvoid memory corruption while setting up Level-2 PBL pages for the non MR\nresources when num_pages \u003e 256K.\n\nThere will be a single PDE page address (contiguous pages in the case of \u003e\nPAGE_SIZE), but, current logic assumes multiple pages, leading to invalid\nmemory access after 256K PBL entries in the PDE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50208",
"url": "https://www.suse.com/security/cve/CVE-2024-50208"
},
{
"category": "external",
"summary": "SUSE Bug 1233117 for CVE-2024-50208",
"url": "https://bugzilla.suse.com/1233117"
},
{
"category": "external",
"summary": "SUSE Bug 1233118 for CVE-2024-50208",
"url": "https://bugzilla.suse.com/1233118"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-50208"
},
{
"cve": "CVE-2024-50209",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50209"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Add a check for memory allocation\n\n__alloc_pbl() can return error when memory allocation fails.\nDriver is not checking the status on one of the instances.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50209",
"url": "https://www.suse.com/security/cve/CVE-2024-50209"
},
{
"category": "external",
"summary": "SUSE Bug 1233114 for CVE-2024-50209",
"url": "https://bugzilla.suse.com/1233114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50209"
},
{
"cve": "CVE-2024-50210",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50210"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nposix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()\n\nIf get_clock_desc() succeeds, it calls fget() for the clockid\u0027s fd,\nand get the clk-\u003erwsem read lock, so the error path should release\nthe lock to make the lock balance and fput the clockid\u0027s fd to make\nthe refcount balance and release the fd related resource.\n\nHowever the below commit left the error path locked behind resulting in\nunbalanced locking. Check timespec64_valid_strict() before\nget_clock_desc() to fix it, because the \"ts\" is not changed\nafter that.\n\n[pabeni@redhat.com: fixed commit message typo]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50210",
"url": "https://www.suse.com/security/cve/CVE-2024-50210"
},
{
"category": "external",
"summary": "SUSE Bug 1233097 for CVE-2024-50210",
"url": "https://bugzilla.suse.com/1233097"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50210"
},
{
"cve": "CVE-2024-50215",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50215"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-auth: assign dh_key to NULL after kfree_sensitive\n\nctrl-\u003edh_key might be used across multiple calls to nvmet_setup_dhgroup()\nfor the same controller. So it\u0027s better to nullify it after release on\nerror path in order to avoid double free later in nvmet_destroy_auth().\n\nFound by Linux Verification Center (linuxtesting.org) with Svace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50215",
"url": "https://www.suse.com/security/cve/CVE-2024-50215"
},
{
"category": "external",
"summary": "SUSE Bug 1233189 for CVE-2024-50215",
"url": "https://bugzilla.suse.com/1233189"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50215"
},
{
"cve": "CVE-2024-50216",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50216"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: fix finding a last resort AG in xfs_filestream_pick_ag\n\nWhen the main loop in xfs_filestream_pick_ag fails to find a suitable\nAG it tries to just pick the online AG. But the loop for that uses\nargs-\u003epag as loop iterator while the later code expects pag to be\nset. Fix this by reusing the max_pag case for this last resort, and\nalso add a check for impossible case of no AG just to make sure that\nthe uninitialized pag doesn\u0027t even escape in theory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50216",
"url": "https://www.suse.com/security/cve/CVE-2024-50216"
},
{
"category": "external",
"summary": "SUSE Bug 1233179 for CVE-2024-50216",
"url": "https://bugzilla.suse.com/1233179"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50216"
},
{
"cve": "CVE-2024-50218",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50218"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: pass u64 to ocfs2_truncate_inline maybe overflow\n\nSyzbot reported a kernel BUG in ocfs2_truncate_inline. There are two\nreasons for this: first, the parameter value passed is greater than\nocfs2_max_inline_data_with_xattr, second, the start and end parameters of\nocfs2_truncate_inline are \"unsigned int\".\n\nSo, we need to add a sanity check for byte_start and byte_len right before\nocfs2_truncate_inline() in ocfs2_remove_inode_range(), if they are greater\nthan ocfs2_max_inline_data_with_xattr return -EINVAL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50218",
"url": "https://www.suse.com/security/cve/CVE-2024-50218"
},
{
"category": "external",
"summary": "SUSE Bug 1233191 for CVE-2024-50218",
"url": "https://bugzilla.suse.com/1233191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50218"
},
{
"cve": "CVE-2024-50221",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50221"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Vangogh: Fix kernel memory out of bounds write\n\nKASAN reports that the GPU metrics table allocated in\nvangogh_tables_init() is not large enough for the memset done in\nsmu_cmn_init_soft_gpu_metrics(). Condensed report follows:\n\n[ 33.861314] BUG: KASAN: slab-out-of-bounds in smu_cmn_init_soft_gpu_metrics+0x73/0x200 [amdgpu]\n[ 33.861799] Write of size 168 at addr ffff888129f59500 by task mangoapp/1067\n...\n[ 33.861808] CPU: 6 UID: 1000 PID: 1067 Comm: mangoapp Tainted: G W 6.12.0-rc4 #356 1a56f59a8b5182eeaf67eb7cb8b13594dd23b544\n[ 33.861816] Tainted: [W]=WARN\n[ 33.861818] Hardware name: Valve Galileo/Galileo, BIOS F7G0107 12/01/2023\n[ 33.861822] Call Trace:\n[ 33.861826] \u003cTASK\u003e\n[ 33.861829] dump_stack_lvl+0x66/0x90\n[ 33.861838] print_report+0xce/0x620\n[ 33.861853] kasan_report+0xda/0x110\n[ 33.862794] kasan_check_range+0xfd/0x1a0\n[ 33.862799] __asan_memset+0x23/0x40\n[ 33.862803] smu_cmn_init_soft_gpu_metrics+0x73/0x200 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779]\n[ 33.863306] vangogh_get_gpu_metrics_v2_4+0x123/0xad0 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779]\n[ 33.864257] vangogh_common_get_gpu_metrics+0xb0c/0xbc0 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779]\n[ 33.865682] amdgpu_dpm_get_gpu_metrics+0xcc/0x110 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779]\n[ 33.866160] amdgpu_get_gpu_metrics+0x154/0x2d0 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779]\n[ 33.867135] dev_attr_show+0x43/0xc0\n[ 33.867147] sysfs_kf_seq_show+0x1f1/0x3b0\n[ 33.867155] seq_read_iter+0x3f8/0x1140\n[ 33.867173] vfs_read+0x76c/0xc50\n[ 33.867198] ksys_read+0xfb/0x1d0\n[ 33.867214] do_syscall_64+0x90/0x160\n...\n[ 33.867353] Allocated by task 378 on cpu 7 at 22.794876s:\n[ 33.867358] kasan_save_stack+0x33/0x50\n[ 33.867364] kasan_save_track+0x17/0x60\n[ 33.867367] __kasan_kmalloc+0x87/0x90\n[ 33.867371] vangogh_init_smc_tables+0x3f9/0x840 [amdgpu]\n[ 33.867835] smu_sw_init+0xa32/0x1850 [amdgpu]\n[ 33.868299] amdgpu_device_init+0x467b/0x8d90 [amdgpu]\n[ 33.868733] amdgpu_driver_load_kms+0x19/0xf0 [amdgpu]\n[ 33.869167] amdgpu_pci_probe+0x2d6/0xcd0 [amdgpu]\n[ 33.869608] local_pci_probe+0xda/0x180\n[ 33.869614] pci_device_probe+0x43f/0x6b0\n\nEmpirically we can confirm that the former allocates 152 bytes for the\ntable, while the latter memsets the 168 large block.\n\nRoot cause appears that when GPU metrics tables for v2_4 parts were added\nit was not considered to enlarge the table to fit.\n\nThe fix in this patch is rather \"brute force\" and perhaps later should be\ndone in a smarter way, by extracting and consolidating the part version to\nsize logic to a common helper, instead of brute forcing the largest\npossible allocation. Nevertheless, for now this works and fixes the out of\nbounds write.\n\nv2:\n * Drop impossible v3_0 case. (Mario)\n\n(cherry picked from commit 0880f58f9609f0200483a49429af0f050d281703)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50221",
"url": "https://www.suse.com/security/cve/CVE-2024-50221"
},
{
"category": "external",
"summary": "SUSE Bug 1233185 for CVE-2024-50221",
"url": "https://bugzilla.suse.com/1233185"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50221"
},
{
"cve": "CVE-2024-50224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50224"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: spi-fsl-dspi: Fix crash when not using GPIO chip select\n\nAdd check for the return value of spi_get_csgpiod() to avoid passing a NULL\npointer to gpiod_direction_output(), preventing a crash when GPIO chip\nselect is not used.\n\nFix below crash:\n[ 4.251960] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[ 4.260762] Mem abort info:\n[ 4.263556] ESR = 0x0000000096000004\n[ 4.267308] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 4.272624] SET = 0, FnV = 0\n[ 4.275681] EA = 0, S1PTW = 0\n[ 4.278822] FSC = 0x04: level 0 translation fault\n[ 4.283704] Data abort info:\n[ 4.286583] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[ 4.292074] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 4.297130] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 4.302445] [0000000000000000] user address but active_mm is swapper\n[ 4.308805] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 4.315072] Modules linked in:\n[ 4.318124] CPU: 2 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-rc4-next-20241023-00008-ga20ec42c5fc1 #359\n[ 4.328130] Hardware name: LS1046A QDS Board (DT)\n[ 4.332832] pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 4.339794] pc : gpiod_direction_output+0x34/0x5c\n[ 4.344505] lr : gpiod_direction_output+0x18/0x5c\n[ 4.349208] sp : ffff80008003b8f0\n[ 4.352517] x29: ffff80008003b8f0 x28: 0000000000000000 x27: ffffc96bcc7e9068\n[ 4.359659] x26: ffffc96bcc6e00b0 x25: ffffc96bcc598398 x24: ffff447400132810\n[ 4.366800] x23: 0000000000000000 x22: 0000000011e1a300 x21: 0000000000020002\n[ 4.373940] x20: 0000000000000000 x19: 0000000000000000 x18: ffffffffffffffff\n[ 4.381081] x17: ffff44740016e600 x16: 0000000500000003 x15: 0000000000000007\n[ 4.388221] x14: 0000000000989680 x13: 0000000000020000 x12: 000000000000001e\n[ 4.395362] x11: 0044b82fa09b5a53 x10: 0000000000000019 x9 : 0000000000000008\n[ 4.402502] x8 : 0000000000000002 x7 : 0000000000000007 x6 : 0000000000000000\n[ 4.409641] x5 : 0000000000000200 x4 : 0000000002000000 x3 : 0000000000000000\n[ 4.416781] x2 : 0000000000022202 x1 : 0000000000000000 x0 : 0000000000000000\n[ 4.423921] Call trace:\n[ 4.426362] gpiod_direction_output+0x34/0x5c (P)\n[ 4.431067] gpiod_direction_output+0x18/0x5c (L)\n[ 4.435771] dspi_setup+0x220/0x334",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50224",
"url": "https://www.suse.com/security/cve/CVE-2024-50224"
},
{
"category": "external",
"summary": "SUSE Bug 1233188 for CVE-2024-50224",
"url": "https://bugzilla.suse.com/1233188"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50224"
},
{
"cve": "CVE-2024-50225",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50225"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix error propagation of split bios\n\nThe purpose of btrfs_bbio_propagate_error() shall be propagating an error\nof split bio to its original btrfs_bio, and tell the error to the upper\nlayer. However, it\u0027s not working well on some cases.\n\n* Case 1. Immediate (or quick) end_bio with an error\n\nWhen btrfs sends btrfs_bio to mirrored devices, btrfs calls\nbtrfs_bio_end_io() when all the mirroring bios are completed. If that\nbtrfs_bio was split, it is from btrfs_clone_bioset and its end_io function\nis btrfs_orig_write_end_io. For this case, btrfs_bbio_propagate_error()\naccesses the orig_bbio\u0027s bio context to increase the error count.\n\nThat works well in most cases. However, if the end_io is called enough\nfast, orig_bbio\u0027s (remaining part after split) bio context may not be\nproperly set at that time. Since the bio context is set when the orig_bbio\n(the last btrfs_bio) is sent to devices, that might be too late for earlier\nsplit btrfs_bio\u0027s completion. That will result in NULL pointer\ndereference.\n\nThat bug is easily reproducible by running btrfs/146 on zoned devices [1]\nand it shows the following trace.\n\n[1] You need raid-stripe-tree feature as it create \"-d raid0 -m raid1\" FS.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000020\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] PREEMPT SMP PTI\n CPU: 1 UID: 0 PID: 13 Comm: kworker/u32:1 Not tainted 6.11.0-rc7-BTRFS-ZNS+ #474\n Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011\n Workqueue: writeback wb_workfn (flush-btrfs-5)\n RIP: 0010:btrfs_bio_end_io+0xae/0xc0 [btrfs]\n BTRFS error (device dm-0): bdev /dev/mapper/error-test errs: wr 2, rd 0, flush 0, corrupt 0, gen 0\n RSP: 0018:ffffc9000006f248 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: ffff888005a7f080 RCX: ffffc9000006f1dc\n RDX: 0000000000000000 RSI: 000000000000000a RDI: ffff888005a7f080\n RBP: ffff888011dfc540 R08: 0000000000000000 R09: 0000000000000001\n R10: ffffffff82e508e0 R11: 0000000000000005 R12: ffff88800ddfbe58\n R13: ffff888005a7f080 R14: ffff888005a7f158 R15: ffff888005a7f158\n FS: 0000000000000000(0000) GS:ffff88803ea80000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000020 CR3: 0000000002e22006 CR4: 0000000000370ef0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n ? __die_body.cold+0x19/0x26\n ? page_fault_oops+0x13e/0x2b0\n ? _printk+0x58/0x73\n ? do_user_addr_fault+0x5f/0x750\n ? exc_page_fault+0x76/0x240\n ? asm_exc_page_fault+0x22/0x30\n ? btrfs_bio_end_io+0xae/0xc0 [btrfs]\n ? btrfs_log_dev_io_error+0x7f/0x90 [btrfs]\n btrfs_orig_write_end_io+0x51/0x90 [btrfs]\n dm_submit_bio+0x5c2/0xa50 [dm_mod]\n ? find_held_lock+0x2b/0x80\n ? blk_try_enter_queue+0x90/0x1e0\n __submit_bio+0xe0/0x130\n ? ktime_get+0x10a/0x160\n ? lockdep_hardirqs_on+0x74/0x100\n submit_bio_noacct_nocheck+0x199/0x410\n btrfs_submit_bio+0x7d/0x150 [btrfs]\n btrfs_submit_chunk+0x1a1/0x6d0 [btrfs]\n ? lockdep_hardirqs_on+0x74/0x100\n ? __folio_start_writeback+0x10/0x2c0\n btrfs_submit_bbio+0x1c/0x40 [btrfs]\n submit_one_bio+0x44/0x60 [btrfs]\n submit_extent_folio+0x13f/0x330 [btrfs]\n ? btrfs_set_range_writeback+0xa3/0xd0 [btrfs]\n extent_writepage_io+0x18b/0x360 [btrfs]\n extent_write_locked_range+0x17c/0x340 [btrfs]\n ? __pfx_end_bbio_data_write+0x10/0x10 [btrfs]\n run_delalloc_cow+0x71/0xd0 [btrfs]\n btrfs_run_delalloc_range+0x176/0x500 [btrfs]\n ? find_lock_delalloc_range+0x119/0x260 [btrfs]\n writepage_delalloc+0x2ab/0x480 [btrfs]\n extent_write_cache_pages+0x236/0x7d0 [btrfs]\n btrfs_writepages+0x72/0x130 [btrfs]\n do_writepages+0xd4/0x240\n ? find_held_lock+0x2b/0x80\n ? wbc_attach_and_unlock_inode+0x12c/0x290\n ? wbc_attach_and_unlock_inode+0x12c/0x29\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50225",
"url": "https://www.suse.com/security/cve/CVE-2024-50225"
},
{
"category": "external",
"summary": "SUSE Bug 1233193 for CVE-2024-50225",
"url": "https://bugzilla.suse.com/1233193"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50225"
},
{
"cve": "CVE-2024-50228",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50228"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50228",
"url": "https://www.suse.com/security/cve/CVE-2024-50228"
},
{
"category": "external",
"summary": "SUSE Bug 1233204 for CVE-2024-50228",
"url": "https://bugzilla.suse.com/1233204"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50228"
},
{
"cve": "CVE-2024-50229",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50229"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential deadlock with newly created symlinks\n\nSyzbot reported that page_symlink(), called by nilfs_symlink(), triggers\nmemory reclamation involving the filesystem layer, which can result in\ncircular lock dependencies among the reader/writer semaphore\nnilfs-\u003ens_segctor_sem, s_writers percpu_rwsem (intwrite) and the\nfs_reclaim pseudo lock.\n\nThis is because after commit 21fc61c73c39 (\"don\u0027t put symlink bodies in\npagecache into highmem\"), the gfp flags of the page cache for symbolic\nlinks are overwritten to GFP_KERNEL via inode_nohighmem().\n\nThis is not a problem for symlinks read from the backing device, because\nthe __GFP_FS flag is dropped after inode_nohighmem() is called. However,\nwhen a new symlink is created with nilfs_symlink(), the gfp flags remain\noverwritten to GFP_KERNEL. Then, memory allocation called from\npage_symlink() etc. triggers memory reclamation including the FS layer,\nwhich may call nilfs_evict_inode() or nilfs_dirty_inode(). And these can\ncause a deadlock if they are called while nilfs-\u003ens_segctor_sem is held:\n\nFix this issue by dropping the __GFP_FS flag from the page cache GFP flags\nof newly created symlinks in the same way that nilfs_new_inode() and\n__nilfs_read_inode() do, as a workaround until we adopt nofs allocation\nscope consistently or improve the locking constraints.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50229",
"url": "https://www.suse.com/security/cve/CVE-2024-50229"
},
{
"category": "external",
"summary": "SUSE Bug 1233205 for CVE-2024-50229",
"url": "https://bugzilla.suse.com/1233205"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50229"
},
{
"cve": "CVE-2024-50230",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50230"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix kernel bug due to missing clearing of checked flag\n\nSyzbot reported that in directory operations after nilfs2 detects\nfilesystem corruption and degrades to read-only,\n__block_write_begin_int(), which is called to prepare block writes, may\nfail the BUG_ON check for accesses exceeding the folio/page size,\ntriggering a kernel bug.\n\nThis was found to be because the \"checked\" flag of a page/folio was not\ncleared when it was discarded by nilfs2\u0027s own routine, which causes the\nsanity check of directory entries to be skipped when the directory\npage/folio is reloaded. So, fix that.\n\nThis was necessary when the use of nilfs2\u0027s own page discard routine was\napplied to more than just metadata files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50230",
"url": "https://www.suse.com/security/cve/CVE-2024-50230"
},
{
"category": "external",
"summary": "SUSE Bug 1233206 for CVE-2024-50230",
"url": "https://bugzilla.suse.com/1233206"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50230"
},
{
"cve": "CVE-2024-50231",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50231"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table()\n\nmodprobe iio-test-gts and rmmod it, then the following memory leak\noccurs:\n\n\tunreferenced object 0xffffff80c810be00 (size 64):\n\t comm \"kunit_try_catch\", pid 1654, jiffies 4294913981\n\t hex dump (first 32 bytes):\n\t 02 00 00 00 08 00 00 00 20 00 00 00 40 00 00 00 ........ ...@...\n\t 80 00 00 00 00 02 00 00 00 04 00 00 00 08 00 00 ................\n\t backtrace (crc a63d875e):\n\t [\u003c0000000028c1b3c2\u003e] kmemleak_alloc+0x34/0x40\n\t [\u003c000000001d6ecc87\u003e] __kmalloc_noprof+0x2bc/0x3c0\n\t [\u003c00000000393795c1\u003e] devm_iio_init_iio_gts+0x4b4/0x16f4\n\t [\u003c0000000071bb4b09\u003e] 0xffffffdf052a62e0\n\t [\u003c000000000315bc18\u003e] 0xffffffdf052a6488\n\t [\u003c00000000f9dc55b5\u003e] kunit_try_run_case+0x13c/0x3ac\n\t [\u003c00000000175a3fd4\u003e] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t [\u003c00000000f505065d\u003e] kthread+0x2e8/0x374\n\t [\u003c00000000bbfb0e5d\u003e] ret_from_fork+0x10/0x20\n\tunreferenced object 0xffffff80cbfe9e70 (size 16):\n\t comm \"kunit_try_catch\", pid 1658, jiffies 4294914015\n\t hex dump (first 16 bytes):\n\t 10 00 00 00 40 00 00 00 80 00 00 00 00 00 00 00 ....@...........\n\t backtrace (crc 857f0cb4):\n\t [\u003c0000000028c1b3c2\u003e] kmemleak_alloc+0x34/0x40\n\t [\u003c000000001d6ecc87\u003e] __kmalloc_noprof+0x2bc/0x3c0\n\t [\u003c00000000393795c1\u003e] devm_iio_init_iio_gts+0x4b4/0x16f4\n\t [\u003c0000000071bb4b09\u003e] 0xffffffdf052a62e0\n\t [\u003c000000007d089d45\u003e] 0xffffffdf052a6864\n\t [\u003c00000000f9dc55b5\u003e] kunit_try_run_case+0x13c/0x3ac\n\t [\u003c00000000175a3fd4\u003e] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t [\u003c00000000f505065d\u003e] kthread+0x2e8/0x374\n\t [\u003c00000000bbfb0e5d\u003e] ret_from_fork+0x10/0x20\n\t......\n\nIt includes 5*5 times \"size 64\" memory leaks, which correspond to 5 times\ntest_init_iio_gain_scale() calls with gts_test_gains size 10 (10*size(int))\nand gts_test_itimes size 5. It also includes 5*1 times \"size 16\"\nmemory leak, which correspond to one time __test_init_iio_gain_scale()\ncall with gts_test_gains_gain_low size 3 (3*size(int)) and gts_test_itimes\nsize 5.\n\nThe reason is that the per_time_gains[i] is not freed which is allocated in\nthe \"gts-\u003enum_itime\" for loop in iio_gts_build_avail_scale_table().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50231",
"url": "https://www.suse.com/security/cve/CVE-2024-50231"
},
{
"category": "external",
"summary": "SUSE Bug 1233208 for CVE-2024-50231",
"url": "https://bugzilla.suse.com/1233208"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50231"
},
{
"cve": "CVE-2024-50232",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50232"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: ad7124: fix division by zero in ad7124_set_channel_odr()\n\nIn the ad7124_write_raw() function, parameter val can potentially\nbe zero. This may lead to a division by zero when DIV_ROUND_CLOSEST()\nis called within ad7124_set_channel_odr(). The ad7124_write_raw()\nfunction is invoked through the sequence: iio_write_channel_raw() -\u003e\niio_write_channel_attribute() -\u003e iio_channel_write(), with no checks\nin place to ensure val is non-zero.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50232",
"url": "https://www.suse.com/security/cve/CVE-2024-50232"
},
{
"category": "external",
"summary": "SUSE Bug 1233209 for CVE-2024-50232",
"url": "https://bugzilla.suse.com/1233209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50232"
},
{
"cve": "CVE-2024-50233",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50233"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg()\n\nIn the ad9832_write_frequency() function, clk_get_rate() might return 0.\nThis can lead to a division by zero when calling ad9832_calc_freqreg().\nThe check if (fout \u003e (clk_get_rate(st-\u003emclk) / 2)) does not protect\nagainst the case when fout is 0. The ad9832_write_frequency() function\nis called from ad9832_write(), and fout is derived from a text buffer,\nwhich can contain any value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50233",
"url": "https://www.suse.com/security/cve/CVE-2024-50233"
},
{
"category": "external",
"summary": "SUSE Bug 1233210 for CVE-2024-50233",
"url": "https://bugzilla.suse.com/1233210"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50233"
},
{
"cve": "CVE-2024-50234",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50234"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlegacy: Clear stale interrupts before resuming device\n\niwl4965 fails upon resume from hibernation on my laptop. The reason\nseems to be a stale interrupt which isn\u0027t being cleared out before\ninterrupts are enabled. We end up with a race beween the resume\ntrying to bring things back up, and the restart work (queued form\nthe interrupt handler) trying to bring things down. Eventually\nthe whole thing blows up.\n\nFix the problem by clearing out any stale interrupts before\ninterrupts get enabled during resume.\n\nHere\u0027s a debug log of the indicent:\n[ 12.042589] ieee80211 phy0: il_isr ISR inta 0x00000080, enabled 0xaa00008b, fh 0x00000000\n[ 12.042625] ieee80211 phy0: il4965_irq_tasklet inta 0x00000080, enabled 0x00000000, fh 0x00000000\n[ 12.042651] iwl4965 0000:10:00.0: RF_KILL bit toggled to enable radio.\n[ 12.042653] iwl4965 0000:10:00.0: On demand firmware reload\n[ 12.042690] ieee80211 phy0: il4965_irq_tasklet End inta 0x00000000, enabled 0xaa00008b, fh 0x00000000, flags 0x00000282\n[ 12.052207] ieee80211 phy0: il4965_mac_start enter\n[ 12.052212] ieee80211 phy0: il_prep_station Add STA to driver ID 31: ff:ff:ff:ff:ff:ff\n[ 12.052244] ieee80211 phy0: il4965_set_hw_ready hardware ready\n[ 12.052324] ieee80211 phy0: il_apm_init Init card\u0027s basic functions\n[ 12.052348] ieee80211 phy0: il_apm_init L1 Enabled; Disabling L0S\n[ 12.055727] ieee80211 phy0: il4965_load_bsm Begin load bsm\n[ 12.056140] ieee80211 phy0: il4965_verify_bsm Begin verify bsm\n[ 12.058642] ieee80211 phy0: il4965_verify_bsm BSM bootstrap uCode image OK\n[ 12.058721] ieee80211 phy0: il4965_load_bsm BSM write complete, poll 1 iterations\n[ 12.058734] ieee80211 phy0: __il4965_up iwl4965 is coming up\n[ 12.058737] ieee80211 phy0: il4965_mac_start Start UP work done.\n[ 12.058757] ieee80211 phy0: __il4965_down iwl4965 is going down\n[ 12.058761] ieee80211 phy0: il_scan_cancel_timeout Scan cancel timeout\n[ 12.058762] ieee80211 phy0: il_do_scan_abort Not performing scan to abort\n[ 12.058765] ieee80211 phy0: il_clear_ucode_stations Clearing ucode stations in driver\n[ 12.058767] ieee80211 phy0: il_clear_ucode_stations No active stations found to be cleared\n[ 12.058819] ieee80211 phy0: _il_apm_stop Stop card, put in low power state\n[ 12.058827] ieee80211 phy0: _il_apm_stop_master stop master\n[ 12.058864] ieee80211 phy0: il4965_clear_free_frames 0 frames on pre-allocated heap on clear.\n[ 12.058869] ieee80211 phy0: Hardware restart was requested\n[ 16.132299] iwl4965 0000:10:00.0: START_ALIVE timeout after 4000ms.\n[ 16.132303] ------------[ cut here ]------------\n[ 16.132304] Hardware became unavailable upon resume. This could be a software issue prior to suspend or a hardware issue.\n[ 16.132338] WARNING: CPU: 0 PID: 181 at net/mac80211/util.c:1826 ieee80211_reconfig+0x8f/0x14b0 [mac80211]\n[ 16.132390] Modules linked in: ctr ccm sch_fq_codel xt_tcpudp xt_multiport xt_state iptable_filter iptable_nat nf_nat nf_conntrack nf_defrag_ipv4 ip_tables x_tables binfmt_misc joydev mousedev btusb btrtl btintel btbcm bluetooth ecdh_generic ecc iTCO_wdt i2c_dev iwl4965 iwlegacy coretemp snd_hda_codec_analog pcspkr psmouse mac80211 snd_hda_codec_generic libarc4 sdhci_pci cqhci sha256_generic sdhci libsha256 firewire_ohci snd_hda_intel snd_intel_dspcfg mmc_core snd_hda_codec snd_hwdep firewire_core led_class iosf_mbi snd_hda_core uhci_hcd lpc_ich crc_itu_t cfg80211 ehci_pci ehci_hcd snd_pcm usbcore mfd_core rfkill snd_timer snd usb_common soundcore video parport_pc parport intel_agp wmi intel_gtt backlight e1000e agpgart evdev\n[ 16.132456] CPU: 0 UID: 0 PID: 181 Comm: kworker/u8:6 Not tainted 6.11.0-cl+ #143\n[ 16.132460] Hardware name: Hewlett-Packard HP Compaq 6910p/30BE, BIOS 68MCU Ver. F.19 07/06/2010\n[ 16.132463] Workqueue: async async_run_entry_fn\n[ 16.132469] RIP: 0010:ieee80211_reconfig+0x8f/0x14b0 [mac80211]\n[ 16.132501] Code: da 02 00 0\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50234",
"url": "https://www.suse.com/security/cve/CVE-2024-50234"
},
{
"category": "external",
"summary": "SUSE Bug 1233211 for CVE-2024-50234",
"url": "https://bugzilla.suse.com/1233211"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50234"
},
{
"cve": "CVE-2024-50235",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50235"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: clear wdev-\u003ecqm_config pointer on free\n\nWhen we free wdev-\u003ecqm_config when unregistering, we also\nneed to clear out the pointer since the same wdev/netdev\nmay get re-registered in another network namespace, then\ndestroyed later, running this code again, which results in\na double-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50235",
"url": "https://www.suse.com/security/cve/CVE-2024-50235"
},
{
"category": "external",
"summary": "SUSE Bug 1233176 for CVE-2024-50235",
"url": "https://bugzilla.suse.com/1233176"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50235"
},
{
"cve": "CVE-2024-50236",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50236"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath10k: Fix memory leak in management tx\n\nIn the current logic, memory is allocated for storing the MSDU context\nduring management packet TX but this memory is not being freed during\nmanagement TX completion. Similar leaks are seen in the management TX\ncleanup logic.\n\nKmemleak reports this problem as below,\n\nunreferenced object 0xffffff80b64ed250 (size 16):\n comm \"kworker/u16:7\", pid 148, jiffies 4294687130 (age 714.199s)\n hex dump (first 16 bytes):\n 00 2b d8 d8 80 ff ff ff c4 74 e9 fd 07 00 00 00 .+.......t......\n backtrace:\n [\u003cffffffe6e7b245dc\u003e] __kmem_cache_alloc_node+0x1e4/0x2d8\n [\u003cffffffe6e7adde88\u003e] kmalloc_trace+0x48/0x110\n [\u003cffffffe6bbd765fc\u003e] ath10k_wmi_tlv_op_gen_mgmt_tx_send+0xd4/0x1d8 [ath10k_core]\n [\u003cffffffe6bbd3eed4\u003e] ath10k_mgmt_over_wmi_tx_work+0x134/0x298 [ath10k_core]\n [\u003cffffffe6e78d5974\u003e] process_scheduled_works+0x1ac/0x400\n [\u003cffffffe6e78d60b8\u003e] worker_thread+0x208/0x328\n [\u003cffffffe6e78dc890\u003e] kthread+0x100/0x1c0\n [\u003cffffffe6e78166c0\u003e] ret_from_fork+0x10/0x20\n\nFree the memory during completion and cleanup to fix the leak.\n\nProtect the mgmt_pending_tx idr_remove() operation in\nath10k_wmi_tlv_op_cleanup_mgmt_tx_send() using ar-\u003edata_lock similar to\nother instances.\n\nTested-on: WCN3990 hw1.0 SNOC WLAN.HL.2.0-01387-QCAHLSWMTPLZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50236",
"url": "https://www.suse.com/security/cve/CVE-2024-50236"
},
{
"category": "external",
"summary": "SUSE Bug 1233212 for CVE-2024-50236",
"url": "https://bugzilla.suse.com/1233212"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50236"
},
{
"cve": "CVE-2024-50237",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50237"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: do not pass a stopped vif to the driver in .get_txpower\n\nAvoid potentially crashing in the driver because of uninitialized private data",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50237",
"url": "https://www.suse.com/security/cve/CVE-2024-50237"
},
{
"category": "external",
"summary": "SUSE Bug 1233216 for CVE-2024-50237",
"url": "https://bugzilla.suse.com/1233216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50237"
},
{
"cve": "CVE-2024-50240",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50240"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: qcom: qmp-usb: fix NULL-deref on runtime suspend\n\nCommit 413db06c05e7 (\"phy: qcom-qmp-usb: clean up probe initialisation\")\nremoved most users of the platform device driver data, but mistakenly\nalso removed the initialisation despite the data still being used in the\nruntime PM callbacks.\n\nRestore the driver data initialisation at probe to avoid a NULL-pointer\ndereference on runtime suspend.\n\nApparently no one uses runtime PM, which currently needs to be enabled\nmanually through sysfs, with this driver.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50240",
"url": "https://www.suse.com/security/cve/CVE-2024-50240"
},
{
"category": "external",
"summary": "SUSE Bug 1233217 for CVE-2024-50240",
"url": "https://bugzilla.suse.com/1233217"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50240"
},
{
"cve": "CVE-2024-50245",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50245"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Fix possible deadlock in mi_read\n\nMutex lock with another subclass used in ni_lock_dir().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50245",
"url": "https://www.suse.com/security/cve/CVE-2024-50245"
},
{
"category": "external",
"summary": "SUSE Bug 1233203 for CVE-2024-50245",
"url": "https://bugzilla.suse.com/1233203"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50245"
},
{
"cve": "CVE-2024-50246",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50246"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Add rough attr alloc_size check",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50246",
"url": "https://www.suse.com/security/cve/CVE-2024-50246"
},
{
"category": "external",
"summary": "SUSE Bug 1233207 for CVE-2024-50246",
"url": "https://bugzilla.suse.com/1233207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50246"
},
{
"cve": "CVE-2024-50248",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50248"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nntfs3: Add bounds checking to mi_enum_attr()\n\nAdded bounds checking to make sure that every attr don\u0027t stray beyond\nvalid memory region.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50248",
"url": "https://www.suse.com/security/cve/CVE-2024-50248"
},
{
"category": "external",
"summary": "SUSE Bug 1233219 for CVE-2024-50248",
"url": "https://bugzilla.suse.com/1233219"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50248"
},
{
"cve": "CVE-2024-50249",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50249"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: CPPC: Make rmw_lock a raw_spin_lock\n\nThe following BUG was triggered:\n\n=============================\n[ BUG: Invalid wait context ]\n6.12.0-rc2-XXX #406 Not tainted\n-----------------------------\nkworker/1:1/62 is trying to lock:\nffffff8801593030 (\u0026cpc_ptr-\u003ermw_lock){+.+.}-{3:3}, at: cpc_write+0xcc/0x370\nother info that might help us debug this:\ncontext-{5:5}\n2 locks held by kworker/1:1/62:\n #0: ffffff897ef5ec98 (\u0026rq-\u003e__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2c/0x50\n #1: ffffff880154e238 (\u0026sg_policy-\u003eupdate_lock){....}-{2:2}, at: sugov_update_shared+0x3c/0x280\nstack backtrace:\nCPU: 1 UID: 0 PID: 62 Comm: kworker/1:1 Not tainted 6.12.0-rc2-g9654bd3e8806 #406\nWorkqueue: 0x0 (events)\nCall trace:\n dump_backtrace+0xa4/0x130\n show_stack+0x20/0x38\n dump_stack_lvl+0x90/0xd0\n dump_stack+0x18/0x28\n __lock_acquire+0x480/0x1ad8\n lock_acquire+0x114/0x310\n _raw_spin_lock+0x50/0x70\n cpc_write+0xcc/0x370\n cppc_set_perf+0xa0/0x3a8\n cppc_cpufreq_fast_switch+0x40/0xc0\n cpufreq_driver_fast_switch+0x4c/0x218\n sugov_update_shared+0x234/0x280\n update_load_avg+0x6ec/0x7b8\n dequeue_entities+0x108/0x830\n dequeue_task_fair+0x58/0x408\n __schedule+0x4f0/0x1070\n schedule+0x54/0x130\n worker_thread+0xc0/0x2e8\n kthread+0x130/0x148\n ret_from_fork+0x10/0x20\n\nsugov_update_shared() locks a raw_spinlock while cpc_write() locks a\nspinlock.\n\nTo have a correct wait-type order, update rmw_lock to a raw spinlock and\nensure that interrupts will be disabled on the CPU holding it.\n\n[ rjw: Changelog edits ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50249",
"url": "https://www.suse.com/security/cve/CVE-2024-50249"
},
{
"category": "external",
"summary": "SUSE Bug 1233197 for CVE-2024-50249",
"url": "https://bugzilla.suse.com/1233197"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50249"
},
{
"cve": "CVE-2024-50250",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50250"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfsdax: dax_unshare_iter needs to copy entire blocks\n\nThe code that copies data from srcmap to iomap in dax_unshare_iter is\nvery very broken, which bfoster\u0027s recent fsx changes have exposed.\n\nIf the pos and len passed to dax_file_unshare are not aligned to an\nfsblock boundary, the iter pos and length in the _iter function will\nreflect this unalignment.\n\ndax_iomap_direct_access always returns a pointer to the start of the\nkmapped fsdax page, even if its pos argument is in the middle of that\npage. This is catastrophic for data integrity when iter-\u003epos is not\naligned to a page, because daddr/saddr do not point to the same byte in\nthe file as iter-\u003epos. Hence we corrupt user data by copying it to the\nwrong place.\n\nIf iter-\u003epos + iomap_length() in the _iter function not aligned to a\npage, then we fail to copy a full block, and only partially populate the\ndestination block. This is catastrophic for data confidentiality\nbecause we expose stale pmem contents.\n\nFix both of these issues by aligning copy_pos/copy_len to a page\nboundary (remember, this is fsdax so 1 fsblock == 1 base page) so that\nwe always copy full blocks.\n\nWe\u0027re not done yet -- there\u0027s no call to invalidate_inode_pages2_range,\nso programs that have the file range mmap\u0027d will continue accessing the\nold memory mapping after the file metadata updates have completed.\n\nBe careful with the return value -- if the unshare succeeds, we still\nneed to return the number of bytes that the iomap iter thinks we\u0027re\noperating on.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50250",
"url": "https://www.suse.com/security/cve/CVE-2024-50250"
},
{
"category": "external",
"summary": "SUSE Bug 1233226 for CVE-2024-50250",
"url": "https://bugzilla.suse.com/1233226"
},
{
"category": "external",
"summary": "SUSE Bug 1233227 for CVE-2024-50250",
"url": "https://bugzilla.suse.com/1233227"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-50250"
},
{
"cve": "CVE-2024-50252",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50252"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address\n\nThe device stores IPv6 addresses that are used for encapsulation in\nlinear memory that is managed by the driver.\n\nChanging the remote address of an ip6gre net device never worked\nproperly, but since cited commit the following reproducer [1] would\nresult in a warning [2] and a memory leak [3]. The problem is that the\nnew remote address is never added by the driver to its hash table (and\ntherefore the device) and the old address is never removed from it.\n\nFix by programming the new address when the configuration of the ip6gre\nnet device changes and removing the old one. If the address did not\nchange, then the above would result in increasing the reference count of\nthe address and then decreasing it.\n\n[1]\n # ip link add name bla up type ip6gre local 2001:db8:1::1 remote 2001:db8:2::1 tos inherit ttl inherit\n # ip link set dev bla type ip6gre remote 2001:db8:3::1\n # ip link del dev bla\n # devlink dev reload pci/0000:01:00.0\n\n[2]\nWARNING: CPU: 0 PID: 1682 at drivers/net/ethernet/mellanox/mlxsw/spectrum.c:3002 mlxsw_sp_ipv6_addr_put+0x140/0x1d0\nModules linked in:\nCPU: 0 UID: 0 PID: 1682 Comm: ip Not tainted 6.12.0-rc3-custom-g86b5b55bc835 #151\nHardware name: Nvidia SN5600/VMOD0013, BIOS 5.13 05/31/2023\nRIP: 0010:mlxsw_sp_ipv6_addr_put+0x140/0x1d0\n[...]\nCall Trace:\n \u003cTASK\u003e\n mlxsw_sp_router_netdevice_event+0x55f/0x1240\n notifier_call_chain+0x5a/0xd0\n call_netdevice_notifiers_info+0x39/0x90\n unregister_netdevice_many_notify+0x63e/0x9d0\n rtnl_dellink+0x16b/0x3a0\n rtnetlink_rcv_msg+0x142/0x3f0\n netlink_rcv_skb+0x50/0x100\n netlink_unicast+0x242/0x390\n netlink_sendmsg+0x1de/0x420\n ____sys_sendmsg+0x2bd/0x320\n ___sys_sendmsg+0x9a/0xe0\n __sys_sendmsg+0x7a/0xd0\n do_syscall_64+0x9e/0x1a0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n[3]\nunreferenced object 0xffff898081f597a0 (size 32):\n comm \"ip\", pid 1626, jiffies 4294719324\n hex dump (first 32 bytes):\n 20 01 0d b8 00 02 00 00 00 00 00 00 00 00 00 01 ...............\n 21 49 61 83 80 89 ff ff 00 00 00 00 01 00 00 00 !Ia.............\n backtrace (crc fd9be911):\n [\u003c00000000df89c55d\u003e] __kmalloc_cache_noprof+0x1da/0x260\n [\u003c00000000ff2a1ddb\u003e] mlxsw_sp_ipv6_addr_kvdl_index_get+0x281/0x340\n [\u003c000000009ddd445d\u003e] mlxsw_sp_router_netdevice_event+0x47b/0x1240\n [\u003c00000000743e7757\u003e] notifier_call_chain+0x5a/0xd0\n [\u003c000000007c7b9e13\u003e] call_netdevice_notifiers_info+0x39/0x90\n [\u003c000000002509645d\u003e] register_netdevice+0x5f7/0x7a0\n [\u003c00000000c2e7d2a9\u003e] ip6gre_newlink_common.isra.0+0x65/0x130\n [\u003c0000000087cd6d8d\u003e] ip6gre_newlink+0x72/0x120\n [\u003c000000004df7c7cc\u003e] rtnl_newlink+0x471/0xa20\n [\u003c0000000057ed632a\u003e] rtnetlink_rcv_msg+0x142/0x3f0\n [\u003c0000000032e0d5b5\u003e] netlink_rcv_skb+0x50/0x100\n [\u003c00000000908bca63\u003e] netlink_unicast+0x242/0x390\n [\u003c00000000cdbe1c87\u003e] netlink_sendmsg+0x1de/0x420\n [\u003c0000000011db153e\u003e] ____sys_sendmsg+0x2bd/0x320\n [\u003c000000003b6d53eb\u003e] ___sys_sendmsg+0x9a/0xe0\n [\u003c00000000cae27c62\u003e] __sys_sendmsg+0x7a/0xd0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50252",
"url": "https://www.suse.com/security/cve/CVE-2024-50252"
},
{
"category": "external",
"summary": "SUSE Bug 1233201 for CVE-2024-50252",
"url": "https://bugzilla.suse.com/1233201"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50252"
},
{
"cve": "CVE-2024-50255",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50255"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs\n\nFix __hci_cmd_sync_sk() to return not NULL for unknown opcodes.\n\n__hci_cmd_sync_sk() returns NULL if a command returns a status event.\nHowever, it also returns NULL where an opcode doesn\u0027t exist in the\nhci_cc table because hci_cmd_complete_evt() assumes status = skb-\u003edata[0]\nfor unknown opcodes.\nThis leads to null-ptr-deref in cmd_sync for HCI_OP_READ_LOCAL_CODECS as\nthere is no hci_cc for HCI_OP_READ_LOCAL_CODECS, which always assumes\nstatus = skb-\u003edata[0].\n\nKASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077]\nCPU: 1 PID: 2000 Comm: kworker/u9:5 Not tainted 6.9.0-ga6bcb805883c-dirty #10\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nWorkqueue: hci7 hci_power_on\nRIP: 0010:hci_read_supported_codecs+0xb9/0x870 net/bluetooth/hci_codec.c:138\nCode: 08 48 89 ef e8 b8 c1 8f fd 48 8b 75 00 e9 96 00 00 00 49 89 c6 48 ba 00 00 00 00 00 fc ff df 4c 8d 60 70 4c 89 e3 48 c1 eb 03 \u003c0f\u003e b6 04 13 84 c0 0f 85 82 06 00 00 41 83 3c 24 02 77 0a e8 bf 78\nRSP: 0018:ffff888120bafac8 EFLAGS: 00010212\nRAX: 0000000000000000 RBX: 000000000000000e RCX: ffff8881173f0040\nRDX: dffffc0000000000 RSI: ffffffffa58496c0 RDI: ffff88810b9ad1e4\nRBP: ffff88810b9ac000 R08: ffffffffa77882a7 R09: 1ffffffff4ef1054\nR10: dffffc0000000000 R11: fffffbfff4ef1055 R12: 0000000000000070\nR13: 0000000000000000 R14: 0000000000000000 R15: ffff88810b9ac000\nFS: 0000000000000000(0000) GS:ffff8881f6c00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f6ddaa3439e CR3: 0000000139764003 CR4: 0000000000770ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n hci_read_local_codecs_sync net/bluetooth/hci_sync.c:4546 [inline]\n hci_init_stage_sync net/bluetooth/hci_sync.c:3441 [inline]\n hci_init4_sync net/bluetooth/hci_sync.c:4706 [inline]\n hci_init_sync net/bluetooth/hci_sync.c:4742 [inline]\n hci_dev_init_sync net/bluetooth/hci_sync.c:4912 [inline]\n hci_dev_open_sync+0x19a9/0x2d30 net/bluetooth/hci_sync.c:4994\n hci_dev_do_open net/bluetooth/hci_core.c:483 [inline]\n hci_power_on+0x11e/0x560 net/bluetooth/hci_core.c:1015\n process_one_work kernel/workqueue.c:3267 [inline]\n process_scheduled_works+0x8ef/0x14f0 kernel/workqueue.c:3348\n worker_thread+0x91f/0xe50 kernel/workqueue.c:3429\n kthread+0x2cb/0x360 kernel/kthread.c:388\n ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50255",
"url": "https://www.suse.com/security/cve/CVE-2024-50255"
},
{
"category": "external",
"summary": "SUSE Bug 1233238 for CVE-2024-50255",
"url": "https://bugzilla.suse.com/1233238"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50255"
},
{
"cve": "CVE-2024-50257",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50257"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: Fix use-after-free in get_info()\n\nip6table_nat module unload has refcnt warning for UAF. call trace is:\n\nWARNING: CPU: 1 PID: 379 at kernel/module/main.c:853 module_put+0x6f/0x80\nModules linked in: ip6table_nat(-)\nCPU: 1 UID: 0 PID: 379 Comm: ip6tables Not tainted 6.12.0-rc4-00047-gc2ee9f594da8-dirty #205\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:module_put+0x6f/0x80\nCall Trace:\n \u003cTASK\u003e\n get_info+0x128/0x180\n do_ip6t_get_ctl+0x6a/0x430\n nf_getsockopt+0x46/0x80\n ipv6_getsockopt+0xb9/0x100\n rawv6_getsockopt+0x42/0x190\n do_sock_getsockopt+0xaa/0x180\n __sys_getsockopt+0x70/0xc0\n __x64_sys_getsockopt+0x20/0x30\n do_syscall_64+0xa2/0x1a0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nConcurrent execution of module unload and get_info() trigered the warning.\nThe root cause is as follows:\n\ncpu0\t\t\t\t cpu1\nmodule_exit\n//mod-\u003estate = MODULE_STATE_GOING\n ip6table_nat_exit\n xt_unregister_template\n\tkfree(t)\n\t//removed from templ_list\n\t\t\t\t getinfo()\n\t\t\t\t\t t = xt_find_table_lock\n\t\t\t\t\t\tlist_for_each_entry(tmpl, \u0026xt_templates[af]...)\n\t\t\t\t\t\t\tif (strcmp(tmpl-\u003ename, name))\n\t\t\t\t\t\t\t\tcontinue; //table not found\n\t\t\t\t\t\t\ttry_module_get\n\t\t\t\t\t\tlist_for_each_entry(t, \u0026xt_net-\u003etables[af]...)\n\t\t\t\t\t\t\treturn t; //not get refcnt\n\t\t\t\t\t module_put(t-\u003eme) //uaf\n unregister_pernet_subsys\n //remove table from xt_net list\n\nWhile xt_table module was going away and has been removed from\nxt_templates list, we couldnt get refcnt of xt_table-\u003eme. Check\nmodule in xt_net-\u003etables list re-traversal to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50257",
"url": "https://www.suse.com/security/cve/CVE-2024-50257"
},
{
"category": "external",
"summary": "SUSE Bug 1233244 for CVE-2024-50257",
"url": "https://bugzilla.suse.com/1233244"
},
{
"category": "external",
"summary": "SUSE Bug 1233245 for CVE-2024-50257",
"url": "https://bugzilla.suse.com/1233245"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-50257"
},
{
"cve": "CVE-2024-50261",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50261"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmacsec: Fix use-after-free while sending the offloading packet\n\nKASAN reports the following UAF. The metadata_dst, which is used to\nstore the SCI value for macsec offload, is already freed by\nmetadata_dst_free() in macsec_free_netdev(), while driver still use it\nfor sending the packet.\n\nTo fix this issue, dst_release() is used instead to release\nmetadata_dst. So it is not freed instantly in macsec_free_netdev() if\nstill referenced by skb.\n\n BUG: KASAN: slab-use-after-free in mlx5e_xmit+0x1e8f/0x4190 [mlx5_core]\n Read of size 2 at addr ffff88813e42e038 by task kworker/7:2/714\n [...]\n Workqueue: mld mld_ifc_work\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x51/0x60\n print_report+0xc1/0x600\n kasan_report+0xab/0xe0\n mlx5e_xmit+0x1e8f/0x4190 [mlx5_core]\n dev_hard_start_xmit+0x120/0x530\n sch_direct_xmit+0x149/0x11e0\n __qdisc_run+0x3ad/0x1730\n __dev_queue_xmit+0x1196/0x2ed0\n vlan_dev_hard_start_xmit+0x32e/0x510 [8021q]\n dev_hard_start_xmit+0x120/0x530\n __dev_queue_xmit+0x14a7/0x2ed0\n macsec_start_xmit+0x13e9/0x2340\n dev_hard_start_xmit+0x120/0x530\n __dev_queue_xmit+0x14a7/0x2ed0\n ip6_finish_output2+0x923/0x1a70\n ip6_finish_output+0x2d7/0x970\n ip6_output+0x1ce/0x3a0\n NF_HOOK.constprop.0+0x15f/0x190\n mld_sendpack+0x59a/0xbd0\n mld_ifc_work+0x48a/0xa80\n process_one_work+0x5aa/0xe50\n worker_thread+0x79c/0x1290\n kthread+0x28f/0x350\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e\n\n Allocated by task 3922:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x10/0x30\n __kasan_kmalloc+0x77/0x90\n __kmalloc_noprof+0x188/0x400\n metadata_dst_alloc+0x1f/0x4e0\n macsec_newlink+0x914/0x1410\n __rtnl_newlink+0xe08/0x15b0\n rtnl_newlink+0x5f/0x90\n rtnetlink_rcv_msg+0x667/0xa80\n netlink_rcv_skb+0x12c/0x360\n netlink_unicast+0x551/0x770\n netlink_sendmsg+0x72d/0xbd0\n __sock_sendmsg+0xc5/0x190\n ____sys_sendmsg+0x52e/0x6a0\n ___sys_sendmsg+0xeb/0x170\n __sys_sendmsg+0xb5/0x140\n do_syscall_64+0x4c/0x100\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n Freed by task 4011:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x50\n poison_slab_object+0x10c/0x190\n __kasan_slab_free+0x11/0x30\n kfree+0xe0/0x290\n macsec_free_netdev+0x3f/0x140\n netdev_run_todo+0x450/0xc70\n rtnetlink_rcv_msg+0x66f/0xa80\n netlink_rcv_skb+0x12c/0x360\n netlink_unicast+0x551/0x770\n netlink_sendmsg+0x72d/0xbd0\n __sock_sendmsg+0xc5/0x190\n ____sys_sendmsg+0x52e/0x6a0\n ___sys_sendmsg+0xeb/0x170\n __sys_sendmsg+0xb5/0x140\n do_syscall_64+0x4c/0x100\n entry_SYSCALL_64_after_hwframe+0x4b/0x53",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50261",
"url": "https://www.suse.com/security/cve/CVE-2024-50261"
},
{
"category": "external",
"summary": "SUSE Bug 1233253 for CVE-2024-50261",
"url": "https://bugzilla.suse.com/1233253"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50261"
},
{
"cve": "CVE-2024-50264",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50264"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/virtio: Initialization of the dangling pointer occurring in vsk-\u003etrans\n\nDuring loopback communication, a dangling pointer can be created in\nvsk-\u003etrans, potentially leading to a Use-After-Free condition. This\nissue is resolved by initializing vsk-\u003etrans to NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50264",
"url": "https://www.suse.com/security/cve/CVE-2024-50264"
},
{
"category": "external",
"summary": "SUSE Bug 1233453 for CVE-2024-50264",
"url": "https://bugzilla.suse.com/1233453"
},
{
"category": "external",
"summary": "SUSE Bug 1233712 for CVE-2024-50264",
"url": "https://bugzilla.suse.com/1233712"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-50264"
},
{
"cve": "CVE-2024-50265",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50265"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove()\n\nSyzkaller is able to provoke null-ptr-dereference in ocfs2_xa_remove():\n\n[ 57.319872] (a.out,1161,7):ocfs2_xa_remove:2028 ERROR: status = -12\n[ 57.320420] (a.out,1161,7):ocfs2_xa_cleanup_value_truncate:1999 ERROR: Partial truncate while removing xattr overlay.upper. Leaking 1 clusters and removing the entry\n[ 57.321727] BUG: kernel NULL pointer dereference, address: 0000000000000004\n[...]\n[ 57.325727] RIP: 0010:ocfs2_xa_block_wipe_namevalue+0x2a/0xc0\n[...]\n[ 57.331328] Call Trace:\n[ 57.331477] \u003cTASK\u003e\n[...]\n[ 57.333511] ? do_user_addr_fault+0x3e5/0x740\n[ 57.333778] ? exc_page_fault+0x70/0x170\n[ 57.334016] ? asm_exc_page_fault+0x2b/0x30\n[ 57.334263] ? __pfx_ocfs2_xa_block_wipe_namevalue+0x10/0x10\n[ 57.334596] ? ocfs2_xa_block_wipe_namevalue+0x2a/0xc0\n[ 57.334913] ocfs2_xa_remove_entry+0x23/0xc0\n[ 57.335164] ocfs2_xa_set+0x704/0xcf0\n[ 57.335381] ? _raw_spin_unlock+0x1a/0x40\n[ 57.335620] ? ocfs2_inode_cache_unlock+0x16/0x20\n[ 57.335915] ? trace_preempt_on+0x1e/0x70\n[ 57.336153] ? start_this_handle+0x16c/0x500\n[ 57.336410] ? preempt_count_sub+0x50/0x80\n[ 57.336656] ? _raw_read_unlock+0x20/0x40\n[ 57.336906] ? start_this_handle+0x16c/0x500\n[ 57.337162] ocfs2_xattr_block_set+0xa6/0x1e0\n[ 57.337424] __ocfs2_xattr_set_handle+0x1fd/0x5d0\n[ 57.337706] ? ocfs2_start_trans+0x13d/0x290\n[ 57.337971] ocfs2_xattr_set+0xb13/0xfb0\n[ 57.338207] ? dput+0x46/0x1c0\n[ 57.338393] ocfs2_xattr_trusted_set+0x28/0x30\n[ 57.338665] ? ocfs2_xattr_trusted_set+0x28/0x30\n[ 57.338948] __vfs_removexattr+0x92/0xc0\n[ 57.339182] __vfs_removexattr_locked+0xd5/0x190\n[ 57.339456] ? preempt_count_sub+0x50/0x80\n[ 57.339705] vfs_removexattr+0x5f/0x100\n[...]\n\nReproducer uses faultinject facility to fail ocfs2_xa_remove() -\u003e\nocfs2_xa_value_truncate() with -ENOMEM.\n\nIn this case the comment mentions that we can return 0 if\nocfs2_xa_cleanup_value_truncate() is going to wipe the entry\nanyway. But the following \u0027rc\u0027 check is wrong and execution flow do\n\u0027ocfs2_xa_remove_entry(loc);\u0027 twice:\n* 1st: in ocfs2_xa_cleanup_value_truncate();\n* 2nd: returning back to ocfs2_xa_remove() instead of going to \u0027out\u0027.\n\nFix this by skipping the 2nd removal of the same entry and making\nsyzkaller repro happy.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50265",
"url": "https://www.suse.com/security/cve/CVE-2024-50265"
},
{
"category": "external",
"summary": "SUSE Bug 1233454 for CVE-2024-50265",
"url": "https://bugzilla.suse.com/1233454"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50265"
},
{
"cve": "CVE-2024-50267",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50267"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: serial: io_edgeport: fix use after free in debug printk\n\nThe \"dev_dbg(\u0026urb-\u003edev-\u003edev, ...\" which happens after usb_free_urb(urb)\nis a use after free of the \"urb\" pointer. Store the \"dev\" pointer at the\nstart of the function to avoid this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50267",
"url": "https://www.suse.com/security/cve/CVE-2024-50267"
},
{
"category": "external",
"summary": "SUSE Bug 1233456 for CVE-2024-50267",
"url": "https://bugzilla.suse.com/1233456"
},
{
"category": "external",
"summary": "SUSE Bug 1233711 for CVE-2024-50267",
"url": "https://bugzilla.suse.com/1233711"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-50267"
},
{
"cve": "CVE-2024-50268",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50268"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd()\n\nThe \"*cmd\" variable can be controlled by the user via debugfs. That means\n\"new_cam\" can be as high as 255 while the size of the uc-\u003eupdated[] array\nis UCSI_MAX_ALTMODES (30).\n\nThe call tree is:\nucsi_cmd() // val comes from simple_attr_write_xsigned()\n-\u003e ucsi_send_command()\n -\u003e ucsi_send_command_common()\n -\u003e ucsi_run_command() // calls ucsi-\u003eops-\u003esync_control()\n -\u003e ucsi_ccg_sync_control()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50268",
"url": "https://www.suse.com/security/cve/CVE-2024-50268"
},
{
"category": "external",
"summary": "SUSE Bug 1233457 for CVE-2024-50268",
"url": "https://bugzilla.suse.com/1233457"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50268"
},
{
"cve": "CVE-2024-50269",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50269"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: musb: sunxi: Fix accessing an released usb phy\n\nCommit 6ed05c68cbca (\"usb: musb: sunxi: Explicitly release USB PHY on\nexit\") will cause that usb phy @glue-\u003exceiv is accessed after released.\n\n1) register platform driver @sunxi_musb_driver\n// get the usb phy @glue-\u003exceiv\nsunxi_musb_probe() -\u003e devm_usb_get_phy().\n\n2) register and unregister platform driver @musb_driver\nmusb_probe() -\u003e sunxi_musb_init()\nuse the phy here\n//the phy is released here\nmusb_remove() -\u003e sunxi_musb_exit() -\u003e devm_usb_put_phy()\n\n3) register @musb_driver again\nmusb_probe() -\u003e sunxi_musb_init()\nuse the phy here but the phy has been released at 2).\n...\n\nFixed by reverting the commit, namely, removing devm_usb_put_phy()\nfrom sunxi_musb_exit().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50269",
"url": "https://www.suse.com/security/cve/CVE-2024-50269"
},
{
"category": "external",
"summary": "SUSE Bug 1233458 for CVE-2024-50269",
"url": "https://bugzilla.suse.com/1233458"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50269"
},
{
"cve": "CVE-2024-50271",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50271"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsignal: restore the override_rlimit logic\n\nPrior to commit d64696905554 (\"Reimplement RLIMIT_SIGPENDING on top of\nucounts\") UCOUNT_RLIMIT_SIGPENDING rlimit was not enforced for a class of\nsignals. However now it\u0027s enforced unconditionally, even if\noverride_rlimit is set. This behavior change caused production issues. \n\nFor example, if the limit is reached and a process receives a SIGSEGV\nsignal, sigqueue_alloc fails to allocate the necessary resources for the\nsignal delivery, preventing the signal from being delivered with siginfo. \nThis prevents the process from correctly identifying the fault address and\nhandling the error. From the user-space perspective, applications are\nunaware that the limit has been reached and that the siginfo is\neffectively \u0027corrupted\u0027. This can lead to unpredictable behavior and\ncrashes, as we observed with java applications.\n\nFix this by passing override_rlimit into inc_rlimit_get_ucounts() and skip\nthe comparison to max there if override_rlimit is set. This effectively\nrestores the old behavior.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50271",
"url": "https://www.suse.com/security/cve/CVE-2024-50271"
},
{
"category": "external",
"summary": "SUSE Bug 1233460 for CVE-2024-50271",
"url": "https://bugzilla.suse.com/1233460"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50271"
},
{
"cve": "CVE-2024-50273",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50273"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: reinitialize delayed ref list after deleting it from the list\n\nAt insert_delayed_ref() if we need to update the action of an existing\nref to BTRFS_DROP_DELAYED_REF, we delete the ref from its ref head\u0027s\nref_add_list using list_del(), which leaves the ref\u0027s add_list member\nnot reinitialized, as list_del() sets the next and prev members of the\nlist to LIST_POISON1 and LIST_POISON2, respectively.\n\nIf later we end up calling drop_delayed_ref() against the ref, which can\nhappen during merging or when destroying delayed refs due to a transaction\nabort, we can trigger a crash since at drop_delayed_ref() we call\nlist_empty() against the ref\u0027s add_list, which returns false since\nthe list was not reinitialized after the list_del() and as a consequence\nwe call list_del() again at drop_delayed_ref(). This results in an\ninvalid list access since the next and prev members are set to poison\npointers, resulting in a splat if CONFIG_LIST_HARDENED and\nCONFIG_DEBUG_LIST are set or invalid poison pointer dereferences\notherwise.\n\nSo fix this by deleting from the list with list_del_init() instead.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50273",
"url": "https://www.suse.com/security/cve/CVE-2024-50273"
},
{
"category": "external",
"summary": "SUSE Bug 1233462 for CVE-2024-50273",
"url": "https://bugzilla.suse.com/1233462"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50273"
},
{
"cve": "CVE-2024-50274",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50274"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: avoid vport access in idpf_get_link_ksettings\n\nWhen the device control plane is removed or the platform\nrunning device control plane is rebooted, a reset is detected\non the driver. On driver reset, it releases the resources and\nwaits for the reset to complete. If the reset fails, it takes\nthe error path and releases the vport lock. At this time if the\nmonitoring tools tries to access link settings, it call traces\nfor accessing released vport pointer.\n\nTo avoid it, move link_speed_mbps to netdev_priv structure\nwhich removes the dependency on vport pointer and the vport lock\nin idpf_get_link_ksettings. Also use netif_carrier_ok()\nto check the link status and adjust the offsetof to use link_up\ninstead of link_speed_mbps.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50274",
"url": "https://www.suse.com/security/cve/CVE-2024-50274"
},
{
"category": "external",
"summary": "SUSE Bug 1233463 for CVE-2024-50274",
"url": "https://bugzilla.suse.com/1233463"
},
{
"category": "external",
"summary": "SUSE Bug 1235104 for CVE-2024-50274",
"url": "https://bugzilla.suse.com/1235104"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-50274"
},
{
"cve": "CVE-2024-50275",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50275"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64/sve: Discard stale CPU state when handling SVE traps\n\nThe logic for handling SVE traps manipulates saved FPSIMD/SVE state\nincorrectly, and a race with preemption can result in a task having\nTIF_SVE set and TIF_FOREIGN_FPSTATE clear even though the live CPU state\nis stale (e.g. with SVE traps enabled). This has been observed to result\nin warnings from do_sve_acc() where SVE traps are not expected while\nTIF_SVE is set:\n\n| if (test_and_set_thread_flag(TIF_SVE))\n| WARN_ON(1); /* SVE access shouldn\u0027t have trapped */\n\nWarnings of this form have been reported intermittently, e.g.\n\n https://lore.kernel.org/linux-arm-kernel/CA+G9fYtEGe_DhY2Ms7+L7NKsLYUomGsgqpdBj+QwDLeSg=JhGg@mail.gmail.com/\n https://lore.kernel.org/linux-arm-kernel/000000000000511e9a060ce5a45c@google.com/\n\nThe race can occur when the SVE trap handler is preempted before and\nafter manipulating the saved FPSIMD/SVE state, starting and ending on\nthe same CPU, e.g.\n\n| void do_sve_acc(unsigned long esr, struct pt_regs *regs)\n| {\n| // Trap on CPU 0 with TIF_SVE clear, SVE traps enabled\n| // task-\u003efpsimd_cpu is 0.\n| // per_cpu_ptr(\u0026fpsimd_last_state, 0) is task.\n|\n| ...\n|\n| // Preempted; migrated from CPU 0 to CPU 1.\n| // TIF_FOREIGN_FPSTATE is set.\n|\n| get_cpu_fpsimd_context();\n|\n| if (test_and_set_thread_flag(TIF_SVE))\n| WARN_ON(1); /* SVE access shouldn\u0027t have trapped */\n|\n| sve_init_regs() {\n| if (!test_thread_flag(TIF_FOREIGN_FPSTATE)) {\n| ...\n| } else {\n| fpsimd_to_sve(current);\n| current-\u003ethread.fp_type = FP_STATE_SVE;\n| }\n| }\n|\n| put_cpu_fpsimd_context();\n|\n| // Preempted; migrated from CPU 1 to CPU 0.\n| // task-\u003efpsimd_cpu is still 0\n| // If per_cpu_ptr(\u0026fpsimd_last_state, 0) is still task then:\n| // - Stale HW state is reused (with SVE traps enabled)\n| // - TIF_FOREIGN_FPSTATE is cleared\n| // - A return to userspace skips HW state restore\n| }\n\nFix the case where the state is not live and TIF_FOREIGN_FPSTATE is set\nby calling fpsimd_flush_task_state() to detach from the saved CPU\nstate. This ensures that a subsequent context switch will not reuse the\nstale CPU state, and will instead set TIF_FOREIGN_FPSTATE, forcing the\nnew state to be reloaded from memory prior to a return to userspace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50275",
"url": "https://www.suse.com/security/cve/CVE-2024-50275"
},
{
"category": "external",
"summary": "SUSE Bug 1233464 for CVE-2024-50275",
"url": "https://bugzilla.suse.com/1233464"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50275"
},
{
"cve": "CVE-2024-50276",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50276"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: vertexcom: mse102x: Fix possible double free of TX skb\n\nThe scope of the TX skb is wider than just mse102x_tx_frame_spi(),\nso in case the TX skb room needs to be expanded, we should free the\nthe temporary skb instead of the original skb. Otherwise the original\nTX skb pointer would be freed again in mse102x_tx_work(), which leads\nto crashes:\n\n Internal error: Oops: 0000000096000004 [#2] PREEMPT SMP\n CPU: 0 PID: 712 Comm: kworker/0:1 Tainted: G D 6.6.23\n Hardware name: chargebyte Charge SOM DC-ONE (DT)\n Workqueue: events mse102x_tx_work [mse102x]\n pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : skb_release_data+0xb8/0x1d8\n lr : skb_release_data+0x1ac/0x1d8\n sp : ffff8000819a3cc0\n x29: ffff8000819a3cc0 x28: ffff0000046daa60 x27: ffff0000057f2dc0\n x26: ffff000005386c00 x25: 0000000000000002 x24: 00000000ffffffff\n x23: 0000000000000000 x22: 0000000000000001 x21: ffff0000057f2e50\n x20: 0000000000000006 x19: 0000000000000000 x18: ffff00003fdacfcc\n x17: e69ad452d0c49def x16: 84a005feff870102 x15: 0000000000000000\n x14: 000000000000024a x13: 0000000000000002 x12: 0000000000000000\n x11: 0000000000000400 x10: 0000000000000930 x9 : ffff00003fd913e8\n x8 : fffffc00001bc008\n x7 : 0000000000000000 x6 : 0000000000000008\n x5 : ffff00003fd91340 x4 : 0000000000000000 x3 : 0000000000000009\n x2 : 00000000fffffffe x1 : 0000000000000000 x0 : 0000000000000000\n Call trace:\n skb_release_data+0xb8/0x1d8\n kfree_skb_reason+0x48/0xb0\n mse102x_tx_work+0x164/0x35c [mse102x]\n process_one_work+0x138/0x260\n worker_thread+0x32c/0x438\n kthread+0x118/0x11c\n ret_from_fork+0x10/0x20\n Code: aa1303e0 97fffab6 72001c1f 54000141 (f9400660)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50276",
"url": "https://www.suse.com/security/cve/CVE-2024-50276"
},
{
"category": "external",
"summary": "SUSE Bug 1233465 for CVE-2024-50276",
"url": "https://bugzilla.suse.com/1233465"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50276"
},
{
"cve": "CVE-2024-50279",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50279"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm cache: fix out-of-bounds access to the dirty bitset when resizing\n\ndm-cache checks the dirty bits of the cache blocks to be dropped when\nshrinking the fast device, but an index bug in bitset iteration causes\nout-of-bounds access.\n\nReproduce steps:\n\n1. create a cache device of 1024 cache blocks (128 bytes dirty bitset)\n\ndmsetup create cmeta --table \"0 8192 linear /dev/sdc 0\"\ndmsetup create cdata --table \"0 131072 linear /dev/sdc 8192\"\ndmsetup create corig --table \"0 524288 linear /dev/sdc 262144\"\ndd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1 oflag=direct\ndmsetup create cache --table \"0 524288 cache /dev/mapper/cmeta \\\n/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0\"\n\n2. shrink the fast device to 512 cache blocks, triggering out-of-bounds\n access to the dirty bitset (offset 0x80)\n\ndmsetup suspend cache\ndmsetup reload cdata --table \"0 65536 linear /dev/sdc 8192\"\ndmsetup resume cdata\ndmsetup resume cache\n\nKASAN reports:\n\n BUG: KASAN: vmalloc-out-of-bounds in cache_preresume+0x269/0x7b0\n Read of size 8 at addr ffffc900000f3080 by task dmsetup/131\n\n (...snip...)\n The buggy address belongs to the virtual mapping at\n [ffffc900000f3000, ffffc900000f5000) created by:\n cache_ctr+0x176a/0x35f0\n\n (...snip...)\n Memory state around the buggy address:\n ffffc900000f2f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ffffc900000f3000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n \u003effffc900000f3080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ^\n ffffc900000f3100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ffffc900000f3180: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n\nFix by making the index post-incremented.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50279",
"url": "https://www.suse.com/security/cve/CVE-2024-50279"
},
{
"category": "external",
"summary": "SUSE Bug 1233468 for CVE-2024-50279",
"url": "https://bugzilla.suse.com/1233468"
},
{
"category": "external",
"summary": "SUSE Bug 1233708 for CVE-2024-50279",
"url": "https://bugzilla.suse.com/1233708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-50279"
},
{
"cve": "CVE-2024-50282",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50282"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()\n\nAvoid a possible buffer overflow if size is larger than 4K.\n\n(cherry picked from commit f5d873f5825b40d886d03bd2aede91d4cf002434)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50282",
"url": "https://www.suse.com/security/cve/CVE-2024-50282"
},
{
"category": "external",
"summary": "SUSE Bug 1233471 for CVE-2024-50282",
"url": "https://bugzilla.suse.com/1233471"
},
{
"category": "external",
"summary": "SUSE Bug 1233707 for CVE-2024-50282",
"url": "https://bugzilla.suse.com/1233707"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-50282"
},
{
"cve": "CVE-2024-50287",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50287"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l2-tpg: prevent the risk of a division by zero\n\nAs reported by Coverity, the logic at tpg_precalculate_line()\nblindly rescales the buffer even when scaled_witdh is equal to\nzero. If this ever happens, this will cause a division by zero.\n\nInstead, add a WARN_ON_ONCE() to trigger such cases and return\nwithout doing any precalculation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50287",
"url": "https://www.suse.com/security/cve/CVE-2024-50287"
},
{
"category": "external",
"summary": "SUSE Bug 1233476 for CVE-2024-50287",
"url": "https://bugzilla.suse.com/1233476"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50287"
},
{
"cve": "CVE-2024-50289",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50289"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: av7110: fix a spectre vulnerability\n\nAs warned by smatch:\n\tdrivers/staging/media/av7110/av7110_ca.c:270 dvb_ca_ioctl() warn: potential spectre issue \u0027av7110-\u003eci_slot\u0027 [w] (local cap)\n\nThere is a spectre-related vulnerability at the code. Fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50289",
"url": "https://www.suse.com/security/cve/CVE-2024-50289"
},
{
"category": "external",
"summary": "SUSE Bug 1233478 for CVE-2024-50289",
"url": "https://bugzilla.suse.com/1233478"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50289"
},
{
"cve": "CVE-2024-50290",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50290"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: cx24116: prevent overflows on SNR calculus\n\nas reported by Coverity, if reading SNR registers fail, a negative\nnumber will be returned, causing an underflow when reading SNR\nregisters.\n\nPrevent that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50290",
"url": "https://www.suse.com/security/cve/CVE-2024-50290"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1233479 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1233479"
},
{
"category": "external",
"summary": "SUSE Bug 1233681 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1233681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-50290"
},
{
"cve": "CVE-2024-50292",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50292"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove\n\nIn case of error when requesting ctrl_chan DMA channel, ctrl_chan is not\nnull. So the release of the dma channel leads to the following issue:\n[ 4.879000] st,stm32-spdifrx 500d0000.audio-controller:\ndma_request_slave_channel error -19\n[ 4.888975] Unable to handle kernel NULL pointer dereference\nat virtual address 000000000000003d\n[...]\n[ 5.096577] Call trace:\n[ 5.099099] dma_release_channel+0x24/0x100\n[ 5.103235] stm32_spdifrx_remove+0x24/0x60 [snd_soc_stm32_spdifrx]\n[ 5.109494] stm32_spdifrx_probe+0x320/0x4c4 [snd_soc_stm32_spdifrx]\n\nTo avoid this issue, release channel only if the pointer is valid.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50292",
"url": "https://www.suse.com/security/cve/CVE-2024-50292"
},
{
"category": "external",
"summary": "SUSE Bug 1233481 for CVE-2024-50292",
"url": "https://bugzilla.suse.com/1233481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50292"
},
{
"cve": "CVE-2024-50295",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50295"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: arc: fix the device for dma_map_single/dma_unmap_single\n\nThe ndev-\u003edev and pdev-\u003edev aren\u0027t the same device, use ndev-\u003edev.parent\nwhich has dma_mask, ndev-\u003edev.parent is just pdev-\u003edev.\nOr it would cause the following issue:\n\n[ 39.933526] ------------[ cut here ]------------\n[ 39.938414] WARNING: CPU: 1 PID: 501 at kernel/dma/mapping.c:149 dma_map_page_attrs+0x90/0x1f8",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50295",
"url": "https://www.suse.com/security/cve/CVE-2024-50295"
},
{
"category": "external",
"summary": "SUSE Bug 1233484 for CVE-2024-50295",
"url": "https://bugzilla.suse.com/1233484"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50295"
},
{
"cve": "CVE-2024-50296",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50296"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix kernel crash when uninstalling driver\n\nWhen the driver is uninstalled and the VF is disabled concurrently, a\nkernel crash occurs. The reason is that the two actions call function\npci_disable_sriov(). The num_VFs is checked to determine whether to\nrelease the corresponding resources. During the second calling, num_VFs\nis not 0 and the resource release function is called. However, the\ncorresponding resource has been released during the first invoking.\nTherefore, the problem occurs:\n\n[15277.839633][T50670] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020\n...\n[15278.131557][T50670] Call trace:\n[15278.134686][T50670] klist_put+0x28/0x12c\n[15278.138682][T50670] klist_del+0x14/0x20\n[15278.142592][T50670] device_del+0xbc/0x3c0\n[15278.146676][T50670] pci_remove_bus_device+0x84/0x120\n[15278.151714][T50670] pci_stop_and_remove_bus_device+0x6c/0x80\n[15278.157447][T50670] pci_iov_remove_virtfn+0xb4/0x12c\n[15278.162485][T50670] sriov_disable+0x50/0x11c\n[15278.166829][T50670] pci_disable_sriov+0x24/0x30\n[15278.171433][T50670] hnae3_unregister_ae_algo_prepare+0x60/0x90 [hnae3]\n[15278.178039][T50670] hclge_exit+0x28/0xd0 [hclge]\n[15278.182730][T50670] __se_sys_delete_module.isra.0+0x164/0x230\n[15278.188550][T50670] __arm64_sys_delete_module+0x1c/0x30\n[15278.193848][T50670] invoke_syscall+0x50/0x11c\n[15278.198278][T50670] el0_svc_common.constprop.0+0x158/0x164\n[15278.203837][T50670] do_el0_svc+0x34/0xcc\n[15278.207834][T50670] el0_svc+0x20/0x30\n\nFor details, see the following figure.\n\n rmmod hclge disable VFs\n----------------------------------------------------\nhclge_exit() sriov_numvfs_store()\n ... device_lock()\n pci_disable_sriov() hns3_pci_sriov_configure()\n pci_disable_sriov()\n sriov_disable()\n sriov_disable() if !num_VFs :\n if !num_VFs : return;\n return; sriov_del_vfs()\n sriov_del_vfs() ...\n ... klist_put()\n klist_put() ...\n ... num_VFs = 0;\n num_VFs = 0; device_unlock();\n\nIn this patch, when driver is removing, we get the device_lock()\nto protect num_VFs, just like sriov_numvfs_store().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50296",
"url": "https://www.suse.com/security/cve/CVE-2024-50296"
},
{
"category": "external",
"summary": "SUSE Bug 1233485 for CVE-2024-50296",
"url": "https://bugzilla.suse.com/1233485"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50296"
},
{
"cve": "CVE-2024-50298",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50298"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: enetc: allocate vf_state during PF probes\n\nIn the previous implementation, vf_state is allocated memory only when VF\nis enabled. However, net_device_ops::ndo_set_vf_mac() may be called before\nVF is enabled to configure the MAC address of VF. If this is the case,\nenetc_pf_set_vf_mac() will access vf_state, resulting in access to a null\npointer. The simplified error log is as follows.\n\nroot@ls1028ardb:~# ip link set eno0 vf 1 mac 00:0c:e7:66:77:89\n[ 173.543315] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004\n[ 173.637254] pc : enetc_pf_set_vf_mac+0x3c/0x80 Message from sy\n[ 173.641973] lr : do_setlink+0x4a8/0xec8\n[ 173.732292] Call trace:\n[ 173.734740] enetc_pf_set_vf_mac+0x3c/0x80\n[ 173.738847] __rtnl_newlink+0x530/0x89c\n[ 173.742692] rtnl_newlink+0x50/0x7c\n[ 173.746189] rtnetlink_rcv_msg+0x128/0x390\n[ 173.750298] netlink_rcv_skb+0x60/0x130\n[ 173.754145] rtnetlink_rcv+0x18/0x24\n[ 173.757731] netlink_unicast+0x318/0x380\n[ 173.761665] netlink_sendmsg+0x17c/0x3c8",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50298",
"url": "https://www.suse.com/security/cve/CVE-2024-50298"
},
{
"category": "external",
"summary": "SUSE Bug 1233487 for CVE-2024-50298",
"url": "https://bugzilla.suse.com/1233487"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-50298"
},
{
"cve": "CVE-2024-50301",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50301"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsecurity/keys: fix slab-out-of-bounds in key_task_permission\n\nKASAN reports an out of bounds read:\nBUG: KASAN: slab-out-of-bounds in __kuid_val include/linux/uidgid.h:36\nBUG: KASAN: slab-out-of-bounds in uid_eq include/linux/uidgid.h:63 [inline]\nBUG: KASAN: slab-out-of-bounds in key_task_permission+0x394/0x410\nsecurity/keys/permission.c:54\nRead of size 4 at addr ffff88813c3ab618 by task stress-ng/4362\n\nCPU: 2 PID: 4362 Comm: stress-ng Not tainted 5.10.0-14930-gafbffd6c3ede #15\nCall Trace:\n __dump_stack lib/dump_stack.c:82 [inline]\n dump_stack+0x107/0x167 lib/dump_stack.c:123\n print_address_description.constprop.0+0x19/0x170 mm/kasan/report.c:400\n __kasan_report.cold+0x6c/0x84 mm/kasan/report.c:560\n kasan_report+0x3a/0x50 mm/kasan/report.c:585\n __kuid_val include/linux/uidgid.h:36 [inline]\n uid_eq include/linux/uidgid.h:63 [inline]\n key_task_permission+0x394/0x410 security/keys/permission.c:54\n search_nested_keyrings+0x90e/0xe90 security/keys/keyring.c:793\n\nThis issue was also reported by syzbot.\n\nIt can be reproduced by following these steps(more details [1]):\n1. Obtain more than 32 inputs that have similar hashes, which ends with the\n pattern \u00270xxxxxxxe6\u0027.\n2. Reboot and add the keys obtained in step 1.\n\nThe reproducer demonstrates how this issue happened:\n1. In the search_nested_keyrings function, when it iterates through the\n slots in a node(below tag ascend_to_node), if the slot pointer is meta\n and node-\u003eback_pointer != NULL(it means a root), it will proceed to\n descend_to_node. However, there is an exception. If node is the root,\n and one of the slots points to a shortcut, it will be treated as a\n keyring.\n2. Whether the ptr is keyring decided by keyring_ptr_is_keyring function.\n However, KEYRING_PTR_SUBTYPE is 0x2UL, the same as\n ASSOC_ARRAY_PTR_SUBTYPE_MASK.\n3. When 32 keys with the similar hashes are added to the tree, the ROOT\n has keys with hashes that are not similar (e.g. slot 0) and it splits\n NODE A without using a shortcut. When NODE A is filled with keys that\n all hashes are xxe6, the keys are similar, NODE A will split with a\n shortcut. Finally, it forms the tree as shown below, where slot 6 points\n to a shortcut.\n\n NODE A\n +------\u003e+---+\n ROOT | | 0 | xxe6\n +---+ | +---+\n xxxx | 0 | shortcut : : xxe6\n +---+ | +---+\n xxe6 : : | | | xxe6\n +---+ | +---+\n | 6 |---+ : : xxe6\n +---+ +---+\n xxe6 : : | f | xxe6\n +---+ +---+\n xxe6 | f |\n +---+\n\n4. As mentioned above, If a slot(slot 6) of the root points to a shortcut,\n it may be mistakenly transferred to a key*, leading to a read\n out-of-bounds read.\n\nTo fix this issue, one should jump to descend_to_node if the ptr is a\nshortcut, regardless of whether the node is root or not.\n\n[1] https://lore.kernel.org/linux-kernel/1cfa878e-8c7b-4570-8606-21daf5e13ce7@huaweicloud.com/\n\n[jarkko: tweaked the commit message a bit to have an appropriate closes\n tag.]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50301",
"url": "https://www.suse.com/security/cve/CVE-2024-50301"
},
{
"category": "external",
"summary": "SUSE Bug 1233490 for CVE-2024-50301",
"url": "https://bugzilla.suse.com/1233490"
},
{
"category": "external",
"summary": "SUSE Bug 1233680 for CVE-2024-50301",
"url": "https://bugzilla.suse.com/1233680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-50301"
},
{
"cve": "CVE-2024-50302",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50302"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: zero-initialize the report buffer\n\nSince the report buffer is used by all kinds of drivers in various ways, let\u0027s\nzero-initialize it during allocation to make sure that it can\u0027t be ever used\nto leak kernel memory via specially-crafted report.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50302",
"url": "https://www.suse.com/security/cve/CVE-2024-50302"
},
{
"category": "external",
"summary": "SUSE Bug 1233491 for CVE-2024-50302",
"url": "https://bugzilla.suse.com/1233491"
},
{
"category": "external",
"summary": "SUSE Bug 1233679 for CVE-2024-50302",
"url": "https://bugzilla.suse.com/1233679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-50302"
},
{
"cve": "CVE-2024-53042",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53042"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow()\n\nThere are code paths from which the function is called without holding\nthe RCU read lock, resulting in a suspicious RCU usage warning [1].\n\nFix by using l3mdev_master_upper_ifindex_by_index() which will acquire\nthe RCU read lock before calling\nl3mdev_master_upper_ifindex_by_index_rcu().\n\n[1]\nWARNING: suspicious RCU usage\n6.12.0-rc3-custom-gac8f72681cf2 #141 Not tainted\n-----------------------------\nnet/core/dev.c:876 RCU-list traversed in non-reader section!!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n1 lock held by ip/361:\n #0: ffffffff86fc7cb0 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x377/0xf60\n\nstack backtrace:\nCPU: 3 UID: 0 PID: 361 Comm: ip Not tainted 6.12.0-rc3-custom-gac8f72681cf2 #141\nHardware name: Bochs Bochs, BIOS Bochs 01/01/2011\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xba/0x110\n lockdep_rcu_suspicious.cold+0x4f/0xd6\n dev_get_by_index_rcu+0x1d3/0x210\n l3mdev_master_upper_ifindex_by_index_rcu+0x2b/0xf0\n ip_tunnel_bind_dev+0x72f/0xa00\n ip_tunnel_newlink+0x368/0x7a0\n ipgre_newlink+0x14c/0x170\n __rtnl_newlink+0x1173/0x19c0\n rtnl_newlink+0x6c/0xa0\n rtnetlink_rcv_msg+0x3cc/0xf60\n netlink_rcv_skb+0x171/0x450\n netlink_unicast+0x539/0x7f0\n netlink_sendmsg+0x8c1/0xd80\n ____sys_sendmsg+0x8f9/0xc20\n ___sys_sendmsg+0x197/0x1e0\n __sys_sendmsg+0x122/0x1f0\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53042",
"url": "https://www.suse.com/security/cve/CVE-2024-53042"
},
{
"category": "external",
"summary": "SUSE Bug 1233540 for CVE-2024-53042",
"url": "https://bugzilla.suse.com/1233540"
},
{
"category": "external",
"summary": "SUSE Bug 1233678 for CVE-2024-53042",
"url": "https://bugzilla.suse.com/1233678"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-53042"
},
{
"cve": "CVE-2024-53043",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53043"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmctp i2c: handle NULL header address\n\ndaddr can be NULL if there is no neighbour table entry present,\nin that case the tx packet should be dropped.\n\nsaddr will usually be set by MCTP core, but check for NULL in case a\npacket is transmitted by a different protocol.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53043",
"url": "https://www.suse.com/security/cve/CVE-2024-53043"
},
{
"category": "external",
"summary": "SUSE Bug 1233523 for CVE-2024-53043",
"url": "https://bugzilla.suse.com/1233523"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-53043"
},
{
"cve": "CVE-2024-53045",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53045"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: dapm: fix bounds checker error in dapm_widget_list_create\n\nThe widgets array in the snd_soc_dapm_widget_list has a __counted_by\nattribute attached to it, which points to the num_widgets variable. This\nattribute is used in bounds checking, and if it is not set before the\narray is filled, then the bounds sanitizer will issue a warning or a\nkernel panic if CONFIG_UBSAN_TRAP is set.\n\nThis patch sets the size of the widgets list calculated with\nlist_for_each as the initial value for num_widgets as it is used for\nallocating memory for the array. It is updated with the actual number of\nadded elements after the array is filled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53045",
"url": "https://www.suse.com/security/cve/CVE-2024-53045"
},
{
"category": "external",
"summary": "SUSE Bug 1233524 for CVE-2024-53045",
"url": "https://bugzilla.suse.com/1233524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-53045"
},
{
"cve": "CVE-2024-53048",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53048"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix crash on probe for DPLL enabled E810 LOM\n\nThe E810 Lan On Motherboard (LOM) design is vendor specific. Intel\nprovides the reference design, but it is up to vendor on the final\nproduct design. For some cases, like Linux DPLL support, the static\nvalues defined in the driver does not reflect the actual LOM design.\nCurrent implementation of dpll pins is causing the crash on probe\nof the ice driver for such DPLL enabled E810 LOM designs:\n\nWARNING: (...) at drivers/dpll/dpll_core.c:495 dpll_pin_get+0x2c4/0x330\n...\nCall Trace:\n \u003cTASK\u003e\n ? __warn+0x83/0x130\n ? dpll_pin_get+0x2c4/0x330\n ? report_bug+0x1b7/0x1d0\n ? handle_bug+0x42/0x70\n ? exc_invalid_op+0x18/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? dpll_pin_get+0x117/0x330\n ? dpll_pin_get+0x2c4/0x330\n ? dpll_pin_get+0x117/0x330\n ice_dpll_get_pins.isra.0+0x52/0xe0 [ice]\n...\n\nThe number of dpll pins enabled by LOM vendor is greater than expected\nand defined in the driver for Intel designed NICs, which causes the crash.\n\nPrevent the crash and allow generic pin initialization within Linux DPLL\nsubsystem for DPLL enabled E810 LOM designs.\n\nNewly designed solution for described issue will be based on \"per HW\ndesign\" pin initialization. It requires pin information dynamically\nacquired from the firmware and is already in progress, planned for\nnext-tree only.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53048",
"url": "https://www.suse.com/security/cve/CVE-2024-53048"
},
{
"category": "external",
"summary": "SUSE Bug 1233721 for CVE-2024-53048",
"url": "https://bugzilla.suse.com/1233721"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-53048"
},
{
"cve": "CVE-2024-53051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53051"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/hdcp: Add encoder check in intel_hdcp_get_capability\n\nSometimes during hotplug scenario or suspend/resume scenario encoder is\nnot always initialized when intel_hdcp_get_capability add\na check to avoid kernel null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53051",
"url": "https://www.suse.com/security/cve/CVE-2024-53051"
},
{
"category": "external",
"summary": "SUSE Bug 1233547 for CVE-2024-53051",
"url": "https://bugzilla.suse.com/1233547"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-53051"
},
{
"cve": "CVE-2024-53052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53052"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/rw: fix missing NOWAIT check for O_DIRECT start write\n\nWhen io_uring starts a write, it\u0027ll call kiocb_start_write() to bump the\nsuper block rwsem, preventing any freezes from happening while that\nwrite is in-flight. The freeze side will grab that rwsem for writing,\nexcluding any new writers from happening and waiting for existing writes\nto finish. But io_uring unconditionally uses kiocb_start_write(), which\nwill block if someone is currently attempting to freeze the mount point.\nThis causes a deadlock where freeze is waiting for previous writes to\ncomplete, but the previous writes cannot complete, as the task that is\nsupposed to complete them is blocked waiting on starting a new write.\nThis results in the following stuck trace showing that dependency with\nthe write blocked starting a new write:\n\ntask:fio state:D stack:0 pid:886 tgid:886 ppid:876\nCall trace:\n __switch_to+0x1d8/0x348\n __schedule+0x8e8/0x2248\n schedule+0x110/0x3f0\n percpu_rwsem_wait+0x1e8/0x3f8\n __percpu_down_read+0xe8/0x500\n io_write+0xbb8/0xff8\n io_issue_sqe+0x10c/0x1020\n io_submit_sqes+0x614/0x2110\n __arm64_sys_io_uring_enter+0x524/0x1038\n invoke_syscall+0x74/0x268\n el0_svc_common.constprop.0+0x160/0x238\n do_el0_svc+0x44/0x60\n el0_svc+0x44/0xb0\n el0t_64_sync_handler+0x118/0x128\n el0t_64_sync+0x168/0x170\nINFO: task fsfreeze:7364 blocked for more than 15 seconds.\n Not tainted 6.12.0-rc5-00063-g76aaf945701c #7963\n\nwith the attempting freezer stuck trying to grab the rwsem:\n\ntask:fsfreeze state:D stack:0 pid:7364 tgid:7364 ppid:995\nCall trace:\n __switch_to+0x1d8/0x348\n __schedule+0x8e8/0x2248\n schedule+0x110/0x3f0\n percpu_down_write+0x2b0/0x680\n freeze_super+0x248/0x8a8\n do_vfs_ioctl+0x149c/0x1b18\n __arm64_sys_ioctl+0xd0/0x1a0\n invoke_syscall+0x74/0x268\n el0_svc_common.constprop.0+0x160/0x238\n do_el0_svc+0x44/0x60\n el0_svc+0x44/0xb0\n el0t_64_sync_handler+0x118/0x128\n el0t_64_sync+0x168/0x170\n\nFix this by having the io_uring side honor IOCB_NOWAIT, and only attempt a\nblocking grab of the super block rwsem if it isn\u0027t set. For normal issue\nwhere IOCB_NOWAIT would always be set, this returns -EAGAIN which will\nhave io_uring core issue a blocking attempt of the write. That will in\nturn also get completions run, ensuring forward progress.\n\nSince freezing requires CAP_SYS_ADMIN in the first place, this isn\u0027t\nsomething that can be triggered by a regular user.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53052",
"url": "https://www.suse.com/security/cve/CVE-2024-53052"
},
{
"category": "external",
"summary": "SUSE Bug 1233548 for CVE-2024-53052",
"url": "https://bugzilla.suse.com/1233548"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-53052"
},
{
"cve": "CVE-2024-53055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53055"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: fix 6 GHz scan construction\n\nIf more than 255 colocated APs exist for the set of all\nAPs found during 2.4/5 GHz scanning, then the 6 GHz scan\nconstruction will loop forever since the loop variable\nhas type u8, which can never reach the number found when\nthat\u0027s bigger than 255, and is stored in a u32 variable.\nAlso move it into the loops to have a smaller scope.\n\nUsing a u32 there is fine, we limit the number of APs in\nthe scan list and each has a limit on the number of RNR\nentries due to the frame size. With a limit of 1000 scan\nresults, a frame size upper bound of 4096 (really it\u0027s\nmore like ~2300) and a TBTT entry size of at least 11,\nwe get an upper bound for the number of ~372k, well in\nthe bounds of a u32.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53055",
"url": "https://www.suse.com/security/cve/CVE-2024-53055"
},
{
"category": "external",
"summary": "SUSE Bug 1233550 for CVE-2024-53055",
"url": "https://bugzilla.suse.com/1233550"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-53055"
},
{
"cve": "CVE-2024-53056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy()\n\nIn mtk_crtc_create(), if the call to mbox_request_channel() fails then we\nset the \"mtk_crtc-\u003ecmdq_client.chan\" pointer to NULL. In that situation,\nwe do not call cmdq_pkt_create().\n\nDuring the cleanup, we need to check if the \"mtk_crtc-\u003ecmdq_client.chan\"\nis NULL first before calling cmdq_pkt_destroy(). Calling\ncmdq_pkt_destroy() is unnecessary if we didn\u0027t call cmdq_pkt_create() and\nit will result in a NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53056",
"url": "https://www.suse.com/security/cve/CVE-2024-53056"
},
{
"category": "external",
"summary": "SUSE Bug 1233568 for CVE-2024-53056",
"url": "https://bugzilla.suse.com/1233568"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-53056"
},
{
"cve": "CVE-2024-53058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data\n\nIn case the non-paged data of a SKB carries protocol header and protocol\npayload to be transmitted on a certain platform that the DMA AXI address\nwidth is configured to 40-bit/48-bit, or the size of the non-paged data\nis bigger than TSO_MAX_BUFF_SIZE on a certain platform that the DMA AXI\naddress width is configured to 32-bit, then this SKB requires at least\ntwo DMA transmit descriptors to serve it.\n\nFor example, three descriptors are allocated to split one DMA buffer\nmapped from one piece of non-paged data:\n dma_desc[N + 0],\n dma_desc[N + 1],\n dma_desc[N + 2].\nThen three elements of tx_q-\u003etx_skbuff_dma[] will be allocated to hold\nextra information to be reused in stmmac_tx_clean():\n tx_q-\u003etx_skbuff_dma[N + 0],\n tx_q-\u003etx_skbuff_dma[N + 1],\n tx_q-\u003etx_skbuff_dma[N + 2].\nNow we focus on tx_q-\u003etx_skbuff_dma[entry].buf, which is the DMA buffer\naddress returned by DMA mapping call. stmmac_tx_clean() will try to\nunmap the DMA buffer _ONLY_IF_ tx_q-\u003etx_skbuff_dma[entry].buf\nis a valid buffer address.\n\nThe expected behavior that saves DMA buffer address of this non-paged\ndata to tx_q-\u003etx_skbuff_dma[entry].buf is:\n tx_q-\u003etx_skbuff_dma[N + 0].buf = NULL;\n tx_q-\u003etx_skbuff_dma[N + 1].buf = NULL;\n tx_q-\u003etx_skbuff_dma[N + 2].buf = dma_map_single();\nUnfortunately, the current code misbehaves like this:\n tx_q-\u003etx_skbuff_dma[N + 0].buf = dma_map_single();\n tx_q-\u003etx_skbuff_dma[N + 1].buf = NULL;\n tx_q-\u003etx_skbuff_dma[N + 2].buf = NULL;\n\nOn the stmmac_tx_clean() side, when dma_desc[N + 0] is closed by the\nDMA engine, tx_q-\u003etx_skbuff_dma[N + 0].buf is a valid buffer address\nobviously, then the DMA buffer will be unmapped immediately.\nThere may be a rare case that the DMA engine does not finish the\npending dma_desc[N + 1], dma_desc[N + 2] yet. Now things will go\nhorribly wrong, DMA is going to access a unmapped/unreferenced memory\nregion, corrupted data will be transmited or iommu fault will be\ntriggered :(\n\nIn contrast, the for-loop that maps SKB fragments behaves perfectly\nas expected, and that is how the driver should do for both non-paged\ndata and paged frags actually.\n\nThis patch corrects DMA map/unmap sequences by fixing the array index\nfor tx_q-\u003etx_skbuff_dma[entry].buf when assigning DMA buffer address.\n\nTested and verified on DWXGMAC CORE 3.20a",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53058",
"url": "https://www.suse.com/security/cve/CVE-2024-53058"
},
{
"category": "external",
"summary": "SUSE Bug 1233552 for CVE-2024-53058",
"url": "https://bugzilla.suse.com/1233552"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-53058"
},
{
"cve": "CVE-2024-53059",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53059"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd()\n\n1. The size of the response packet is not validated.\n2. The response buffer is not freed.\n\nResolve these issues by switching to iwl_mvm_send_cmd_status(),\nwhich handles both size validation and frees the buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53059",
"url": "https://www.suse.com/security/cve/CVE-2024-53059"
},
{
"category": "external",
"summary": "SUSE Bug 1233553 for CVE-2024-53059",
"url": "https://bugzilla.suse.com/1233553"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-53059"
},
{
"cve": "CVE-2024-53060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53060"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: prevent NULL pointer dereference if ATIF is not supported\n\nacpi_evaluate_object() may return AE_NOT_FOUND (failure), which\nwould result in dereferencing buffer.pointer (obj) while being NULL.\n\nAlthough this case may be unrealistic for the current code, it is\nstill better to protect against possible bugs.\n\nBail out also when status is AE_NOT_FOUND.\n\nThis fixes 1 FORWARD_NULL issue reported by Coverity\nReport: CID 1600951: Null pointer dereferences (FORWARD_NULL)\n\n(cherry picked from commit 91c9e221fe2553edf2db71627d8453f083de87a1)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53060",
"url": "https://www.suse.com/security/cve/CVE-2024-53060"
},
{
"category": "external",
"summary": "SUSE Bug 1233554 for CVE-2024-53060",
"url": "https://bugzilla.suse.com/1233554"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-53060"
},
{
"cve": "CVE-2024-53061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53061"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: s5p-jpeg: prevent buffer overflows\n\nThe current logic allows word to be less than 2. If this happens,\nthere will be buffer overflows, as reported by smatch. Add extra\nchecks to prevent it.\n\nWhile here, remove an unused word = 0 assignment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53061",
"url": "https://www.suse.com/security/cve/CVE-2024-53061"
},
{
"category": "external",
"summary": "SUSE Bug 1233555 for CVE-2024-53061",
"url": "https://bugzilla.suse.com/1233555"
},
{
"category": "external",
"summary": "SUSE Bug 1233621 for CVE-2024-53061",
"url": "https://bugzilla.suse.com/1233621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-53061"
},
{
"cve": "CVE-2024-53063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53063"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvbdev: prevent the risk of out of memory access\n\nThe dvbdev contains a static variable used to store dvb minors.\n\nThe behavior of it depends if CONFIG_DVB_DYNAMIC_MINORS is set\nor not. When not set, dvb_register_device() won\u0027t check for\nboundaries, as it will rely that a previous call to\ndvb_register_adapter() would already be enforcing it.\n\nOn a similar way, dvb_device_open() uses the assumption\nthat the register functions already did the needed checks.\n\nThis can be fragile if some device ends using different\ncalls. This also generate warnings on static check analysers\nlike Coverity.\n\nSo, add explicit guards to prevent potential risk of OOM issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53063",
"url": "https://www.suse.com/security/cve/CVE-2024-53063"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1233557 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1233557"
},
{
"category": "external",
"summary": "SUSE Bug 1233619 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1233619"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-53063"
},
{
"cve": "CVE-2024-53066",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53066"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: Fix KMSAN warning in decode_getfattr_attrs()\n\nFix the following KMSAN warning:\n\nCPU: 1 UID: 0 PID: 7651 Comm: cp Tainted: G B\nTainted: [B]=BAD_PAGE\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009)\n=====================================================\n=====================================================\nBUG: KMSAN: uninit-value in decode_getfattr_attrs+0x2d6d/0x2f90\n decode_getfattr_attrs+0x2d6d/0x2f90\n decode_getfattr_generic+0x806/0xb00\n nfs4_xdr_dec_getattr+0x1de/0x240\n rpcauth_unwrap_resp_decode+0xab/0x100\n rpcauth_unwrap_resp+0x95/0xc0\n call_decode+0x4ff/0xb50\n __rpc_execute+0x57b/0x19d0\n rpc_execute+0x368/0x5e0\n rpc_run_task+0xcfe/0xee0\n nfs4_proc_getattr+0x5b5/0x990\n __nfs_revalidate_inode+0x477/0xd00\n nfs_access_get_cached+0x1021/0x1cc0\n nfs_do_access+0x9f/0xae0\n nfs_permission+0x1e4/0x8c0\n inode_permission+0x356/0x6c0\n link_path_walk+0x958/0x1330\n path_lookupat+0xce/0x6b0\n filename_lookup+0x23e/0x770\n vfs_statx+0xe7/0x970\n vfs_fstatat+0x1f2/0x2c0\n __se_sys_newfstatat+0x67/0x880\n __x64_sys_newfstatat+0xbd/0x120\n x64_sys_call+0x1826/0x3cf0\n do_syscall_64+0xd0/0x1b0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThe KMSAN warning is triggered in decode_getfattr_attrs(), when calling\ndecode_attr_mdsthreshold(). It appears that fattr-\u003emdsthreshold is not\ninitialized.\n\nFix the issue by initializing fattr-\u003emdsthreshold to NULL in\nnfs_fattr_init().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53066",
"url": "https://www.suse.com/security/cve/CVE-2024-53066"
},
{
"category": "external",
"summary": "SUSE Bug 1233560 for CVE-2024-53066",
"url": "https://bugzilla.suse.com/1233560"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-53066"
},
{
"cve": "CVE-2024-53068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53068"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier()\n\nThe scmi_dev-\u003ename is released prematurely in __scmi_device_destroy(),\nwhich causes slab-use-after-free when accessing scmi_dev-\u003ename in\nscmi_bus_notifier(). So move the release of scmi_dev-\u003ename to\nscmi_device_release() to avoid slab-use-after-free.\n\n | BUG: KASAN: slab-use-after-free in strncmp+0xe4/0xec\n | Read of size 1 at addr ffffff80a482bcc0 by task swapper/0/1\n |\n | CPU: 1 PID: 1 Comm: swapper/0 Not tainted 6.6.38-debug #1\n | Hardware name: Qualcomm Technologies, Inc. SA8775P Ride (DT)\n | Call trace:\n | dump_backtrace+0x94/0x114\n | show_stack+0x18/0x24\n | dump_stack_lvl+0x48/0x60\n | print_report+0xf4/0x5b0\n | kasan_report+0xa4/0xec\n | __asan_report_load1_noabort+0x20/0x2c\n | strncmp+0xe4/0xec\n | scmi_bus_notifier+0x5c/0x54c\n | notifier_call_chain+0xb4/0x31c\n | blocking_notifier_call_chain+0x68/0x9c\n | bus_notify+0x54/0x78\n | device_del+0x1bc/0x840\n | device_unregister+0x20/0xb4\n | __scmi_device_destroy+0xac/0x280\n | scmi_device_destroy+0x94/0xd0\n | scmi_chan_setup+0x524/0x750\n | scmi_probe+0x7fc/0x1508\n | platform_probe+0xc4/0x19c\n | really_probe+0x32c/0x99c\n | __driver_probe_device+0x15c/0x3c4\n | driver_probe_device+0x5c/0x170\n | __driver_attach+0x1c8/0x440\n | bus_for_each_dev+0xf4/0x178\n | driver_attach+0x3c/0x58\n | bus_add_driver+0x234/0x4d4\n | driver_register+0xf4/0x3c0\n | __platform_driver_register+0x60/0x88\n | scmi_driver_init+0xb0/0x104\n | do_one_initcall+0xb4/0x664\n | kernel_init_freeable+0x3c8/0x894\n | kernel_init+0x24/0x1e8\n | ret_from_fork+0x10/0x20\n |\n | Allocated by task 1:\n | kasan_save_stack+0x2c/0x54\n | kasan_set_track+0x2c/0x40\n | kasan_save_alloc_info+0x24/0x34\n | __kasan_kmalloc+0xa0/0xb8\n | __kmalloc_node_track_caller+0x6c/0x104\n | kstrdup+0x48/0x84\n | kstrdup_const+0x34/0x40\n | __scmi_device_create.part.0+0x8c/0x408\n | scmi_device_create+0x104/0x370\n | scmi_chan_setup+0x2a0/0x750\n | scmi_probe+0x7fc/0x1508\n | platform_probe+0xc4/0x19c\n | really_probe+0x32c/0x99c\n | __driver_probe_device+0x15c/0x3c4\n | driver_probe_device+0x5c/0x170\n | __driver_attach+0x1c8/0x440\n | bus_for_each_dev+0xf4/0x178\n | driver_attach+0x3c/0x58\n | bus_add_driver+0x234/0x4d4\n | driver_register+0xf4/0x3c0\n | __platform_driver_register+0x60/0x88\n | scmi_driver_init+0xb0/0x104\n | do_one_initcall+0xb4/0x664\n | kernel_init_freeable+0x3c8/0x894\n | kernel_init+0x24/0x1e8\n | ret_from_fork+0x10/0x20\n |\n | Freed by task 1:\n | kasan_save_stack+0x2c/0x54\n | kasan_set_track+0x2c/0x40\n | kasan_save_free_info+0x38/0x5c\n | __kasan_slab_free+0xe8/0x164\n | __kmem_cache_free+0x11c/0x230\n | kfree+0x70/0x130\n | kfree_const+0x20/0x40\n | __scmi_device_destroy+0x70/0x280\n | scmi_device_destroy+0x94/0xd0\n | scmi_chan_setup+0x524/0x750\n | scmi_probe+0x7fc/0x1508\n | platform_probe+0xc4/0x19c\n | really_probe+0x32c/0x99c\n | __driver_probe_device+0x15c/0x3c4\n | driver_probe_device+0x5c/0x170\n | __driver_attach+0x1c8/0x440\n | bus_for_each_dev+0xf4/0x178\n | driver_attach+0x3c/0x58\n | bus_add_driver+0x234/0x4d4\n | driver_register+0xf4/0x3c0\n | __platform_driver_register+0x60/0x88\n | scmi_driver_init+0xb0/0x104\n | do_one_initcall+0xb4/0x664\n | kernel_init_freeable+0x3c8/0x894\n | kernel_init+0x24/0x1e8\n | ret_from_fork+0x10/0x20",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53068",
"url": "https://www.suse.com/security/cve/CVE-2024-53068"
},
{
"category": "external",
"summary": "SUSE Bug 1233561 for CVE-2024-53068",
"url": "https://bugzilla.suse.com/1233561"
},
{
"category": "external",
"summary": "SUSE Bug 1233618 for CVE-2024-53068",
"url": "https://bugzilla.suse.com/1233618"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-53068"
},
{
"cve": "CVE-2024-53072",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53072"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86/amd/pmc: Detect when STB is not available\n\nLoading the amd_pmc module as:\n\n amd_pmc enable_stb=1\n\n...can result in the following messages in the kernel ring buffer:\n\n amd_pmc AMDI0009:00: SMU cmd failed. err: 0xff\n ioremap on RAM at 0x0000000000000000 - 0x0000000000ffffff\n WARNING: CPU: 10 PID: 2151 at arch/x86/mm/ioremap.c:217 __ioremap_caller+0x2cd/0x340\n\nFurther debugging reveals that this occurs when the requests for\nS2D_PHYS_ADDR_LOW and S2D_PHYS_ADDR_HIGH return a value of 0,\nindicating that the STB is inaccessible. To prevent the ioremap\nwarning and provide clarity to the user, handle the invalid address\nand display an error message.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53072",
"url": "https://www.suse.com/security/cve/CVE-2024-53072"
},
{
"category": "external",
"summary": "SUSE Bug 1233564 for CVE-2024-53072",
"url": "https://bugzilla.suse.com/1233564"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-53072"
},
{
"cve": "CVE-2024-53074",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53074"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don\u0027t leak a link on AP removal\n\nRelease the link mapping resource in AP removal. This impacted devices\nthat do not support the MLD API (9260 and down).\nOn those devices, we couldn\u0027t start the AP again after the AP has been\nalready started and stopped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53074",
"url": "https://www.suse.com/security/cve/CVE-2024-53074"
},
{
"category": "external",
"summary": "SUSE Bug 1233566 for CVE-2024-53074",
"url": "https://bugzilla.suse.com/1233566"
},
{
"category": "external",
"summary": "SUSE Bug 1235086 for CVE-2024-53074",
"url": "https://bugzilla.suse.com/1235086"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-53074"
},
{
"cve": "CVE-2024-53076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53076"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: gts-helper: Fix memory leaks for the error path of iio_gts_build_avail_scale_table()\n\nIf per_time_scales[i] or per_time_gains[i] kcalloc fails in the for loop\nof iio_gts_build_avail_scale_table(), the err_free_out will fail to call\nkfree() each time when i is reduced to 0, so all the per_time_scales[0]\nand per_time_gains[0] will not be freed, which will cause memory leaks.\n\nFix it by checking if i \u003e= 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53076",
"url": "https://www.suse.com/security/cve/CVE-2024-53076"
},
{
"category": "external",
"summary": "SUSE Bug 1233567 for CVE-2024-53076",
"url": "https://bugzilla.suse.com/1233567"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-53076"
},
{
"cve": "CVE-2024-53079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53079"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/thp: fix deferred split unqueue naming and locking\n\nRecent changes are putting more pressure on THP deferred split queues:\nunder load revealing long-standing races, causing list_del corruptions,\n\"Bad page state\"s and worse (I keep BUGs in both of those, so usually\ndon\u0027t get to see how badly they end up without). The relevant recent\nchanges being 6.8\u0027s mTHP, 6.10\u0027s mTHP swapout, and 6.12\u0027s mTHP swapin,\nimproved swap allocation, and underused THP splitting.\n\nBefore fixing locking: rename misleading folio_undo_large_rmappable(),\nwhich does not undo large_rmappable, to folio_unqueue_deferred_split(),\nwhich is what it does. But that and its out-of-line __callee are mm\ninternals of very limited usability: add comment and WARN_ON_ONCEs to\ncheck usage; and return a bool to say if a deferred split was unqueued,\nwhich can then be used in WARN_ON_ONCEs around safety checks (sparing\ncallers the arcane conditionals in __folio_unqueue_deferred_split()).\n\nJust omit the folio_unqueue_deferred_split() from free_unref_folios(), all\nof whose callers now call it beforehand (and if any forget then bad_page()\nwill tell) - except for its caller put_pages_list(), which itself no\nlonger has any callers (and will be deleted separately).\n\nSwapout: mem_cgroup_swapout() has been resetting folio-\u003ememcg_data 0\nwithout checking and unqueueing a THP folio from deferred split list;\nwhich is unfortunate, since the split_queue_lock depends on the memcg\n(when memcg is enabled); so swapout has been unqueueing such THPs later,\nwhen freeing the folio, using the pgdat\u0027s lock instead: potentially\ncorrupting the memcg\u0027s list. __remove_mapping() has frozen refcount to 0\nhere, so no problem with calling folio_unqueue_deferred_split() before\nresetting memcg_data.\n\nThat goes back to 5.4 commit 87eaceb3faa5 (\"mm: thp: make deferred split\nshrinker memcg aware\"): which included a check on swapcache before adding\nto deferred queue, but no check on deferred queue before adding THP to\nswapcache. That worked fine with the usual sequence of events in reclaim\n(though there were a couple of rare ways in which a THP on deferred queue\ncould have been swapped out), but 6.12 commit dafff3f4c850 (\"mm: split\nunderused THPs\") avoids splitting underused THPs in reclaim, which makes\nswapcache THPs on deferred queue commonplace.\n\nKeep the check on swapcache before adding to deferred queue? Yes: it is\nno longer essential, but preserves the existing behaviour, and is likely\nto be a worthwhile optimization (vmstat showed much more traffic on the\nqueue under swapping load if the check was removed); update its comment.\n\nMemcg-v1 move (deprecated): mem_cgroup_move_account() has been changing\nfolio-\u003ememcg_data without checking and unqueueing a THP folio from the\ndeferred list, sometimes corrupting \"from\" memcg\u0027s list, like swapout. \nRefcount is non-zero here, so folio_unqueue_deferred_split() can only be\nused in a WARN_ON_ONCE to validate the fix, which must be done earlier:\nmem_cgroup_move_charge_pte_range() first try to split the THP (splitting\nof course unqueues), or skip it if that fails. Not ideal, but moving\ncharge has been requested, and khugepaged should repair the THP later:\nnobody wants new custom unqueueing code just for this deprecated case.\n\nThe 87eaceb3faa5 commit did have the code to move from one deferred list\nto another (but was not conscious of its unsafety while refcount non-0);\nbut that was removed by 5.6 commit fac0516b5534 (\"mm: thp: don\u0027t need care\ndeferred split queue in memcg charge move path\"), which argued that the\nexistence of a PMD mapping guarantees that the THP cannot be on a deferred\nlist. As above, false in rare cases, and now commonly false.\n\nBackport to 6.11 should be straightforward. Earlier backports must take\ncare that other _deferred_list fixes and dependencies are included. There\nis not a strong case for backports, but they can fix cornercases.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53079",
"url": "https://www.suse.com/security/cve/CVE-2024-53079"
},
{
"category": "external",
"summary": "SUSE Bug 1233570 for CVE-2024-53079",
"url": "https://bugzilla.suse.com/1233570"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "low"
}
],
"title": "CVE-2024-53079"
},
{
"cve": "CVE-2024-53081",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53081"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: ar0521: don\u0027t overflow when checking PLL values\n\nThe PLL checks are comparing 64 bit integers with 32 bit\nones, as reported by Coverity. Depending on the values of\nthe variables, this may underflow.\n\nFix it ensuring that both sides of the expression are u64.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53081",
"url": "https://www.suse.com/security/cve/CVE-2024-53081"
},
{
"category": "external",
"summary": "SUSE Bug 1233572 for CVE-2024-53081",
"url": "https://bugzilla.suse.com/1233572"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-53081"
},
{
"cve": "CVE-2024-53082",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53082"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_net: Add hash_key_length check\n\nAdd hash_key_length check in virtnet_probe() to avoid possible out of\nbound errors when setting/reading the hash key.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53082",
"url": "https://www.suse.com/security/cve/CVE-2024-53082"
},
{
"category": "external",
"summary": "SUSE Bug 1233573 for CVE-2024-53082",
"url": "https://bugzilla.suse.com/1233573"
},
{
"category": "external",
"summary": "SUSE Bug 1233677 for CVE-2024-53082",
"url": "https://bugzilla.suse.com/1233677"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-53082"
},
{
"cve": "CVE-2024-53085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: Lock TPM chip in tpm_pm_suspend() first\n\nSetting TPM_CHIP_FLAG_SUSPENDED in the end of tpm_pm_suspend() can be racy\naccording, as this leaves window for tpm_hwrng_read() to be called while\nthe operation is in progress. The recent bug report gives also evidence of\nthis behaviour.\n\nAadress this by locking the TPM chip before checking any chip-\u003eflags both\nin tpm_pm_suspend() and tpm_hwrng_read(). Move TPM_CHIP_FLAG_SUSPENDED\ncheck inside tpm_get_random() so that it will be always checked only when\nthe lock is reserved.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53085",
"url": "https://www.suse.com/security/cve/CVE-2024-53085"
},
{
"category": "external",
"summary": "SUSE Bug 1233577 for CVE-2024-53085",
"url": "https://bugzilla.suse.com/1233577"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-53085"
},
{
"cve": "CVE-2024-53088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53088"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix race condition by adding filter\u0027s intermediate sync state\n\nFix a race condition in the i40e driver that leads to MAC/VLAN filters\nbecoming corrupted and leaking. Address the issue that occurs under\nheavy load when multiple threads are concurrently modifying MAC/VLAN\nfilters by setting mac and port VLAN.\n\n1. Thread T0 allocates a filter in i40e_add_filter() within\n i40e_ndo_set_vf_port_vlan().\n2. Thread T1 concurrently frees the filter in __i40e_del_filter() within\n i40e_ndo_set_vf_mac().\n3. Subsequently, i40e_service_task() calls i40e_sync_vsi_filters(), which\n refers to the already freed filter memory, causing corruption.\n\nReproduction steps:\n1. Spawn multiple VFs.\n2. Apply a concurrent heavy load by running parallel operations to change\n MAC addresses on the VFs and change port VLANs on the host.\n3. Observe errors in dmesg:\n\"Error I40E_AQ_RC_ENOSPC adding RX filters on VF XX,\n\tplease set promiscuous on manually for VF XX\".\n\nExact code for stable reproduction Intel can\u0027t open-source now.\n\nThe fix involves implementing a new intermediate filter state,\nI40E_FILTER_NEW_SYNC, for the time when a filter is on a tmp_add_list.\nThese filters cannot be deleted from the hash list directly but\nmust be removed using the full process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53088",
"url": "https://www.suse.com/security/cve/CVE-2024-53088"
},
{
"category": "external",
"summary": "SUSE Bug 1233580 for CVE-2024-53088",
"url": "https://bugzilla.suse.com/1233580"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-53088"
},
{
"cve": "CVE-2024-53093",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53093"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-multipath: defer partition scanning\n\nWe need to suppress the partition scan from occuring within the\ncontroller\u0027s scan_work context. If a path error occurs here, the IO will\nwait until a path becomes available or all paths are torn down, but that\naction also occurs within scan_work, so it would deadlock. Defer the\npartion scan to a different context that does not block scan_work.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53093",
"url": "https://www.suse.com/security/cve/CVE-2024-53093"
},
{
"category": "external",
"summary": "SUSE Bug 1233640 for CVE-2024-53093",
"url": "https://bugzilla.suse.com/1233640"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-53093"
},
{
"cve": "CVE-2024-53094",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53094"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/siw: Add sendpage_ok() check to disable MSG_SPLICE_PAGES\n\nWhile running ISER over SIW, the initiator machine encounters a warning\nfrom skb_splice_from_iter() indicating that a slab page is being used in\nsend_page. To address this, it is better to add a sendpage_ok() check\nwithin the driver itself, and if it returns 0, then MSG_SPLICE_PAGES flag\nshould be disabled before entering the network stack.\n\nA similar issue has been discussed for NVMe in this thread:\nhttps://lore.kernel.org/all/20240530142417.146696-1-ofir.gal@volumez.com/\n\n WARNING: CPU: 0 PID: 5342 at net/core/skbuff.c:7140 skb_splice_from_iter+0x173/0x320\n Call Trace:\n tcp_sendmsg_locked+0x368/0xe40\n siw_tx_hdt+0x695/0xa40 [siw]\n siw_qp_sq_process+0x102/0xb00 [siw]\n siw_sq_resume+0x39/0x110 [siw]\n siw_run_sq+0x74/0x160 [siw]\n kthread+0xd2/0x100\n ret_from_fork+0x34/0x40\n ret_from_fork_asm+0x1a/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53094",
"url": "https://www.suse.com/security/cve/CVE-2024-53094"
},
{
"category": "external",
"summary": "SUSE Bug 1233641 for CVE-2024-53094",
"url": "https://bugzilla.suse.com/1233641"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-53094"
},
{
"cve": "CVE-2024-53095",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53095"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: Fix use-after-free of network namespace.\n\nRecently, we got a customer report that CIFS triggers oops while\nreconnecting to a server. [0]\n\nThe workload runs on Kubernetes, and some pods mount CIFS servers\nin non-root network namespaces. The problem rarely happened, but\nit was always while the pod was dying.\n\nThe root cause is wrong reference counting for network namespace.\n\nCIFS uses kernel sockets, which do not hold refcnt of the netns that\nthe socket belongs to. That means CIFS must ensure the socket is\nalways freed before its netns; otherwise, use-after-free happens.\n\nThe repro steps are roughly:\n\n 1. mount CIFS in a non-root netns\n 2. drop packets from the netns\n 3. destroy the netns\n 4. unmount CIFS\n\nWe can reproduce the issue quickly with the script [1] below and see\nthe splat [2] if CONFIG_NET_NS_REFCNT_TRACKER is enabled.\n\nWhen the socket is TCP, it is hard to guarantee the netns lifetime\nwithout holding refcnt due to async timers.\n\nLet\u0027s hold netns refcnt for each socket as done for SMC in commit\n9744d2bf1976 (\"smc: Fix use-after-free in tcp_write_timer_handler().\").\n\nNote that we need to move put_net() from cifs_put_tcp_session() to\nclean_demultiplex_info(); otherwise, __sock_create() still could touch a\nfreed netns while cifsd tries to reconnect from cifs_demultiplex_thread().\n\nAlso, maybe_get_net() cannot be put just before __sock_create() because\nthe code is not under RCU and there is a small chance that the same\naddress happened to be reallocated to another netns.\n\n[0]:\nCIFS: VFS: \\\\XXXXXXXXXXX has not responded in 15 seconds. Reconnecting...\nCIFS: Serverclose failed 4 times, giving up\nUnable to handle kernel paging request at virtual address 14de99e461f84a07\nMem abort info:\n ESR = 0x0000000096000004\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x04: level 0 translation fault\nData abort info:\n ISV = 0, ISS = 0x00000004\n CM = 0, WnR = 0\n[14de99e461f84a07] address between user and kernel address ranges\nInternal error: Oops: 0000000096000004 [#1] SMP\nModules linked in: cls_bpf sch_ingress nls_utf8 cifs cifs_arc4 cifs_md4 dns_resolver tcp_diag inet_diag veth xt_state xt_connmark nf_conntrack_netlink xt_nat xt_statistic xt_MASQUERADE xt_mark xt_addrtype ipt_REJECT nf_reject_ipv4 nft_chain_nat nf_nat xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_comment nft_compat nf_tables nfnetlink overlay nls_ascii nls_cp437 sunrpc vfat fat aes_ce_blk aes_ce_cipher ghash_ce sm4_ce_cipher sm4 sm3_ce sm3 sha3_ce sha512_ce sha512_arm64 sha1_ce ena button sch_fq_codel loop fuse configfs dmi_sysfs sha2_ce sha256_arm64 dm_mirror dm_region_hash dm_log dm_mod dax efivarfs\nCPU: 5 PID: 2690970 Comm: cifsd Not tainted 6.1.103-109.184.amzn2023.aarch64 #1\nHardware name: Amazon EC2 r7g.4xlarge/, BIOS 1.0 11/1/2018\npstate: 00400005 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : fib_rules_lookup+0x44/0x238\nlr : __fib_lookup+0x64/0xbc\nsp : ffff8000265db790\nx29: ffff8000265db790 x28: 0000000000000000 x27: 000000000000bd01\nx26: 0000000000000000 x25: ffff000b4baf8000 x24: ffff00047b5e4580\nx23: ffff8000265db7e0 x22: 0000000000000000 x21: ffff00047b5e4500\nx20: ffff0010e3f694f8 x19: 14de99e461f849f7 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\nx14: 0000000000000000 x13: 0000000000000000 x12: 3f92800abd010002\nx11: 0000000000000001 x10: ffff0010e3f69420 x9 : ffff800008a6f294\nx8 : 0000000000000000 x7 : 0000000000000006 x6 : 0000000000000000\nx5 : 0000000000000001 x4 : ffff001924354280 x3 : ffff8000265db7e0\nx2 : 0000000000000000 x1 : ffff0010e3f694f8 x0 : ffff00047b5e4500\nCall trace:\n fib_rules_lookup+0x44/0x238\n __fib_lookup+0x64/0xbc\n ip_route_output_key_hash_rcu+0x2c4/0x398\n ip_route_output_key_hash+0x60/0x8c\n tcp_v4_connect+0x290/0x488\n __inet_stream_connect+0x108/0x3d0\n inet_stream_connect+0x50/0x78\n kernel_connect+0x6c/0xac\n generic_ip_conne\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53095",
"url": "https://www.suse.com/security/cve/CVE-2024-53095"
},
{
"category": "external",
"summary": "SUSE Bug 1233642 for CVE-2024-53095",
"url": "https://bugzilla.suse.com/1233642"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-53095"
},
{
"cve": "CVE-2024-53096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53096"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: resolve faulty mmap_region() error path behaviour\n\nThe mmap_region() function is somewhat terrifying, with spaghetti-like\ncontrol flow and numerous means by which issues can arise and incomplete\nstate, memory leaks and other unpleasantness can occur.\n\nA large amount of the complexity arises from trying to handle errors late\nin the process of mapping a VMA, which forms the basis of recently\nobserved issues with resource leaks and observable inconsistent state.\n\nTaking advantage of previous patches in this series we move a number of\nchecks earlier in the code, simplifying things by moving the core of the\nlogic into a static internal function __mmap_region().\n\nDoing this allows us to perform a number of checks up front before we do\nany real work, and allows us to unwind the writable unmap check\nunconditionally as required and to perform a CONFIG_DEBUG_VM_MAPLE_TREE\nvalidation unconditionally also.\n\nWe move a number of things here:\n\n1. We preallocate memory for the iterator before we call the file-backed\n memory hook, allowing us to exit early and avoid having to perform\n complicated and error-prone close/free logic. We carefully free\n iterator state on both success and error paths.\n\n2. The enclosing mmap_region() function handles the mapping_map_writable()\n logic early. Previously the logic had the mapping_map_writable() at the\n point of mapping a newly allocated file-backed VMA, and a matching\n mapping_unmap_writable() on success and error paths.\n\n We now do this unconditionally if this is a file-backed, shared writable\n mapping. If a driver changes the flags to eliminate VM_MAYWRITE, however\n doing so does not invalidate the seal check we just performed, and we in\n any case always decrement the counter in the wrapper.\n\n We perform a debug assert to ensure a driver does not attempt to do the\n opposite.\n\n3. We also move arch_validate_flags() up into the mmap_region()\n function. This is only relevant on arm64 and sparc64, and the check is\n only meaningful for SPARC with ADI enabled. We explicitly add a warning\n for this arch if a driver invalidates this check, though the code ought\n eventually to be fixed to eliminate the need for this.\n\nWith all of these measures in place, we no longer need to explicitly close\nthe VMA on error paths, as we place all checks which might fail prior to a\ncall to any driver mmap hook.\n\nThis eliminates an entire class of errors, makes the code easier to reason\nabout and more robust.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53096",
"url": "https://www.suse.com/security/cve/CVE-2024-53096"
},
{
"category": "external",
"summary": "SUSE Bug 1233756 for CVE-2024-53096",
"url": "https://bugzilla.suse.com/1233756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-53096"
},
{
"cve": "CVE-2024-53100",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53100"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: tcp: avoid race between queue_lock lock and destroy\n\nCommit 76d54bf20cdc (\"nvme-tcp: don\u0027t access released socket during\nerror recovery\") added a mutex_lock() call for the queue-\u003equeue_lock\nin nvme_tcp_get_address(). However, the mutex_lock() races with\nmutex_destroy() in nvme_tcp_free_queue(), and causes the WARN below.\n\nDEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\nWARNING: CPU: 3 PID: 34077 at kernel/locking/mutex.c:587 __mutex_lock+0xcf0/0x1220\nModules linked in: nvmet_tcp nvmet nvme_tcp nvme_fabrics iw_cm ib_cm ib_core pktcdvd nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables qrtr sunrpc ppdev 9pnet_virtio 9pnet pcspkr netfs parport_pc parport e1000 i2c_piix4 i2c_smbus loop fuse nfnetlink zram bochs drm_vram_helper drm_ttm_helper ttm drm_kms_helper xfs drm sym53c8xx floppy nvme scsi_transport_spi nvme_core nvme_auth serio_raw ata_generic pata_acpi dm_multipath qemu_fw_cfg [last unloaded: ib_uverbs]\nCPU: 3 UID: 0 PID: 34077 Comm: udisksd Not tainted 6.11.0-rc7 #319\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014\nRIP: 0010:__mutex_lock+0xcf0/0x1220\nCode: 08 84 d2 0f 85 c8 04 00 00 8b 15 ef b6 c8 01 85 d2 0f 85 78 f4 ff ff 48 c7 c6 20 93 ee af 48 c7 c7 60 91 ee af e8 f0 a7 6d fd \u003c0f\u003e 0b e9 5e f4 ff ff 48 b8 00 00 00 00 00 fc ff df 4c 89 f2 48 c1\nRSP: 0018:ffff88811305f760 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff88812c652058 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001\nRBP: ffff88811305f8b0 R08: 0000000000000001 R09: ffffed1075c36341\nR10: ffff8883ae1b1a0b R11: 0000000000010498 R12: 0000000000000000\nR13: 0000000000000000 R14: dffffc0000000000 R15: ffff88812c652058\nFS: 00007f9713ae4980(0000) GS:ffff8883ae180000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fcd78483c7c CR3: 0000000122c38000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? __warn.cold+0x5b/0x1af\n ? __mutex_lock+0xcf0/0x1220\n ? report_bug+0x1ec/0x390\n ? handle_bug+0x3c/0x80\n ? exc_invalid_op+0x13/0x40\n ? asm_exc_invalid_op+0x16/0x20\n ? __mutex_lock+0xcf0/0x1220\n ? nvme_tcp_get_address+0xc2/0x1e0 [nvme_tcp]\n ? __pfx___mutex_lock+0x10/0x10\n ? __lock_acquire+0xd6a/0x59e0\n ? nvme_tcp_get_address+0xc2/0x1e0 [nvme_tcp]\n nvme_tcp_get_address+0xc2/0x1e0 [nvme_tcp]\n ? __pfx_nvme_tcp_get_address+0x10/0x10 [nvme_tcp]\n nvme_sysfs_show_address+0x81/0xc0 [nvme_core]\n dev_attr_show+0x42/0x80\n ? __asan_memset+0x1f/0x40\n sysfs_kf_seq_show+0x1f0/0x370\n seq_read_iter+0x2cb/0x1130\n ? rw_verify_area+0x3b1/0x590\n ? __mutex_lock+0x433/0x1220\n vfs_read+0x6a6/0xa20\n ? lockdep_hardirqs_on+0x78/0x100\n ? __pfx_vfs_read+0x10/0x10\n ksys_read+0xf7/0x1d0\n ? __pfx_ksys_read+0x10/0x10\n ? __x64_sys_openat+0x105/0x1d0\n do_syscall_64+0x93/0x180\n ? lockdep_hardirqs_on_prepare+0x16d/0x400\n ? do_syscall_64+0x9f/0x180\n ? lockdep_hardirqs_on+0x78/0x100\n ? do_syscall_64+0x9f/0x180\n ? __pfx_ksys_read+0x10/0x10\n ? lockdep_hardirqs_on_prepare+0x16d/0x400\n ? do_syscall_64+0x9f/0x180\n ? lockdep_hardirqs_on+0x78/0x100\n ? do_syscall_64+0x9f/0x180\n ? lockdep_hardirqs_on_prepare+0x16d/0x400\n ? do_syscall_64+0x9f/0x180\n ? lockdep_hardirqs_on+0x78/0x100\n ? do_syscall_64+0x9f/0x180\n ? lockdep_hardirqs_on_prepare+0x16d/0x400\n ? do_syscall_64+0x9f/0x180\n ? lockdep_hardirqs_on+0x78/0x100\n ? do_syscall_64+0x9f/0x180\n ? lockdep_hardirqs_on_prepare+0x16d/0x400\n ? do_syscall_64+0x9f/0x180\n ? lockdep_hardirqs_on+0x78/0x100\n ? do_syscall_64+0x9f/0x180\n ? do_syscall_64+0x9f/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f9713f55cfa\nCode: 55 48 89 e5 48 83 ec 20 48 89 55 e8 48 89 75 f0 89 7d f8 e8 e8 74 f8 ff 48 8b 55 e8 48 8b 75 f0 4\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53100",
"url": "https://www.suse.com/security/cve/CVE-2024-53100"
},
{
"category": "external",
"summary": "SUSE Bug 1233771 for CVE-2024-53100",
"url": "https://bugzilla.suse.com/1233771"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-53100"
},
{
"cve": "CVE-2024-53101",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53101"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: Fix uninitialized value issue in from_kuid and from_kgid\n\nocfs2_setattr() uses attr-\u003eia_mode, attr-\u003eia_uid and attr-\u003eia_gid in\na trace point even though ATTR_MODE, ATTR_UID and ATTR_GID aren\u0027t set.\n\nInitialize all fields of newattrs to avoid uninitialized variables, by\nchecking if ATTR_MODE, ATTR_UID, ATTR_GID are initialized, otherwise 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53101",
"url": "https://www.suse.com/security/cve/CVE-2024-53101"
},
{
"category": "external",
"summary": "SUSE Bug 1233769 for CVE-2024-53101",
"url": "https://bugzilla.suse.com/1233769"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-53101"
},
{
"cve": "CVE-2024-53104",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53104"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format\n\nThis can lead to out of bounds writes since frames of this type were not\ntaken into account when calculating the size of the frames buffer in\nuvc_parse_streaming.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53104",
"url": "https://www.suse.com/security/cve/CVE-2024-53104"
},
{
"category": "external",
"summary": "SUSE Bug 1234025 for CVE-2024-53104",
"url": "https://bugzilla.suse.com/1234025"
},
{
"category": "external",
"summary": "SUSE Bug 1236783 for CVE-2024-53104",
"url": "https://bugzilla.suse.com/1236783"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "important"
}
],
"title": "CVE-2024-53104"
},
{
"cve": "CVE-2024-53106",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53106"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nima: fix buffer overrun in ima_eventdigest_init_common\n\nFunction ima_eventdigest_init() calls ima_eventdigest_init_common()\nwith HASH_ALGO__LAST which is then used to access the array\nhash_digest_size[] leading to buffer overrun. Have a conditional\nstatement to handle this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53106",
"url": "https://www.suse.com/security/cve/CVE-2024-53106"
},
{
"category": "external",
"summary": "SUSE Bug 1234083 for CVE-2024-53106",
"url": "https://bugzilla.suse.com/1234083"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-53106"
},
{
"cve": "CVE-2024-53108",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53108"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Adjust VSDB parser for replay feature\n\nAt some point, the IEEE ID identification for the replay check in the\nAMD EDID was added. However, this check causes the following\nout-of-bounds issues when using KASAN:\n\n[ 27.804016] BUG: KASAN: slab-out-of-bounds in amdgpu_dm_update_freesync_caps+0xefa/0x17a0 [amdgpu]\n[ 27.804788] Read of size 1 at addr ffff8881647fdb00 by task systemd-udevd/383\n\n...\n\n[ 27.821207] Memory state around the buggy address:\n[ 27.821215] ffff8881647fda00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 27.821224] ffff8881647fda80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 27.821234] \u003effff8881647fdb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[ 27.821243] ^\n[ 27.821250] ffff8881647fdb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[ 27.821259] ffff8881647fdc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 27.821268] ==================================================================\n\nThis is caused because the ID extraction happens outside of the range of\nthe edid lenght. This commit addresses this issue by considering the\namd_vsdb_block size.\n\n(cherry picked from commit b7e381b1ccd5e778e3d9c44c669ad38439a861d8)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53108",
"url": "https://www.suse.com/security/cve/CVE-2024-53108"
},
{
"category": "external",
"summary": "SUSE Bug 1234081 for CVE-2024-53108",
"url": "https://bugzilla.suse.com/1234081"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-53108"
},
{
"cve": "CVE-2024-53110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53110"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvp_vdpa: fix id_table array not null terminated error\n\nAllocate one extra virtio_device_id as null terminator, otherwise\nvdpa_mgmtdev_get_classes() may iterate multiple times and visit\nundefined memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53110",
"url": "https://www.suse.com/security/cve/CVE-2024-53110"
},
{
"category": "external",
"summary": "SUSE Bug 1234085 for CVE-2024-53110",
"url": "https://bugzilla.suse.com/1234085"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-53110"
},
{
"cve": "CVE-2024-53112",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53112"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: uncache inode which has failed entering the group\n\nSyzbot has reported the following BUG:\n\nkernel BUG at fs/ocfs2/uptodate.c:509!\n...\nCall Trace:\n \u003cTASK\u003e\n ? __die_body+0x5f/0xb0\n ? die+0x9e/0xc0\n ? do_trap+0x15a/0x3a0\n ? ocfs2_set_new_buffer_uptodate+0x145/0x160\n ? do_error_trap+0x1dc/0x2c0\n ? ocfs2_set_new_buffer_uptodate+0x145/0x160\n ? __pfx_do_error_trap+0x10/0x10\n ? handle_invalid_op+0x34/0x40\n ? ocfs2_set_new_buffer_uptodate+0x145/0x160\n ? exc_invalid_op+0x38/0x50\n ? asm_exc_invalid_op+0x1a/0x20\n ? ocfs2_set_new_buffer_uptodate+0x2e/0x160\n ? ocfs2_set_new_buffer_uptodate+0x144/0x160\n ? ocfs2_set_new_buffer_uptodate+0x145/0x160\n ocfs2_group_add+0x39f/0x15a0\n ? __pfx_ocfs2_group_add+0x10/0x10\n ? __pfx_lock_acquire+0x10/0x10\n ? mnt_get_write_access+0x68/0x2b0\n ? __pfx_lock_release+0x10/0x10\n ? rcu_read_lock_any_held+0xb7/0x160\n ? __pfx_rcu_read_lock_any_held+0x10/0x10\n ? smack_log+0x123/0x540\n ? mnt_get_write_access+0x68/0x2b0\n ? mnt_get_write_access+0x68/0x2b0\n ? mnt_get_write_access+0x226/0x2b0\n ocfs2_ioctl+0x65e/0x7d0\n ? __pfx_ocfs2_ioctl+0x10/0x10\n ? smack_file_ioctl+0x29e/0x3a0\n ? __pfx_smack_file_ioctl+0x10/0x10\n ? lockdep_hardirqs_on_prepare+0x43d/0x780\n ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10\n ? __pfx_ocfs2_ioctl+0x10/0x10\n __se_sys_ioctl+0xfb/0x170\n do_syscall_64+0xf3/0x230\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n \u003c/TASK\u003e\n\nWhen \u0027ioctl(OCFS2_IOC_GROUP_ADD, ...)\u0027 has failed for the particular\ninode in \u0027ocfs2_verify_group_and_input()\u0027, corresponding buffer head\nremains cached and subsequent call to the same \u0027ioctl()\u0027 for the same\ninode issues the BUG() in \u0027ocfs2_set_new_buffer_uptodate()\u0027 (trying\nto cache the same buffer head of that inode). Fix this by uncaching\nthe buffer head with \u0027ocfs2_remove_from_cache()\u0027 on error path in\n\u0027ocfs2_group_add()\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53112",
"url": "https://www.suse.com/security/cve/CVE-2024-53112"
},
{
"category": "external",
"summary": "SUSE Bug 1234087 for CVE-2024-53112",
"url": "https://bugzilla.suse.com/1234087"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-53112"
},
{
"cve": "CVE-2024-53114",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53114"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client\n\nA number of Zen4 client SoCs advertise the ability to use virtualized\nVMLOAD/VMSAVE, but using these instructions is reported to be a cause\nof a random host reboot.\n\nThese instructions aren\u0027t intended to be advertised on Zen4 client\nso clear the capability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53114",
"url": "https://www.suse.com/security/cve/CVE-2024-53114"
},
{
"category": "external",
"summary": "SUSE Bug 1234072 for CVE-2024-53114",
"url": "https://bugzilla.suse.com/1234072"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-53114"
},
{
"cve": "CVE-2024-53121",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53121"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: fs, lock FTE when checking if active\n\nThe referenced commits introduced a two-step process for deleting FTEs:\n\n- Lock the FTE, delete it from hardware, set the hardware deletion function\n to NULL and unlock the FTE.\n- Lock the parent flow group, delete the software copy of the FTE, and\n remove it from the xarray.\n\nHowever, this approach encounters a race condition if a rule with the same\nmatch value is added simultaneously. In this scenario, fs_core may set the\nhardware deletion function to NULL prematurely, causing a panic during\nsubsequent rule deletions.\n\nTo prevent this, ensure the active flag of the FTE is checked under a lock,\nwhich will prevent the fs_core layer from attaching a new steering rule to\nan FTE that is in the process of deletion.\n\n[ 438.967589] MOSHE: 2496 mlx5_del_flow_rules del_hw_func\n[ 438.968205] ------------[ cut here ]------------\n[ 438.968654] refcount_t: decrement hit 0; leaking memory.\n[ 438.969249] WARNING: CPU: 0 PID: 8957 at lib/refcount.c:31 refcount_warn_saturate+0xfb/0x110\n[ 438.970054] Modules linked in: act_mirred cls_flower act_gact sch_ingress openvswitch nsh mlx5_vdpa vringh vhost_iotlb vdpa mlx5_ib mlx5_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm ib_uverbs ib_core zram zsmalloc fuse [last unloaded: cls_flower]\n[ 438.973288] CPU: 0 UID: 0 PID: 8957 Comm: tc Not tainted 6.12.0-rc1+ #8\n[ 438.973888] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n[ 438.974874] RIP: 0010:refcount_warn_saturate+0xfb/0x110\n[ 438.975363] Code: 40 66 3b 82 c6 05 16 e9 4d 01 01 e8 1f 7c a0 ff 0f 0b c3 cc cc cc cc 48 c7 c7 10 66 3b 82 c6 05 fd e8 4d 01 01 e8 05 7c a0 ff \u003c0f\u003e 0b c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 90\n[ 438.976947] RSP: 0018:ffff888124a53610 EFLAGS: 00010286\n[ 438.977446] RAX: 0000000000000000 RBX: ffff888119d56de0 RCX: 0000000000000000\n[ 438.978090] RDX: ffff88852c828700 RSI: ffff88852c81b3c0 RDI: ffff88852c81b3c0\n[ 438.978721] RBP: ffff888120fa0e88 R08: 0000000000000000 R09: ffff888124a534b0\n[ 438.979353] R10: 0000000000000001 R11: 0000000000000001 R12: ffff888119d56de0\n[ 438.979979] R13: ffff888120fa0ec0 R14: ffff888120fa0ee8 R15: ffff888119d56de0\n[ 438.980607] FS: 00007fe6dcc0f800(0000) GS:ffff88852c800000(0000) knlGS:0000000000000000\n[ 438.983984] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 438.984544] CR2: 00000000004275e0 CR3: 0000000186982001 CR4: 0000000000372eb0\n[ 438.985205] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 438.985842] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 438.986507] Call Trace:\n[ 438.986799] \u003cTASK\u003e\n[ 438.987070] ? __warn+0x7d/0x110\n[ 438.987426] ? refcount_warn_saturate+0xfb/0x110\n[ 438.987877] ? report_bug+0x17d/0x190\n[ 438.988261] ? prb_read_valid+0x17/0x20\n[ 438.988659] ? handle_bug+0x53/0x90\n[ 438.989054] ? exc_invalid_op+0x14/0x70\n[ 438.989458] ? asm_exc_invalid_op+0x16/0x20\n[ 438.989883] ? refcount_warn_saturate+0xfb/0x110\n[ 438.990348] mlx5_del_flow_rules+0x2f7/0x340 [mlx5_core]\n[ 438.990932] __mlx5_eswitch_del_rule+0x49/0x170 [mlx5_core]\n[ 438.991519] ? mlx5_lag_is_sriov+0x3c/0x50 [mlx5_core]\n[ 438.992054] ? xas_load+0x9/0xb0\n[ 438.992407] mlx5e_tc_rule_unoffload+0x45/0xe0 [mlx5_core]\n[ 438.993037] mlx5e_tc_del_fdb_flow+0x2a6/0x2e0 [mlx5_core]\n[ 438.993623] mlx5e_flow_put+0x29/0x60 [mlx5_core]\n[ 438.994161] mlx5e_delete_flower+0x261/0x390 [mlx5_core]\n[ 438.994728] tc_setup_cb_destroy+0xb9/0x190\n[ 438.995150] fl_hw_destroy_filter+0x94/0xc0 [cls_flower]\n[ 438.995650] fl_change+0x11a4/0x13c0 [cls_flower]\n[ 438.996105] tc_new_tfilter+0x347/0xbc0\n[ 438.996503] ? __\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53121",
"url": "https://www.suse.com/security/cve/CVE-2024-53121"
},
{
"category": "external",
"summary": "SUSE Bug 1234078 for CVE-2024-53121",
"url": "https://bugzilla.suse.com/1234078"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-53121"
},
{
"cve": "CVE-2024-53138",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53138"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: kTLS, Fix incorrect page refcounting\n\nThe kTLS tx handling code is using a mix of get_page() and\npage_ref_inc() APIs to increment the page reference. But on the release\npath (mlx5e_ktls_tx_handle_resync_dump_comp()), only put_page() is used.\n\nThis is an issue when using pages from large folios: the get_page()\nreferences are stored on the folio page while the page_ref_inc()\nreferences are stored directly in the given page. On release the folio\npage will be dereferenced too many times.\n\nThis was found while doing kTLS testing with sendfile() + ZC when the\nserved file was read from NFS on a kernel with NFS large folios support\n(commit 49b29a573da8 (\"nfs: add support for large folios\")).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53138",
"url": "https://www.suse.com/security/cve/CVE-2024-53138"
},
{
"category": "external",
"summary": "SUSE Bug 1234223 for CVE-2024-53138",
"url": "https://bugzilla.suse.com/1234223"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-24.1.21.4.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-24.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-1-1.2.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-24.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-27T14:05:14Z",
"details": "moderate"
}
],
"title": "CVE-2024-53138"
}
]
}
SUSE-SU-2024:4318-1
Vulnerability from csaf_suse - Published: 2024-12-13 15:33 - Updated: 2024-12-13 15:33Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642).
- CVE-2023-52778: mptcp: deal with large GSO size (bsc#1224948).
- CVE-2023-52920: bpf: support non-r10 register spill/fill to/from stack in precision tracking (bsc#1232823).
- CVE-2023-6270: aoe: fix the potential use-after-free problem in more places (bsc#1218562).
- CVE-2024-26596: net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events (bsc#1220355).
- CVE-2024-26741: dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished() (bsc#1222587).
- CVE-2024-26782: mptcp: fix double-free on socket dismantle (bsc#1222590).
- CVE-2024-26953: net: esp: fix bad handling of pages from page_pool (bsc#1223656).
- CVE-2024-27017: netfilter: nft_set_pipapo: walk over current view on netlink dump (bsc#1223733).
- CVE-2024-35888: erspan: make sure erspan_base_hdr is present in skb->head (bsc#1224518).
- CVE-2024-36000: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (bsc#1224548).
- CVE-2024-36244: net/sched: taprio: extend minimum interval restriction to entire cycle too (bsc#1226797).
- CVE-2024-36883: net: fix out-of-bounds access in ops_init (bsc#1225725).
- CVE-2024-36886: tipc: fix UAF in error path (bsc#1225730).
- CVE-2024-36905: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (bsc#1225742).
- CVE-2024-36927: ipv4: Fix uninit-value access in __ip_make_skb() (bsc#1225813).
- CVE-2024-36954: tipc: fix a possible memleak in tipc_buf_append (bsc#1225764).
- CVE-2024-36968: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() (bsc#1226130).
- CVE-2024-38589: netrom: fix possible dead-lock in nr_rt_ioctl() (bsc#1226748).
- CVE-2024-40914: mm/huge_memory: do not unpoison huge_zero_folio (bsc#1227842).
- CVE-2024-41023: sched/deadline: Fix task_struct reference leak (bsc#1228430).
- CVE-2024-41031: mm/filemap: skip to create PMD-sized page cache if needed (bsc#1228454).
- CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620).
- CVE-2024-42102: Revert 'mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again' (bsc#1233132).
- CVE-2024-44958: sched/smt: Fix unbalance sched_smt_present dec/inc (bsc#1230179).
- CVE-2024-44995: net: hns3: fix a deadlock problem when config TC during resetting (bsc#1230231).
- CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429).
- CVE-2024-45025: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (bsc#1230456).
- CVE-2024-46678: bonding: change ipsec_lock from spin lock to mutex (bsc#1230550).
- CVE-2024-46680: Bluetooth: btnxpuart: Fix random crash seen while removing driver (bsc#1230557).
- CVE-2024-46681: pktgen: use cpus_read_lock() in pg_net_init() (bsc#1230558).
- CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710)
- CVE-2024-46754: bpf: Remove tst_run from lwt_seg6local_prog_ops (bsc#1230801).
- CVE-2024-46765: ice: protect XDP configuration with a mutex (bsc#1230807).
- CVE-2024-46766: ice: move netif_queue_set_napi to rtnl-protected sections (bsc#1230762).
- CVE-2024-46770: ice: Add netif_device_attach/detach into PF reset flow (bsc#1230763).
- CVE-2024-46775: drm/amd/display: Validate function returns (bsc#1230774).
- CVE-2024-46777: udf: Avoid excessive partition lengths (bsc#1230773).
- CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827).
- CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191).
- CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197).
- CVE-2024-46826: ELF: fix kernel.randomize_va_space double read (bsc#1231115).
- CVE-2024-46828: sched: sch_cake: fix bulk flow accounting logic for host fairness (bsc#1231114).
- CVE-2024-46831: net: microchip: vcap: Fix use-after-free error in kunit test (bsc#1231117).
- CVE-2024-46834: ethtool: fail closed if we can't get max channel used in indirection tables (bsc#1231096).
- CVE-2024-46840: btrfs: clean up our handling of refs == 0 in snapshot delete (bsc#1231105).
- CVE-2024-46841: btrfs: do not BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() (bsc#1231094).
- CVE-2024-46843: scsi: ufs: core: Remove SCSI host only if added (bsc#1231100).
- CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084).
- CVE-2024-46855: netfilter: nft_socket: fix sk refcount leaks (bsc#1231085).
- CVE-2024-46857: net/mlx5: Fix bridge mode operations when there are no VFs (bsc#1231087).
- CVE-2024-46870: drm/amd/display: Disable DMCUB timeout for DCN35 (bsc#1231435).
- CVE-2024-47658: crypto: stm32/cryp - call finalize with bh disabled (bsc#1231436).
- CVE-2024-47660: fsnotify: clear PARENT_WATCHED flags lazily (bsc#1231439).
- CVE-2024-47664: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware (bsc#1231442).
- CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673).
- CVE-2024-47679: vfs: fix race between evice_inodes() and find_inode()&iput() (bsc#1231930).
- CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987).
- CVE-2024-47685: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (bsc#1231998).
- CVE-2024-47687: vdpa/mlx5: Fix invalid mr resource destroy (bsc#1232003).
- CVE-2024-47692: nfsd: return -EINVAL when namelen is 0 (bsc#1231857).
- CVE-2024-47701: ext4: avoid OOB when system.data xattr changes underneath the filesystem (bsc#1231920).
- CVE-2024-47703: bpf, lsm: add check for BPF LSM return value (bsc#1231946).
- CVE-2024-47704: drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944).
- CVE-2024-47705: block: fix potential invalid pointer dereference in blk_add_partition (bsc#1231872).
- CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942).
- CVE-2024-47707: ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (bsc#1231935).
- CVE-2024-47710: sock_map: Add a cond_resched() in sock_hash_free() (bsc#1232049).
- CVE-2024-47727: x86/tdx: Fix 'in-kernel MMIO' check (bsc#1232116).
- CVE-2024-47730: crypto: hisilicon/qm - inject error before stopping queue (bsc#1232075).
- CVE-2024-47731: drivers/perf: Fix ali_drw_pmu driver interrupt status clearing (bsc#1232117).
- CVE-2024-47739: padata: use integer wrap around to prevent deadlock on seq_nr overflow (bsc#1232124).
- CVE-2024-47741: btrfs: fix race setting file private on concurrent lseek using same fd (bsc#1231869).
- CVE-2024-47745: mm: call the security_mmap_file() LSM hook in remap_file_pages() (bsc#1232135).
- CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145).
- CVE-2024-47752: media: mediatek: vcodec: Fix H264 stateless decoder smatch warning (bsc#1232130).
- CVE-2024-47753: media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning (bsc#1231868).
- CVE-2024-47754: media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning (bsc#1232131).
- CVE-2024-49852: scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() (bsc#1232819).
- CVE-2024-49864: rxrpc: Fix a race between socket set up and I/O thread creation (bsc#1232256).
- CVE-2024-49867: btrfs: wait for fixup workers before stopping cleaner kthread during umount (bsc#1232262).
- CVE-2024-49868: btrfs: fix a NULL pointer dereference when failed to start a new trasacntion (bsc#1232272).
- CVE-2024-49881: ext4: update orig_path in ext4_find_extent() (bsc#1232201).
- CVE-2024-49882: ext4: fix double brelse() the buffer of the extents path (bsc#1232200).
- CVE-2024-49883: ext4: aovid use-after-free in ext4_ext_insert_extent() (bsc#1232199).
- CVE-2024-49888: bpf: Fix a sdiv overflow issue (bsc#1232208).
- CVE-2024-49890: drm/amd/pm: ensure the fw_info is not null before using it (bsc#1232217).
- CVE-2024-49892: drm/amd/display: Initialize get_bytes_per_element's default to 1 (bsc#1232220).
- CVE-2024-49894: drm/amd/display: Fix index out of bounds in degamma hardware format translation (bsc#1232354).
- CVE-2024-49895: drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation (bsc#1232352).
- CVE-2024-49896: drm/amd/display: Check stream before comparing them (bsc#1232221).
- CVE-2024-49897: drm/amd/display: Check phantom_stream before it is used (bsc#1232355).
- CVE-2024-49898: drm/amd/display: Check null-initialized variables (bsc#1232222).
- CVE-2024-49899: drm/amd/display: Initialize denominators' default to 1 (bsc#1232358).
- CVE-2024-49901: drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs (bsc#1232305).
- CVE-2024-49906: drm/amd/display: Check null pointer before try to access it (bsc#1232332).
- CVE-2024-49907: drm/amd/display: Check null pointers before using dc->clk_mgr (bsc#1232334).
- CVE-2024-49908: drm/amd/display: Add null check for 'afb' in amdgpu_dm_update_cursor (bsc#1232335).
- CVE-2024-49909: drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func (bsc#1232337).
- CVE-2024-49911: drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func (bsc#1232366).
- CVE-2024-49912: drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream' (bsc#1232367).
- CVE-2024-49913: drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream (bsc#1232307).
- CVE-2024-49914: drm/amd/display: Add null check for pipe_ctx->plane_state in (bsc#1232369).
- CVE-2024-49917: drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn30_init_hw (bsc#1231965).
- CVE-2024-49918: drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer (bsc#1231967).
- CVE-2024-49919: drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer (bsc#1231968).
- CVE-2024-49920: drm/amd/display: Check null pointers before multiple uses (bsc#1232313).
- CVE-2024-49921: drm/amd/display: Check null pointers before used (bsc#1232371).
- CVE-2024-49922: drm/amd/display: Check null pointers before using them (bsc#1232374).
- CVE-2024-49923: drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags (bsc#1232361).
- CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224)
- CVE-2024-49933: blk_iocost: fix more out of bound shifts (bsc#1232368).
- CVE-2024-49934: fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name (bsc#1232387).
- CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424).
- CVE-2024-49944: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start (bsc#1232166).
- CVE-2024-49945: net/ncsi: Disable the ncsi work before freeing the associated structure (bsc#1232165).
- CVE-2024-49946: ppp: do not assume bh is held in ppp_channel_bridge_input() (bsc#1232164).
- CVE-2024-49949: net: avoid potential underflow in qdisc_pkt_len_init() with UFO (bsc#1232160).
- CVE-2024-49950: Bluetooth: L2CAP: Fix uaf in l2cap_connect (bsc#1232159).
- CVE-2024-49952: netfilter: nf_tables: prevent nf_skb_duplicated corruption (bsc#1232157).
- CVE-2024-49953: net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice (bsc#1232156).
- CVE-2024-49954: static_call: Replace pointless WARN_ON() in static_call_module_notify() (bsc#1232155).
- CVE-2024-49958: ocfs2: reserve space for inline xattr before attaching reflink tree (bsc#1232151).
- CVE-2024-49959: jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (bsc#1232149).
- CVE-2024-49960: ext4: fix timer use-after-free on failed mount (bsc#1232395).
- CVE-2024-49967: ext4: no need to continue when the number of entries is 1 (bsc#1232140).
- CVE-2024-49968: ext4: filesystems without casefold feature cannot be mounted with siphash (bsc#1232264).
- CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519).
- CVE-2024-49972: drm/amd/display: Deallocate DML memory if allocation fails (bsc#1232315).
- CVE-2024-49973: r8169: add tally counter fields added with RTL8125 (bsc#1232105).
- CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383).
- CVE-2024-49983: ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free (bsc#1232096).
- CVE-2024-49986: platform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors (bsc#1232093).
- CVE-2024-49987: bpftool: Fix undefined behavior in qsort(NULL, 0, ...) (bsc#1232258).
- CVE-2024-49989: drm/amd/display: fix double free issue during amdgpu module unload (bsc#1232483).
- CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282).
- CVE-2024-49993: iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count (bsc#1232316).
- CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432).
- CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points (bsc#1232089).
- CVE-2024-50000: net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (bsc#1232085).
- CVE-2024-50001: net/mlx5: Fix error path in multi-packet WQE transmit (bsc#1232084).
- CVE-2024-50002: static_call: Handle module init failure correctly in static_call_del_module() (bsc#1232083).
- CVE-2024-50003: drm/amd/display: Fix system hang while resume with TBT monitor (bsc#1232385).
- CVE-2024-50004: drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35 (bsc#1232396).
- CVE-2024-50006: ext4: fix i_data_sem unlock order in ext4_ind_migrate() (bsc#1232442).
- CVE-2024-50009: cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value (bsc#1232318).
- CVE-2024-50012: cpufreq: Avoid a bad reference count on CPU node (bsc#1232386).
- CVE-2024-50014: ext4: fix access to uninitialised lock in fc replay path (bsc#1232446).
- CVE-2024-50015: ext4: dax: fix overflowing extents beyond inode size when partially writing (bsc#1232079).
- CVE-2024-50020: ice: Fix improper handling of refcount in ice_sriov_set_msix_vec_count() (bsc#1231989).
- CVE-2024-50021: ice: Fix improper handling of refcount in ice_dpll_init_rclk_pins() (bsc#1231957).
- CVE-2024-50022: device-dax: correct pgoff align in dax_set_mapping() (bsc#1231956).
- CVE-2024-50024: net: Fix an unsafe loop on the list (bsc#1231954).
- CVE-2024-50027: thermal: core: Free tzp copy along with the thermal zone (bsc#1231951).
- CVE-2024-50028: thermal: core: Reference count the zone in thermal_zone_get_by_id() (bsc#1231950).
- CVE-2024-50033: slip: make slhc_remember() more robust against malicious packets (bsc#1231914).
- CVE-2024-50035: ppp: fix ppp_async_encode() illegal access (bsc#1232392).
- CVE-2024-50040: igb: Do not bring the device up after non-fatal error (bsc#1231908).
- CVE-2024-50041: i40e: Fix macvlan leak by synchronizing access to mac_filter_hash (bsc#1231907).
- CVE-2024-50042: ice: Fix increasing MSI-X on VF (bsc#1231906).
- CVE-2024-50045: netfilter: br_netfilter: fix panic with metadata_dst skb (bsc#1231903).
- CVE-2024-50046: NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() (bsc#1231902).
- CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418).
- CVE-2024-50059: ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition (bsc#1232345).
- CVE-2024-50060: io_uring: check if we need to reschedule during overflow flush (bsc#1232417).
- CVE-2024-50063: bpf: Prevent tail call between progs attached to different hooks (bsc#1232435).
- CVE-2024-50064: zram: free secondary algorithms names (bsc#1231901).
- CVE-2024-50080: ublk: do not allow user copy for unprivileged device (bsc#1232502).
- CVE-2024-50081: blk-mq: setup queue ->tag_set before initializing hctx (bsc#1232501).
- CVE-2024-50082: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (bsc#1232500).
- CVE-2024-50084: net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test() (bsc#1232494).
- CVE-2024-50087: btrfs: fix uninitialized pointer free on read_alloc_one_name() error (bsc#1232499).
- CVE-2024-50088: btrfs: fix uninitialized pointer free in add_inode_ref() (bsc#1232498).
- CVE-2024-50098: scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down (bsc#1232881).
- CVE-2024-50110: xfrm: fix one more kernel-infoleak in algo dumping (bsc#1232885).
- CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919).
- CVE-2024-50124: Bluetooth: ISO: Fix UAF on iso_sock_timeout (bsc#1232926).
- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928).
- CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907).
- CVE-2024-50128: net: wwan: fix global oob in wwan_rtnl_policy (bsc#1232905).
- CVE-2024-50130: netfilter: bpf: must hold reference on net namespace (bsc#1232894).
- CVE-2024-50138: bpf: Use raw_spinlock_t in ringbuf (bsc#1232935).
- CVE-2024-50139: KVM: arm64: Fix shift-out-of-bounds bug (bsc#1233062).
- CVE-2024-50145: octeon_ep: add SKB allocation failures handling in __octep_oq_process_rx() (bsc#1233044).
- CVE-2024-50153: scsi: target: core: Fix null-ptr-deref in target_alloc_device() (bsc#1233061).
- CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233070).
- CVE-2024-50166: fsl/fman: Fix refcount handling of fman-related devices (bsc#1233050).
- CVE-2024-50167: be2net: fix potential memory leak in be_xmit() (bsc#1233049).
- CVE-2024-50169: vsock: Update rx_bytes on read_skb() (bsc#1233320).
- CVE-2024-50171: net: systemport: fix potential memory leak in bcm_sysport_xmit() (bsc#1233057).
- CVE-2024-50177: drm/amd/display: fix a UBSAN warning in DML2.1 (bsc#1233115).
- CVE-2024-50182: secretmem: disable memfd_secret() if arch cannot set direct map (bsc#1233129).
- CVE-2024-50184: virtio_pmem: Check device status before requesting flush (bsc#1233135).
- CVE-2024-50186: net: explicitly clear the sk pointer, when pf->create fails (bsc#1233110).
- CVE-2024-50192: irqchip/gic-v4: Do not allow a VMOVP on a dying VPE (bsc#1233106).
- CVE-2024-50195: posix-clock: Fix missing timespec64 check in pc_clock_settime() (bsc#1233103).
- CVE-2024-50225: btrfs: fix error propagation of split bios (bsc#1233193).
- CVE-2024-50230: nilfs2: fix kernel bug due to missing clearing of checked flag (bsc#1233206).
- CVE-2024-50245: fs/ntfs3: Fix possible deadlock in mi_read (bsc#1233203).
- CVE-2024-50246: fs/ntfs3: Add rough attr alloc_size check (bsc#1233207).
- CVE-2024-50250: fsdax: dax_unshare_iter needs to copy entire blocks (bsc#1233226).
- CVE-2024-50252: mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address (bsc#1233201).
- CVE-2024-50257: netfilter: Fix use-after-free in get_info() (bsc#1233244).
- CVE-2024-50261: macsec: Fix use-after-free while sending the offloading packet (bsc#1233253).
- CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453).
- CVE-2024-50271: signal: restore the override_rlimit logic (bsc#1233460).
- CVE-2024-50273: btrfs: reinitialize delayed ref list after deleting it from the list (bsc#1233462).
- CVE-2024-50274: idpf: avoid vport access in idpf_get_link_ksettings (bsc#1233463).
- CVE-2024-50275: arm64/sve: Discard stale CPU state when handling SVE traps (bsc#1233464).
- CVE-2024-50276: net: vertexcom: mse102x: Fix possible double free of TX skb (bsc#1233465).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
- CVE-2024-50289: media: av7110: fix a spectre vulnerability (bsc#1233478).
- CVE-2024-50295: net: arc: fix the device for dma_map_single/dma_unmap_single (bsc#1233484).
- CVE-2024-50296: net: hns3: fix kernel crash when uninstalling driver (bsc#1233485).
- CVE-2024-50298: net: enetc: allocate vf_state during PF probes (bsc#1233487).
- CVE-2024-53042: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() (bsc#1233540).
- CVE-2024-53043: mctp i2c: handle NULL header address (bsc#1233523).
- CVE-2024-53048: ice: fix crash on probe for DPLL enabled E810 LOM (bsc#1233721).
- CVE-2024-53051: drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability (bsc#1233547).
- CVE-2024-53055: wifi: iwlwifi: mvm: fix 6 GHz scan construction (bsc#1233550).
- CVE-2024-53056: drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy() (bsc#1233568).
- CVE-2024-53058: net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data (bsc#1233552).
- CVE-2024-53079: mm/thp: fix deferred split unqueue naming and locking (bsc#1233570).
- CVE-2024-53082: virtio_net: Add hash_key_length check (bsc#1233573).
- CVE-2024-53110: vp_vdpa: fix id_table array not null terminated error (bsc#1234085).
- CVE-2024-53121: net/mlx5: fs, lock FTE when checking if active (bsc#1234078).
- CVE-2024-53138: net/mlx5e: kTLS, Fix incorrect page refcounting (bsc#1234223).
The following non-security bugs were fixed:
- 9p: explicitly deny setlease attempts (git-fixes).
- ACPI: CPPC: Add support for setting EPP register in FFH (stable-fixes).
- ACPI: CPPC: Fix _CPC register setting issue (git-fixes).
- ACPI: CPPC: Make rmw_lock a raw_spin_lock (git-fixes).
- ACPI: EC: Do not release locks during operation region accesses (stable-fixes).
- ACPI: PAD: fix crash in exit_round_robin() (stable-fixes).
- ACPI: PRM: Clean up guid type in struct prm_handler_info (git-fixes).
- ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context (git-fixes).
- ACPI: battery: Fix possible crash when unregistering a battery hook (git-fixes).
- ACPI: battery: Simplify battery hook locking (stable-fixes).
- ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue (stable-fixes).
- ACPI: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[] (stable-fixes).
- ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[] (stable-fixes).
- ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[] (stable-fixes).
- ACPI: resource: Add another DMI match for the TongFang GMxXGxx (stable-fixes).
- ACPI: video: Add force_vendor quirk for Panasonic Toughbook CF-18 (stable-fixes).
- ACPICA: Fix memory leak if acpi_ps_get_next_field() fails (stable-fixes).
- ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails (stable-fixes).
- ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() (stable-fixes).
- ACPICA: iasl: handle empty connection_node (stable-fixes).
- ALSA/hda: intel-sdw-acpi: cleanup sdw_intel_scan_controller (stable-fixes).
- ALSA/hda: intel-sdw-acpi: fetch fwnode once in sdw_intel_scan_controller() (stable-fixes).
- ALSA/hda: intel-sdw-acpi: simplify sdw-master-count property read (stable-fixes).
- ALSA: 6fire: Release resources at card release (git-fixes).
- ALSA: Reorganize kerneldoc parameter names (stable-fixes).
- ALSA: ac97: bus: Fix the mistake in the comment (git-fixes).
- ALSA: asihpi: Fix potential OOB array access (stable-fixes).
- ALSA: caiaq: Use snd_card_free_when_closed() at disconnection (git-fixes).
- ALSA: core: add isascii() check to card ID generator (stable-fixes).
- ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (git-fixes).
- ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init() (git-fixes).
- ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2 (stable-fixes).
- ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne 1000 G2 (git-fixes).
- ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin (git-fixes).
- ALSA: hda/conexant: fix Z60MR100 startup pop issue (stable-fixes).
- ALSA: hda/conexant: fix some typos (stable-fixes).
- ALSA: hda/cs8409: Fix possible NULL dereference (git-fixes).
- ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs (bsc#1219803).
- ALSA: hda/realtek - Fixed Clevo platform headset Mic issue (stable-fixes).
- ALSA: hda/realtek - update set GPIO3 to default for Thinkpad with ALC1318 (git-fixes).
- ALSA: hda/realtek: Add a quirk for HP Pavilion 15z-ec200 (stable-fixes).
- ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9 (stable-fixes).
- ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593 (stable-fixes).
- ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13 (stable-fixes).
- ALSA: hda/realtek: Add support for Samsung Galaxy Book3 360 (NP730QFG) (stable-fixes).
- ALSA: hda/realtek: Apply quirk for Medion E15433 (bsc#1233298).
- ALSA: hda/realtek: Enable mic on Vaio VJFH52 (stable-fixes).
- ALSA: hda/realtek: Enable mute and micmute LED on HP ProBook 430 G8 (stable-fixes).
- ALSA: hda/realtek: Enable speaker pins for Medion E15443 platform (bsc#1233298).
- ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max (bsc#1233298).
- ALSA: hda/realtek: Fix headset mic on TUXEDO Gemini 17 Gen3 (stable-fixes).
- ALSA: hda/realtek: Fix headset mic on TUXEDO Stellaris 16 Gen6 mb1 (stable-fixes).
- ALSA: hda/realtek: Fix the push button function for the ALC257 (git-fixes).
- ALSA: hda/realtek: Limit internal Mic boost on Dell platform (stable-fixes).
- ALSA: hda/realtek: Refactor and simplify Samsung Galaxy Book init (stable-fixes).
- ALSA: hda/realtek: Set PCBeep to default value for ALC274 (stable-fixes).
- ALSA: hda/realtek: Update ALC225 depop procedure (git-fixes).
- ALSA: hda/realtek: Update ALC256 depop procedure (git-fixes).
- ALSA: hda/realtek: Update default depop procedure (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LED for HP mt645 G8 (stable-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP EliteBook 645 G10 (stable-fixes).
- ALSA: hda/realtek: tas2781: Fix ROG ALLY X audio (stable-fixes).
- ALSA: hda/tas2781: Add new quirk for Lenovo Y990 Laptop (stable-fixes).
- ALSA: hda/tas2781: Add new quirk for Lenovo, ASUS, Dell projects (stable-fixes).
- ALSA: hda/tas2781: select CRC32 instead of CRC32_SARWATE (git-fixes).
- ALSA: hda: Poll jack events for LS7A HD-Audio (stable-fixes).
- ALSA: hda: Show the codec quirk info at probing (stable-fixes).
- ALSA: hda: Sound support for HP Spectre x360 16 inch model 2024 (stable-fixes).
- ALSA: hda: tas2781: Fix missing setup at runtime PM (bsc#1230132).
- ALSA: hdsp: Break infinite MIDI input flush loop (stable-fixes).
- ALSA: ice1712: Remove redundant code in stac9460_dac_vol_put (stable-fixes).
- ALSA: line6: add hw monitor volume control to POD HD500X (stable-fixes).
- ALSA: line6: update contact information (stable-fixes).
- ALSA: mixer_oss: Remove some incorrect kfree_const() usages (git-fixes).
- ALSA: pcm: Add sanity NULL check for the default mmap fault handler (stable-fixes).
- ALSA: silence integer wrapping warning (stable-fixes).
- ALSA: ump: Fix evaluation of MIDI 1.0 FB info (git-fixes).
- ALSA: us122l: Use snd_card_free_when_closed() at disconnection (git-fixes).
- ALSA: usb-audio: Add Pioneer DJ/AlphaTheta DJM-A9 Mixer (stable-fixes).
- ALSA: usb-audio: Add delay quirk for VIVO USB-C HEADSET (stable-fixes).
- ALSA: usb-audio: Add input value sanity checks for standard types (stable-fixes).
- ALSA: usb-audio: Add logitech Audio profile quirk (stable-fixes).
- ALSA: usb-audio: Add native DSD support for Luxman D-08u (stable-fixes).
- ALSA: usb-audio: Add quirk for HP 320 FHD Webcam (bsc#1232768).
- ALSA: usb-audio: Add quirks for Dell WD19 dock (stable-fixes).
- ALSA: usb-audio: Define macros for quirk table entries (stable-fixes).
- ALSA: usb-audio: Fix Yamaha P-125 Quirk Entry (stable-fixes).
- ALSA: usb-audio: Fix a DMA to stack memory bug (git-fixes).
- ALSA: usb-audio: Fix out of bounds reads when finding clock sources (stable-fixes).
- ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices (git-fixes).
- ALSA: usb-audio: Make mic volume workarounds globally applicable (stable-fixes).
- ALSA: usb-audio: Replace complex quirk lines with macros (stable-fixes).
- ALSA: usb-audio: Use snprintf instead of sprintf in build_mixer_unit_ctl (stable-fixes).
- ALSA: usb-audio: add mixer mapping for Corsair HS80 (stable-fixes).
- ALSA: usx2y: Use snd_card_free_when_closed() at disconnection (git-fixes).
- ASoC: Intel: avs: da7219: Remove suspend_pre() and resume_post() (stable-fixes).
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet (stable-fixes).
- ASoC: Intel: bytcr_rt5640: Add support for non ACPI instantiated codec (stable-fixes).
- ASoC: Intel: sst: Fix used of uninitialized ctx to log an error (git-fixes).
- ASoC: Intel: sst: Support LPE0F28 ACPI HID (stable-fixes).
- ASoC: SOF: Add i2s bt dai configuration support for AMD platforms (bsc#1233305).
- ASoC: SOF: Add support for configuring PDM interface from topology (bsc#1233305).
- ASoC: SOF: Deprecate invalid enums in IPC3 (bsc#1233305).
- ASoC: SOF: IPC4: get pipeline priority from topology (bsc#1233305).
- ASoC: SOF: IPC4: synchronize fw_config_params with fw definitions (bsc#1233305).
- ASoC: SOF: Refactor sof_i2s_tokens reading to update acpbt dai (bsc#1233305).
- ASoC: SOF: Rename amd_bt sof_dai_type (bsc#1233305).
- ASoC: SOF: Wire up buffer flags (bsc#1233305).
- ASoC: SOF: add alignment for topology header file struct definition (bsc#1233305).
- ASoC: SOF: align topology header file with sof topology header (bsc#1233305).
- ASoC: SOF: ipc3-topology: Convert the topology pin index to ALH dai index (git-fixes).
- ASoC: SOF: ipc3-topology: fix resource leaks in sof_ipc3_widget_setup_comp_dai() (git-fixes).
- ASoC: SOF: ipc4-control: Add support for ALSA enum control (bsc#1233305).
- ASoC: SOF: ipc4-control: Add support for ALSA switch control (bsc#1233305).
- ASoC: SOF: ipc4-mtrace: move debug slot related definitions to header.h (bsc#1233305).
- ASoC: SOF: ipc4-topology: Add deep buffer size to debug prints (bsc#1233305).
- ASoC: SOF: ipc4-topology: Add definition for generic switch/enum control (bsc#1233305).
- ASoC: SOF: ipc4-topology: Add module ID print during module set up (bsc#1233305).
- ASoC: SOF: ipc4-topology: Helper to find an swidget by module/instance id (bsc#1233305).
- ASoC: SOF: ipc4-topology: Only handle dai_config with HW_PARAMS for ChainDMA (bsc#1233305).
- ASoC: SOF: ipc4-topology: change chain_dma handling in dai_config (bsc#1233305).
- ASoC: SOF: ipc4-topology: export sof_ipc4_copier_is_single_format (bsc#1233305).
- ASoC: SOF: ipc4-topology: set config_length based on device_count (bsc#1233305).
- ASoC: SOF: ipc4: Add data struct for module notification message from firmware (bsc#1233305).
- ASoC: SOF: ipc4: Add new message type: SOF_IPC4_GLB_LOAD_LIBRARY_PREPARE (bsc#1233305).
- ASoC: SOF: sof-client-probes-ipc4: Set param_size extension bits (git-fixes).
- ASoC: SOF: topology: Parse DAI type token for dspless mode (bsc#1233305).
- ASoC: SOF: topology: dynamically allocate and store DAI widget->private (bsc#1233305).
- ASoC: amd: yc: Add quirk for ASUS Vivobook S15 M3502RA (stable-fixes).
- ASoC: amd: yc: Add quirk for HP Dragonfly pro one (stable-fixes).
- ASoC: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry (git-fixes).
- ASoC: amd: yc: Fix non-functional mic on ASUS E1404FA (stable-fixes).
- ASoC: amd: yc: Support dmic on another model of Lenovo Thinkpad E14 Gen 6 (stable-fixes).
- ASoC: amd: yc: fix internal mic on Xiaomi Book Pro 14 2022 (stable-fixes).
- ASoC: atmel: mchp-pdmc: Skip ALSA restoration if substream runtime is uninitialized (git-fixes).
- ASoC: audio-graph-card2: Purge absent supplies for device tree nodes (stable-fixes).
- ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() (git-fixes).
- ASoC: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to default regs values (stable-fixes).
- ASoC: codecs: rt5640: Always disable IRQs from rt5640_cancel_work() (stable-fixes).
- ASoC: codecs: wsa883x: Handle reading version failure (stable-fixes).
- ASoC: cs42l51: Fix some error handling paths in cs42l51_probe() (git-fixes).
- ASoC: dapm: fix bounds checker error in dapm_widget_list_create (git-fixes).
- ASoC: fsl_micfil: Add sample rate constraint (stable-fixes).
- ASoC: fsl_micfil: fix regmap_write_bits usage (git-fixes).
- ASoC: fsl_sai: Enable 'FIFO continue on error' FCONT bit (stable-fixes).
- ASoC: imx-card: Set card.owner to avoid a warning calltrace if SND=m (git-fixes).
- ASoC: max98388: Fix missing increment of variable slot_found (git-fixes).
- ASoC: mediatek: mt8188-mt6359: Remove hardcoded dmic codec (git-fixes).
- ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() (git-fixes).
- ASoC: qcom: sm8250: add qrb4210-rb2-sndcard compatible string (stable-fixes).
- ASoC: rt722-sdca: Remove logically deadcode in rt722-sdca.c (git-fixes).
- ASoC: rt722-sdca: increase clk_stop_timeout to fix clock stop issue (stable-fixes).
- ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove (git-fixes).
- ASoC: stm: Prevent potential division by zero in stm32_sai_get_clk_div() (stable-fixes).
- ASoC: stm: Prevent potential division by zero in stm32_sai_mclk_round_rate() (stable-fixes).
- ASoC: tas2781: Add new driver version for tas2563 & tas2781 qfn chip (stable-fixes).
- ASoC: tas2781: Use of_property_read_reg() (stable-fixes).
- Bluetooth: Call iso_exit() on module unload (git-fixes).
- Bluetooth: ISO: Fix multiple init when debugfs is disabled (git-fixes).
- Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync (git-fixes).
- Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change (git-fixes).
- Bluetooth: Remove debugfs directory on module init failure (git-fixes).
- Bluetooth: bnep: fix wild-memory-access in proto_unregister (git-fixes).
- Bluetooth: btintel: Direct exception event to bluetooth stack (git-fixes).
- Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test (bsc#1230557)
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0489:0xe122 (stable-fixes).
- Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 (git-fixes).
- Bluetooth: fix use-after-free in device_for_each_child() (git-fixes).
- Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs (git-fixes).
- Bluetooth: hci_core: Fix calling mgmt_device_connected (git-fixes).
- Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (git-fixes).
- HID: Ignore battery for all ELAN I2C-HID devices (stable-fixes).
- HID: amd_sfh: Switch to device-managed dmam_alloc_coherent() (git-fixes).
- HID: core: zero-initialize the report buffer (git-fixes).
- HID: i2c-hid: Remove I2C_HID_QUIRK_SET_PWR_WAKEUP_DEV quirk (stable-fixes).
- HID: lenovo: Add support for Thinkpad X1 Tablet Gen 3 keyboard (stable-fixes).
- HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad (stable-fixes).
- HID: multitouch: Add quirk for Logitech Bolt receiver w/ Casa touchpad (stable-fixes).
- HID: multitouch: Add support for B2402FVA track point (stable-fixes).
- HID: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio (stable-fixes).
- HID: multitouch: Add support for lenovo Y9000P Touchpad (stable-fixes).
- HID: plantronics: Workaround for an unexcepted opposite volume key (stable-fixes).
- HID: wacom: Interpret tilt data from Intuos Pro BT as signed values (git-fixes).
- HID: wacom: fix when get product name maybe null pointer (git-fixes).
- Input: adp5589-keys - fix NULL pointer dereference (git-fixes).
- Input: adp5589-keys - fix adp5589_gpio_get_value() (git-fixes).
- Input: edt-ft5x06 - fix regmap leak when probe fails (git-fixes).
- Input: hideep - add missing dependency on REGMAP_I2C (git-fixes).
- Input: hycon-hy46xx - add missing dependency on REGMAP_I2C (git-fixes).
- Input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk table (stable-fixes).
- Input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk table (stable-fixes).
- Input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD line (stable-fixes).
- Input: xpad - add GameSir T4 Kaleid Controller support (git-fixes).
- Input: xpad - add GameSir VID for Xbox One controllers (git-fixes).
- Input: xpad - add support for 8BitDo Ultimate 2C Wireless Controller (git-fixes).
- Input: xpad - add support for MSI Claw A1M (git-fixes).
- Input: xpad - add support for Machenike G5 Pro Controller (git-fixes).
- Input: xpad - fix support for some third-party controllers (git-fixes).
- Input: xpad - sort xpad_device by vendor and product ID (git-fixes).
- Input: xpad - spelling fixes for 'Xbox' (git-fixes).
- KVM: Fix coalesced_mmio_has_room() to avoid premature userspace exit (git-fixes).
- KVM: PPC: Book3S HV: Avoid returning to nested hypervisor on pending doorbells (bsc#1215199).
- KVM: PPC: Book3S HV: Stop using vc->dpdes for nested KVM guests (bsc#1215199).
- KVM: PPC: Book3S HV: remove unused varible (bsc#1194869).
- KVM: SEV-ES: Fix svm_get_msr()/svm_set_msr() for KVM_SEV_ES_INIT guests (bsc#1232207).
- KVM: SEV-ES: Prevent MSR access post VMSA encryption (bsc#1232207).
- KVM: SVM: Disallow guest from changing userspace's MSR_AMD64_DE_CFG value (git-fixes).
- KVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock (git-fixes).
- KVM: VMX: Also clear SGX EDECCSSA in KVM CPU caps when SGX is disabled (git-fixes).
- KVM: VMX: Set PFERR_GUEST_{FINAL,PAGE}_MASK if and only if the GVA is valid (git-fixes).
- KVM: Write the per-page 'segment' when clearing (part of) a guest page (git-fixes).
- KVM: s390: Change virtual to physical address access in diag 0x258 handler (git-fixes bsc#1232626).
- KVM: s390: Fix SORTL and DFLTCC instruction format error in __insn32_query (git-fixes bsc#1231276).
- KVM: s390: gaccess: Check if guest address is in memslot (git-fixes bsc#1232623).
- KVM: x86/mmu: Skip emulation on page fault iff 1+ SPs were unprotected (git-fixes).
- KVM: x86/mmu: Trigger unprotect logic only on write-protection page faults (git-fixes).
- KVM: x86: Dedup fastpath MSR post-handling logic (git-fixes).
- KVM: x86: Enforce x2APIC's must-be-zero reserved ICR bits (git-fixes).
- KVM: x86: Exit to userspace if fastpath triggers one on instruction skip (git-fixes).
- KVM: x86: Move x2APIC ICR helper above kvm_apic_write_nodecode() (git-fixes).
- KVM: x86: Re-enter guest if WRMSR(X2APIC_ICR) fastpath is successful (git-fixes).
- KVM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC) (git-fixes).
- NFS: Avoid unnecessary rescanning of the per-server delegation list (git-fixes).
- NFS: remove revoked delegation from server's delegation list (git-fixes).
- NFSD: Fix NFSv4's PUTPUBFH operation (git-fixes).
- NFSD: Mark filecache 'down' if init fails (git-fixes).
- NFSv3: only use NFS timeout for MOUNT when protocols are compatible (bsc#1231016).
- NFSv4: Fix clearing of layout segments in layoutreturn (git-fixes).
- PCI: Add ACS quirk for Qualcomm SA8775P (stable-fixes).
- PCI: Add T_PVPERL macro (git-fixes).
- PCI: Add function 0 DMA alias quirk for Glenfly Arise chip (stable-fixes).
- PCI: Fix pci_enable_acs() support for the ACS quirks (bsc#1229019).
- PCI: Fix reset_method_store() memory leak (git-fixes).
- PCI: Mark Creative Labs EMU20k2 INTx masking as broken (stable-fixes).
- PCI: endpoint: Clear secondary (not primary) EPC in pci_epc_remove_epf() (git-fixes).
- PCI: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds (git-fixes).
- PCI: keystone: Add link up check to ks_pcie_other_map_bus() (git-fixes).
- PCI: keystone: Set mode as Root Complex for 'ti,keystone-pcie' compatible (git-fixes).
- PCI: rockchip-ep: Fix address translation unit programming (git-fixes).
- RAS/AMD/ATL: Add amd_atl pr_fmt() prefix (jsc#PED-10559).
- RAS/AMD/ATL: Expand helpers for adding and removing base and hole (jsc#PED-10559).
- RAS/AMD/ATL: Implement DF 4.5 NP2 denormalization (jsc#PED-10559).
- RAS/AMD/ATL: Read DRAM hole base early (jsc#PED-10559).
- RAS/AMD/ATL: Validate address map when information is gathered (jsc#PED-10559).
- RDMA/bnxt_re: Add a check for memory allocation (git-fixes)
- RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop (git-fixes)
- RDMA/bnxt_re: Change the sequence of updating the CQ toggle value (git-fixes)
- RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey (git-fixes)
- RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (git-fixes)
- RDMA/bnxt_re: Fix a possible memory leak (git-fixes)
- RDMA/bnxt_re: Fix incorrect AVID type in WQE structure (git-fixes)
- RDMA/bnxt_re: Fix incorrect dereference of srq in async event (git-fixes)
- RDMA/bnxt_re: Fix out of bound check (git-fixes)
- RDMA/bnxt_re: Fix the GID table length (git-fixes)
- RDMA/bnxt_re: Fix the max CQ WQEs for older adapters (git-fixes)
- RDMA/bnxt_re: Fix the usage of control path spin locks (git-fixes)
- RDMA/bnxt_re: Return more meaningful error (git-fixes)
- RDMA/bnxt_re: synchronize the qp-handle table array (git-fixes)
- RDMA/core: Fix ENODEV error for iWARP test over vlan (git-fixes)
- RDMA/cxgb4: Dump vendor specific QP details (git-fixes)
- RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP (git-fixes)
- RDMA/hns: Add mutex_destroy() (git-fixes)
- RDMA/hns: Disassociate mmap pages for all uctx when HW is being reset (git-fixes)
- RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (git-fixes)
- RDMA/hns: Fix an AEQE overflow error caused by untimely update of eq_db_ci (git-fixes)
- RDMA/hns: Fix cpu stuck caused by printings during reset (git-fixes)
- RDMA/hns: Fix different dgids mapping to the same dip_idx (git-fixes)
- RDMA/hns: Fix flush cqe error when racing with destroy qp (git-fixes)
- RDMA/hns: Fix out-of-order issue of requester when setting FENCE (git-fixes)
- RDMA/hns: Use dev_* printings in hem code instead of ibdev_* (git-fixes)
- RDMA/hns: Use macro instead of magic number (git-fixes)
- RDMA/irdma: Fix misspelling of 'accept*' (git-fixes)
- RDMA/mad: Improve handling of timed out WRs of mad agent (git-fixes)
- RDMA/mana_ib: use the correct page size for mapping user-mode doorbell page (git-fixes).
- RDMA/mana_ib: use the correct page table index based on hardware page size (git-fixes).
- RDMA/mlx5: Enforce umem boundaries for explicit ODP page faults (git-fixes)
- RDMA/mlx5: Move events notifier registration to be after device registration (git-fixes)
- RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down (git-fixes)
- RDMA/mlx5: Use sq timestamp as QP timestamp when RoCE is disabled (git-fixes).
- RDMA/rtrs-srv: Avoid null pointer deref during path establishment (git-fixes)
- RDMA/rxe: Fix the qp flush warnings in req (git-fixes)
- RDMA/rxe: Set queue pair cur_qp_state when being queried (git-fixes)
- RDMA/siw: Add sendpage_ok() check to disable MSG_SPLICE_PAGES (git-fixes)
- RDMA/srpt: Make slab cache names unique (git-fixes)
- Revert 'ALSA: hda/conexant: Mute speakers at suspend / shutdown' (bsc#1228269).
- Revert 'ALSA: hda: Conditionally use snooping for AMD HDMI' (stable-fixes).
- Revert 'KEYS: encrypted: Add check for strsep' (git-fixes).
- Revert 'KVM: PPC: Book3S HV Nested: Stop forwarding all HFUs to L1' (bsc#1215199).
- Revert 'RDMA/core: Fix ENODEV error for iWARP test over vlan' (git-fixes)
- Revert 'cgroup: Fix memory leak caused by missing cgroup_bpf_offline' (bsc#1234108).
- Revert 'cpufreq: brcmstb-avs-cpufreq: Fix initial command check' (stable-fixes).
- Revert 'driver core: Fix uevent_show() vs driver detach race' (git-fixes).
- Revert 'ixgbe: Manual AN-37 for troublesome link partners for X550 SFI' (git-fixes).
- Revert 'mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K' (git-fixes).
- Revert 'ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path' (git-fixes).
- Revert 'usb: gadget: composite: fix OS descriptors w_value logic' (git-fixes).
- Revert 'wifi: iwlwifi: remove retry loops in start' (git-fixes).
- SUNRPC: Fix integer overflow in decode_rc_list() (git-fixes).
- SUNRPC: Fixup gss_status tracepoint error output (git-fixes).
- SUNRPC: Remove BUG_ON call sites (git-fixes).
- SUNRPC: clnt.c: Remove misleading comment (git-fixes).
- USB: appledisplay: close race between probe and completion handler (git-fixes).
- USB: chaoskey: Fix possible deadlock chaoskey_list_lock (git-fixes).
- USB: chaoskey: fail open after removal (git-fixes).
- USB: gadget: dummy-hcd: Fix 'task hung' problem (git-fixes).
- USB: misc: cypress_cy7c63: check for short transfer (git-fixes).
- USB: misc: yurex: fix race between read and write (git-fixes).
- USB: serial: ftdi_sio: Fix atomicity violation in get_serial_info() (git-fixes).
- USB: serial: io_edgeport: fix use after free in debug printk (git-fixes).
- USB: serial: option: add Fibocom FG132 0x0112 composition (stable-fixes).
- USB: serial: option: add Quectel RG650V (stable-fixes).
- USB: serial: option: add Telit FN920C04 MBIM compositions (stable-fixes).
- USB: serial: option: add support for Quectel EG916Q-GL (stable-fixes).
- USB: serial: qcserial: add support for Sierra Wireless EM86xx (stable-fixes).
- accel/qaic: Fix the for loop used to walk SG table (git-fixes).
- accel: Use XArray instead of IDR for minors (jsc#PED-11580).
- acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() (git-fixes).
- ad7780: fix division by zero in ad7780_write_raw() (git-fixes).
- aes-gcm-p10: Use the correct bit to test for P10 (bsc#1232704).
- amd-pstate: Set min_perf to nominal_perf for active mode performance gov (git-fixes).
- apparmor: fix 'Do simple duplicate message elimination' (git-fixes).
- apparmor: test: Fix memory leak for aa_unpack_strdup() (git-fixes).
- apparmor: use kvfree_sensitive to free data->data (git-fixes).
- arm64: Subscribe Microsoft Azure Cobalt 100 to erratum 3194386 (git-fixes)
- arm64: cputype: Add Neoverse-N3 definitions (git-fixes)
- arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer (git-fixes)
- arm64: dts: freescale: imx8mm-verdin: Fix SD regulator startup delay (git-fixes)
- arm64: dts: freescale: imx8mp-verdin: Fix SD regulator startup delay (git-fixes)
- arm64: dts: imx8-ss-vpu: Fix imx8qm VPU IRQs (git-fixes)
- arm64: dts: imx8qxp: Add VPU subsystem file (git-fixes)
- arm64: dts: imx93: add nvmem property for eqos (git-fixes)
- arm64: dts: imx93: add nvmem property for fec1 (git-fixes)
- arm64: dts: imx93: add ocotp node (git-fixes)
- arm64: dts: rockchip: Add DTS for FriendlyARM NanoPi R2S Plus (git-fixes)
- arm64: dts: rockchip: Correct GPIO polarity on brcm BT nodes (git-fixes)
- arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc (git-fixes)
- arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards (git-fixes)
- arm64: dts: rockchip: Fix bluetooth properties on rk3566 box demo (git-fixes)
- arm64: dts: rockchip: Fix reset-gpios property on brcm BT nodes (git-fixes)
- arm64: dts: rockchip: Fix rt5651 compatible value on (git-fixes)
- arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-eaidk-610 (git-fixes)
- arm64: dts: rockchip: Fix wakeup prop names on PineNote BT node (git-fixes)
- arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma (git-fixes)
- arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328 (git-fixes)
- arm64: dts: rockchip: Remove undocumented supports-emmc property (git-fixes)
- arm64: dts: rockchip: fix i2c2 pinctrl-names property on (git-fixes)
- arm64: dts: rockchip: remove num-slots property from (git-fixes)
- arm64: dts: rockchip: remove orphaned pinctrl-names from pinephone (git-fixes)
- arm64: errata: Enable the AC03_CPU_38 workaround for ampere1a (git-fixes).
- arm64: errata: Expand speculative SSBS workaround once more (git-fixes)
- arm64: esr: Define ESR_ELx_EC_* constants as UL (git-fixes)
- arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG (git-fixes)
- arm64: fix selection of HAVE_DYNAMIC_FTRACE_WITH_ARGS (git-fixes).
- arm64: probes: Fix simulate_ldr*_literal() (git-fixes)
- arm64: probes: Fix uprobes for big-endian kernels (git-fixes)
- arm64: probes: Remove broken LDR (literal) uprobe support (git-fixes)
- arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint (git-fixes)
- arm64: smccc: replace custom COUNT_ARGS() & CONCATENATE() (git-fixes)
- arm64: tegra: Move AGX Orin nodes to correct location (git-fixes)
- arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled (git-fixes)
- ata: libata: Set DID_TIME_OUT for commands that actually timed out (git-fixes).
- ata: libata: avoid superfluous disk spin down + spin up during hibernation (git-fixes).
- audit: do not WARN_ON_ONCE(!current->mm) in audit_exe_compare() (git-fixes).
- audit: do not take task_lock() in audit_exe_compare() code path (git-fixes).
- block: print symbolic error name instead of error code (bsc#1231872).
- block: sed-opal: add ioctl IOC_OPAL_SET_SID_PW (bsc#1229677).
- bnxt_en: Cap the size of HWRM_PORT_PHY_QCFG forwarded response (git-fixes).
- bnxt_en: Fix error recovery for 5760X (P7) chips (git-fixes).
- bnxt_en: Fix the PCI-AER routines (git-fixes).
- bnxt_en: Restore PTP tx_avail count in case of skb_pad() error (git-fixes).
- bnxt_en: refactor reset close code (git-fixes).
- bpf, arm64: Fix address emission with tag-based KASAN enabled (git-fixes)
- bpf, arm64: Remove garbage frame for struct_ops trampoline (git-fixes)
- bpf, lsm: Add disabled BPF LSM hook list (git-fixes).
- bpf, net: Fix a potential race in do_sock_getsockopt() (git-fixes).
- bpf, sockmap: SK_DROP on attempted redirects of unsupported af_vsock (git-fixes).
- bpf, verifier: Correct tail_call_reachable for bpf prog (git-fixes).
- bpf, vsock: Drop static vsock_bpf_prot initialization (git-fixes).
- bpf, x64: Remove tail call detection (git-fixes).
- bpf,perf: Fix perf_event_detach_bpf_prog error handling (git-fixes).
- bpf: Fail verification for sign-extension of packet data/data_end/data_meta (git-fixes).
- bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit (git-fixes).
- bpf: Fix error message on kfunc arg type mismatch (git-fixes).
- bpf: Fix helper writes to read-only maps (git-fixes).
- bpf: Fix tailcall cases in test_bpf (git-fixes).
- bpf: Fix truncation bug in coerce_reg_to_size_sx() (git-fixes).
- bpf: Improve check_raw_mode_ok test for MEM_UNINIT-tagged types (git-fixes).
- bpf: Remove truncation test in bpf_strtol and bpf_strtoul helpers (git-fixes).
- bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error (git-fixes).
- bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos (git-fixes).
- btf, scripts: rust: drop is_rust_module.sh (bsc#1230414 bsc#1229450).
- btrfs: merge btrfs_orig_bbio_end_io() into btrfs_bio_end_io() (bsc#1233193)
- btrfs: send: fix invalid clone operation for file that got its size decreased (git-fixes).
- can: c_can: c_can_handle_bus_err(): update statistics if skb allocation fails (git-fixes).
- can: c_can: fix {rx,tx}_errors statistics (git-fixes).
- can: dev: can_set_termination(): allow sleeping GPIOs (git-fixes).
- can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: hi311x: hi3110_can_ist(): fix potential use-after-free (git-fixes).
- can: hi311x: hi3110_can_ist(): fix {rx,tx}_errors statistics (git-fixes).
- can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: j1939: j1939_session_new(): fix skb reference counting (git-fixes).
- can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: mcp251xfd: mcp251xfd_get_tef_len(): fix length calculation (git-fixes).
- can: mcp251xfd: mcp251xfd_get_tef_len(): work around erratum DS80000789E 6 (git-fixes).
- can: mcp251xfd: mcp251xfd_ring_alloc(): fix coalescing configuration when switching CAN modes (git-fixes).
- can: netlink: avoid call to do_set_data_bittiming callback with stale can_priv::ctrlmode (stable-fixes).
- can: sja1000: sja1000_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL (git-fixes).
- can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics (git-fixes).
- ceph: fix cap ref leak via netfs init_request (bsc#1231384).
- cgroup/bpf: only cgroup v2 can be attached by bpf programs (bsc#1234108).
- clk: bcm: bcm53573: fix OF node leak in init (stable-fixes).
- clk: clk-apple-nco: Add NULL check in applnco_probe (git-fixes).
- clk: clk-axi-clkgen: make sure to enable the AXI bus clock (git-fixes).
- clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D (stable-fixes).
- clk: imx: clk-scu: fix clk enable state save and restore (git-fixes).
- clk: imx: fracn-gppll: correct PLL initialization flow (git-fixes).
- clk: imx: fracn-gppll: fix pll power up (git-fixes).
- clk: imx: lpcg-scu: SW workaround for errata (e10858) (git-fixes).
- clk: qcom: clk-alpha-pll: drop lucid-evo pll enabled warning (git-fixes).
- clk: qcom: clk-alpha-pll: fix lucid 5lpe pll enabled check (git-fixes).
- clk: qcom: gcc-qcs404: fix initial rate of GPLL3 (git-fixes).
- clk: renesas: rzg2l: Fix FOUTPOSTDIV clk (git-fixes).
- clk: sunxi-ng: d1: Fix PLL_AUDIO0 preset (git-fixes).
- comedi: Flush partial mappings in error case (git-fixes).
- comedi: ni_routing: tools: Check when the file could not be opened (stable-fixes).
- config: Disable LAM on x86 (bsc#1217845).
- cpufreq/amd-pstate: Fix amd_pstate mode switch on shared memory systems (git-fixes).
- cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost() (git-fixes).
- cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw() (git-fixes).
- cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_cost() (git-fixes).
- cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_power() (git-fixes).
- cpufreq: loongson2: Unregister platform_driver on failure (git-fixes).
- cpufreq: mediatek-hw: Fix wrong return value in mtk_cpufreq_get_cpu_power() (git-fixes).
- crypto: aes-gcm-p10 - Use the correct bit to test for P10 (bsc#1232704).
- crypto: api - Fix liveliness check in crypto_alg_tested (stable-fixes).
- crypto: bcm - add error check in the ahash_hmac_init function (git-fixes).
- crypto: caam - Fix the pointer passed to caam_qi_shutdown() (git-fixes).
- crypto: caam - add error check to caam_rsa_set_priv_key_form (git-fixes).
- crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() (git-fixes).
- crypto: cavium - Fix the if condition to exit loop after timeout (git-fixes).
- crypto: hisilicon/qm - flush all work before driver removed (bsc#1232075)
- crypto: inside-secure - Fix the return value of safexcel_xcbcmac_cra_init() (git-fixes).
- crypto: octeontx - Fix authenc setkey (stable-fixes).
- crypto: octeontx* - Select CRYPTO_AUTHENC (git-fixes).
- crypto: octeontx2 - Fix authenc setkey (stable-fixes).
- crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY (git-fixes).
- crypto: powerpc/p10-aes-gcm - Add dependency on CRYPTO_SIMD and re-enable CRYPTO_AES_GCM_P10 (bsc#1230501 ltc#208632).
- crypto: powerpc/p10-aes-gcm - Disable CRYPTO_AES_GCM_P10 (bsc#1230501 ltc#208632).
- crypto: powerpc/p10-aes-gcm - Re-write AES/GCM stitched implementation (bsc#1230501 ltc#208632).
- crypto: powerpc/p10-aes-gcm - Register modules as SIMD (bsc#1230501 ltc#208632).
- crypto: qat - remove check after debugfs_create_dir() (git-fixes).
- crypto: qat - remove faulty arbiter config reset (git-fixes).
- crypto: qat/qat_4xxx - fix off by one in uof_get_name() (git-fixes).
- crypto: x86/aegis128 - access 32-bit arguments as 32-bit (git-fixes).
- cxgb4: Properly lock TX queue for the selftest (git-fixes).
- cxgb4: add forgotten u64 ivlan cast before shift (git-fixes).
- cxgb4: unnecessary check for 0 in the free_sge_txq_uld() function (git-fixes).
- cxl: downgrade a warning message to debug level in cxl_probe_component_regs() (bsc#1229165).
- dcache: keep dentry_hashtable or d_hash_shift even when not used (git-fixes).
- debugfs: fix automount d_fsdata usage (git-fixes).
- devlink: Fix command annotation documentation (git-fixes).
- dma-fence: Fix reference leak on fence merge failure path (git-fixes).
- dma-fence: Use kernel's sort for merging fences (git-fixes).
- dmaengine: sh: rz-dmac: handle configs where one address is zero (git-fixes).
- dmaengine: ti: k3-udma: Set EOP for all TRs in cyclic BCDMA transfer (git-fixes).
- doc: rcu: update printed dynticks counter bits (git-fixes).
- driver core: bus: Fix double free in driver API bus_register() (stable-fixes).
- driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute (stable-fixes).
- drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend() (git-fixes).
- drm/amd/amdgpu: Fix double unlock in amdgpu_mes_add_ring (git-fixes).
- drm/amd/display: Add HDMI DSC native YCbCr422 support (stable-fixes).
- drm/amd/display: Add disable timeout option (bsc#1231435)
- drm/amd/display: Adjust VSDB parser for replay feature (stable-fixes).
- drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944)
- drm/amd/display: Check null pointer before dereferencing se (stable-fixes).
- drm/amd/display: Clean up dsc blocks in accelerated mode (stable-fixes).
- drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too (stable-fixes).
- drm/amd/display: Fix brightness level not retained over reboot (git-fixes).
- drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe (git-fixes).
- drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp (git-fixes).
- drm/amd/display: Remove a redundant check in authenticated_dp (stable-fixes).
- drm/amd/display: Revert 'Check HDCP returned status' (stable-fixes).
- drm/amd/display: Round calculated vtotal (stable-fixes).
- drm/amd/display: Skip to enable dsc if it has been off (stable-fixes).
- drm/amd/display: Validate backlight caps are sane (stable-fixes).
- drm/amd/pm: Vangogh: Fix kernel memory out of bounds write (git-fixes).
- drm/amd: Add some missing straps from NBIO 7.11.0 (git-fixes).
- drm/amd: Fix initialization mistake for NBIO 7.7.0 (stable-fixes).
- drm/amd: Guard against bad data for ATIF ACPI method (git-fixes).
- drm/amdgpu/swsmu: Only force workload setup on init (git-fixes).
- drm/amdgpu/vcn: enable AV1 on both instances (stable-fixes).
- drm/amdgpu: Adjust debugfs eviction and IB access permissions (stable-fixes).
- drm/amdgpu: Adjust debugfs register access permissions (stable-fixes).
- drm/amdgpu: Fix DPX valid mode check on GC 9.4.3 (git-fixes).
- drm/amdgpu: Fix JPEG v4.0.3 register write (git-fixes).
- drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() (stable-fixes).
- drm/amdgpu: fix check in gmc_v9_0_get_vm_pte() (git-fixes).
- drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported (git-fixes).
- drm/amdkfd: Accounting pdd vram_usage for svm (stable-fixes).
- drm/amdkfd: Fix wrong usage of INIT_WORK() (git-fixes).
- drm/bridge: anx7625: Drop EDID cache on bridge power off (git-fixes).
- drm/bridge: it6505: Drop EDID cache on bridge power off (git-fixes).
- drm/bridge: tc358767: Fix link properties discovery (git-fixes).
- drm/bridge: tc358768: Fix DSI command tx (git-fixes).
- drm/etnaviv: Request pages from DMA32 zone on addressing_limited (git-fixes).
- drm/etnaviv: hold GPU lock across perfmon sampling (git-fixes).
- drm/i915/gem: fix bitwise and logical AND mixup (git-fixes).
- drm/i915/hdcp: fix connector refcounting (git-fixes).
- drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- drm/mediatek: Fix child node refcount handling in early exit (git-fixes).
- drm/mediatek: Fix get efuse issue for MT8188 DPTX (git-fixes).
- drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused (git-fixes).
- drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk() (git-fixes).
- drm/msm/dpu: check for overflow in _dpu_crtc_setup_lm_bounds() (git-fixes).
- drm/msm/dpu: do not always program merge_3d block (git-fixes).
- drm/msm/dpu: drop LM_3 / LM_4 on MSM8998 (git-fixes).
- drm/msm/dpu: drop LM_3 / LM_4 on SDM845 (git-fixes).
- drm/msm/dpu: make sure phys resources are properly initialized (git-fixes).
- drm/msm/dpu: move CRTC resource assignment to dpu_encoder_virt_atomic_check (git-fixes).
- drm/msm/dpu: on SDM845 move DSPP_3 to LM_5 block (git-fixes).
- drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation (git-fixes).
- drm/msm/dsi: improve/fix dsc pclk calculation (git-fixes).
- drm/msm/gpu: Check the status of registration to PM QoS (git-fixes).
- drm/msm: Allocate memory for disp snapshot with kvzalloc() (git-fixes).
- drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() (git-fixes).
- drm/msm: Fix some typos in comment (git-fixes).
- drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new() (git-fixes).
- drm/omap: Fix locking in omap_gem_new_dmabuf() (git-fixes).
- drm/omap: Fix possible NULL dereference (git-fixes).
- drm/panfrost: Add missing OPP table refcnt decremental (git-fixes).
- drm/panfrost: Remove unused id_mask from struct panfrost_model (git-fixes).
- drm/radeon: Fix encoder->possible_clones (git-fixes).
- drm/rockchip: vop: Fix a dereferenced before check warning (git-fixes).
- drm/sched: Add locking to drm_sched_entity_modify_sched (git-fixes).
- drm/sched: Always wake up correct scheduler in drm_sched_entity_push_job (git-fixes).
- drm/sti: Add __iomem for mixer_dbg_mxn's parameter (git-fixes).
- drm/sti: avoid potential dereference of error pointers (git-fixes).
- drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check (git-fixes).
- drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check (git-fixes).
- drm/v3d: Address race-condition in MMU flush (git-fixes).
- drm/v3d: Enable Performance Counters before clearing them (git-fixes).
- drm/v3d: Stop the active perfmon before being destroyed (git-fixes).
- drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA (stable-fixes).
- drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_atomic_flush (git-fixes).
- drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_lut_load (git-fixes).
- drm/vc4: Stop the active perfmon before being destroyed (git-fixes).
- drm/vc4: hdmi: Avoid hang with debug registers when suspended (git-fixes).
- drm/vc4: hvs: Correct logic on stopping an HVS channel (git-fixes).
- drm/vc4: hvs: Do not write gamma luts on 2711 (git-fixes).
- drm/vc4: hvs: Fix dlist debug not resetting the next entry pointer (git-fixes).
- drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs function (git-fixes).
- drm/vkms: Drop unnecessary call to drm_crtc_cleanup() (git-fixes).
- drm/vmwgfx: Handle surface check failure correctly (git-fixes).
- drm/vmwgfx: Limit display layout ioctl array size to VMWGFX_NUM_DISPLAY_UNITS (stable-fixes).
- drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS (git-fixes).
- drm: Expand max DRM device number to full MINORBITS (jsc#PED-11580).
- drm: Use XArray instead of IDR for minors (jsc#PED-11580).
- drm: use ATOMIC64_INIT() for atomic64_t (git-fixes).
- drm: xlnx: zynqmp_dpsub: fix hotplug detection (git-fixes).
- drm: zynqmp_kms: Unplug DRM device before removal (git-fixes).
- e1000e: Fix S0ix residency on corporate systems (git-fixes).
- e1000e: Remove Meteor Lake SMBUS workarounds (git-fixes).
- e1000e: change I219 (19) devices to ADP (git-fixes).
- e1000e: fix force smbus during suspend flow (git-fixes).
- e1000e: move force SMBUS near the end of enable_ulp function (git-fixes).
- efi/libstub: Free correct pointer on failure (git-fixes).
- efi/libstub: fix efi_parse_options() ignoring the default command line (git-fixes).
- efi/libstub: zboot.lds: Discard .discard sections (stable-fixes).
- efi/memattr: Ignore table if the size is clearly bogus (bsc#1231465).
- efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption (stable-fixes).
- eth: bnxt: fix counting packets discarded due to OOM and netpoll (git-fixes).
- ext4: do not track ranges in fast_commit if inode has inlined data (bsc#1231635).
- ext4: fix fast commit inode enqueueing during a full journal commit (bsc#1231636).
- ext4: fix incorrect tid assumption in ext4_fc_mark_ineligible() (bsc#1231637).
- ext4: fix possible tid_t sequence overflows (bsc#1231634).
- ext4: fix slab-use-after-free in ext4_split_extent_at() (bsc#1232201)
- ext4: fix unttached inode after power cut with orphan file feature enabled (bsc#1234009).
- ext4: mark fc as ineligible using an handle in ext4_xattr_set() (bsc#1231640).
- ext4: use handle to mark fc as ineligible in __track_dentry_update() (bsc#1231639).
- f2fs: get out of a repeat loop when getting a locked data page (bsc#1234011).
- fat: fix uninitialized variable (git-fixes).
- fbcon: Fix a NULL pointer dereference issue in fbcon_putcs (stable-fixes).
- fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() (git-fixes).
- fbdev: sisfb: Fix strbuf array overflow (stable-fixes).
- fgraph: Change the name of cpuhp state to 'fgraph:online' (git-fixes).
- fgraph: Fix missing unlock in register_ftrace_graph() (git-fixes).
- fgraph: Use CPU hotplug mechanism to initialize idle shadow stacks (git-fixes).
- filemap: remove use of wait bookmarks (bsc#1224088).
- firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() (git-fixes).
- firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup() (git-fixes).
- firmware: arm_scpi: Check the DVFS OPP count returned by the firmware (git-fixes).
- firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state() (git-fixes).
- firmware: google: Unregister driver_info on failure (git-fixes).
- firmware_loader: Fix possible resource leak in fw_log_firmware_info() (git-fixes).
- fs/9p: drop inodes immediately on non-.L too (git-fixes).
- fs/9p: fix the cache always being enabled on files with qid flags (git-fixes).
- fs/ntfs3: Add more attributes checks in mi_enum_attr() (bsc#1233207)
- fs/ntfs3: Fixed overflow check in mi_enum_attr() (bsc#1233207)
- fs/ntfs3: Sequential field availability check in mi_enum_attr() (bsc#1233207)
- fs: Fix uninitialized value issue in from_kuid and from_kgid (git-fixes).
- genirq/msi: Fix off-by-one error in msi_domain_alloc() (git-fixes).
- goldfish: Fix unused const variable 'goldfish_pipe_acpi_match' (git-fixes).
- gpio: aspeed: Add the flush write to ensure the write complete (git-fixes).
- gpio: aspeed: Use devm_clk api to manage clock source (git-fixes).
- gpio: davinci: fix lazy disable (git-fixes).
- gpio: exar: set value when external pull-up or pull-down is present (git-fixes).
- gpio: zevio: Add missed label initialisation (git-fixes).
- gve: Fix XDP TX completion handling when counters overflow (git-fixes).
- gve: Fix an edge case for TSO skb validity check (git-fixes).
- gve: ignore nonrelevant GSO type bits when processing TSO headers (git-fixes).
- hid: intel-ish-hid: Fix uninitialized variable 'rv' in ish_fw_xfer_direct_dma (git-fixes).
- hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event (git-fixes).
- hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer (git-fixes).
- hwmon: (adm9240) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (adt7470) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (max16065) Fix alarm attributes (git-fixes).
- hwmon: (max16065) Remove use of i2c_match_id() (stable-fixes).
- hwmon: (mc34vr500) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (nct6775) add G15CF to ASUS WMI monitoring list (stable-fixes).
- hwmon: (nct6775-core) Fix overflows seen when writing limit attributes (git-fixes).
- hwmon: (tmp513) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (tps23861) Fix reporting of negative temperatures (git-fixes).
- hwmon: intel-m10-bmc-hwmon: relabel Columbiaville to CVL Die Temperature (git-fixes).
- i2c: core: Setup i2c_adapter runtime-pm before calling device_add() (git-fixes).
- i2c: core: fix lockdep warning for sparsely nested adapter chain (git-fixes).
- i2c: cpm: Remove linux,i2c-index conversion from be32 (git-fixes).
- i2c: designware: do not hold SCL low when I2C_DYNAMIC_TAR_UPDATE is not set (git-fixes).
- i2c: exynos5: Calculate t_scl_l, t_scl_h according to i2c spec (git-fixes).
- i2c: i801: Add lis3lv02d for Dell Precision 3540 (git-fixes).
- i2c: i801: Add lis3lv02d for Dell XPS 15 7590 (git-fixes).
- i2c: i801: Use a different adapter-name for IDF adapters (stable-fixes).
- i2c: i801: add helper i801_restore_regs (git-fixes).
- i2c: ismt: kill transaction in hardware on timeout (git-fixes).
- i2c: ocores: Move system PM hooks to the NOIRQ phase (git-fixes).
- i2c: ocores: Remove #ifdef guards for PM related functions (git-fixes).
- i2c: omap: switch to NOIRQ_SYSTEM_SLEEP_PM_OPS() and RUNTIME_PM_OPS() (git-fixes).
- i2c: omap: wakeup the controller during suspend() callback (git-fixes).
- i2c: rcar: properly format a debug output (git-fixes).
- i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume (git-fixes).
- i2c: stm32f7: perform most of irq job in threaded handler (git-fixes).
- i2c: synquacer: Deal with optional PCLK correctly (git-fixes).
- i2c: synquacer: Remove a clk reference from struct synquacer_i2c (stable-fixes).
- i2c: xiic: Try re-initialization on bus busy timeout (git-fixes).
- i2c: xiic: improve error message when transfer fails to start (stable-fixes).
- i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() (git-fixes).
- i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition (stable-fixes).
- i3c: master: svc: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- i40e: Fix XDP program unloading while removing the driver (git-fixes).
- i40e: Report MFS in decimal base instead of hex (git-fixes).
- i40e: fix race condition by adding filter's intermediate sync state (git-fixes).
- iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call (git-fixes).
- iavf: Fix TC config comparison with existing adapter TC config (git-fixes).
- ice: Fix VSI list rule with ICE_SW_LKUP_LAST type (git-fixes).
- ice: Fix checking for unsupported keys on non-tunnel device (git-fixes).
- ice: Fix lldp packets dropping after changing the number of channels (git-fixes).
- ice: Fix netif_is_ice() in Safe Mode (git-fixes).
- ice: Fix package download algorithm (git-fixes).
- ice: Fix recipe read procedure (git-fixes).
- ice: Fix reset handler (git-fixes).
- ice: Flush FDB entries before reset (git-fixes).
- ice: Interpret .set_channels() input differently (git-fixes).
- ice: Rebuild TC queues on VSI queue reconfiguration (git-fixes).
- ice: Reject pin requests with unsupported flags (git-fixes).
- ice: add flag to distinguish reset from .ndo_bpf in XDP rings config (git-fixes).
- ice: add missing WRITE_ONCE when clearing ice_rx_ring::xdp_prog (git-fixes).
- ice: avoid IRQ collision to fix init failure on ACPI S3 resume (git-fixes).
- ice: clear port vlan config during reset (git-fixes).
- ice: disallow DPLL_PIN_STATE_SELECTABLE for dpll output pins (git-fixes).
- ice: do not bring the VSI up, if it was down before the XDP setup (git-fixes).
- ice: do not busy wait for Rx queue disable in ice_qp_dis() (git-fixes).
- ice: fix 200G PHY types to link speed mapping (git-fixes).
- ice: fix 200G link speed message log (git-fixes).
- ice: fix ICE_LAST_OFFSET formula (git-fixes).
- ice: fix VLAN replay after reset (git-fixes).
- ice: fix VSI lists confusion when adding VLANs (git-fixes).
- ice: fix accounting for filters shared by multiple VSIs (git-fixes).
- ice: fix accounting if a VLAN already exists (git-fixes).
- ice: fix iteration of TLVs in Preserved Fields Area (git-fixes).
- ice: fix page reuse when PAGE_SIZE is over 8k (git-fixes).
- ice: fix reads from NVM Shadow RAM on E830 and E825-C devices (git-fixes).
- ice: fix truesize operations for PAGE_SIZE >= 8192 (git-fixes).
- ice: implement AQ download pkg retry (git-fixes).
- ice: map XDP queues to vectors in ice_vsi_map_rings_to_vectors() (git-fixes).
- ice: remove af_xdp_zc_qps bitmap (git-fixes).
- ice: replace synchronize_rcu with synchronize_net (git-fixes).
- ice: respect netif readiness in AF_XDP ZC related ndo's (git-fixes).
- ice: set correct dst VSI in only LAN filters (git-fixes).
- ice: tc: allow zero flags in parsing tc flower (git-fixes).
- ice: tc: check src_vsi in case of traffic from VF (git-fixes).
- ice: use proper macro for testing bit (git-fixes).
- idpf: Interpret .set_channels() input differently (git-fixes).
- idpf: avoid bloating &idpf_q_vector with big %NR_CPUS (git-fixes).
- idpf: do not enable NAPI and interrupts prior to allocating Rx buffers (git-fixes).
- idpf: do not skip over ethtool tcp-data-split setting (git-fixes).
- idpf: fix UAFs when destroying the queues (git-fixes).
- idpf: fix memleak in vport interrupt configuration (git-fixes).
- idpf: fix memory leaks and crashes while performing a soft reset (git-fixes).
- ieee802154: Fix build error (git-fixes).
- igb: Always call igb_xdp_ring_update_tail() under Tx lock (git-fixes).
- igb: Disable threaded IRQ for igb_msix_other (git-fixes).
- igb: Fix not clearing TimeSync interrupts for 82580 (git-fixes).
- igc: Fix double reset adapter triggered from a single taprio cmd (git-fixes).
- igc: Fix packet still tx after gate close by reducing i226 MAC retry buffer (git-fixes).
- igc: Fix qbv tx latency by setting gtxoffset (git-fixes).
- igc: Fix qbv_config_change_errors logics (git-fixes).
- igc: Fix reset adapter logics when tx mode change (git-fixes).
- igc: Unlock on error in igc_io_resume() (git-fixes).
- iio: Fix fwnode_handle in __fwnode_iio_channel_get_by_name() (git-fixes).
- iio: accel: bma400: Fix uninitialized variable field_value in tap event handling (git-fixes).
- iio: accel: kx022a: Fix raw read format (git-fixes).
- iio: accel: kx022a: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() (git-fixes).
- iio: adc: ad7606: Fix typo in the driver name (git-fixes).
- iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer (git-fixes).
- iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- iio: adc: ti-lmp92064: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: amplifiers: ada4250: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: dac: ad3552r: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- iio: dac: ad5766: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig (git-fixes).
- iio: frequency: adf4377: add missing select REMAP_SPI in Kconfig (git-fixes).
- iio: frequency: admv4420: fix missing select REMAP_SPI in Kconfig (git-fixes).
- iio: gts-helper: Fix memory leaks for the error path of iio_gts_build_avail_scale_table() (git-fixes).
- iio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table() (git-fixes).
- iio: gts: Fix uninitialized symbol 'ret' (git-fixes).
- iio: gts: fix infinite loop for gain_to_scaletables() (git-fixes).
- iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() (git-fixes).
- iio: light: al3010: Fix an error handling path in al3010_probe() (git-fixes).
- iio: light: opt3001: add missing full-scale range value (git-fixes).
- iio: light: veml6030: fix ALS sensor resolution (git-fixes).
- iio: light: veml6030: fix IIO device retrieval from embedded device (git-fixes).
- iio: light: veml6030: fix microlux value calculation (git-fixes).
- iio: magnetometer: ak8975: Convert enum->pointer for data in the match tables (stable-fixes).
- iio: magnetometer: ak8975: Fix 'Unexpected device' error (git-fixes).
- iio: magnetometer: ak8975: drop incorrect AK09116 compatible (git-fixes).
- iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- ima: fix buffer overrun in ima_eventdigest_init_common (git-fixes).
- initramfs: avoid filename buffer overrun (bsc#1232436).
- intel_idle: add Granite Rapids Xeon support (bsc#1231630).
- intel_idle: fix ACPI _CST matching for newer Xeon platforms (bsc#1231630).
- io_uring/eventfd: move to more idiomatic RCU free usage (git-fixes).
- io_uring/io-wq: do not allow pinning outside of cpuset (git-fixes).
- io_uring/io-wq: inherit cpuset of cgroup in io worker (git-fixes).
- io_uring/net: harden multishot termination case for recv (git-fixes).
- io_uring/rw: fix cflags posting for single issue multishot read (git-fixes).
- io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (git-fixes).
- io_uring/rw: treat -EOPNOTSUPP for IOCB_NOWAIT like -EAGAIN (git-fixes).
- io_uring/sqpoll: close race on waiting for sqring entries (git-fixes).
- io_uring/sqpoll: do not allow pinning outside of cpuset (git-fixes).
- io_uring/sqpoll: do not put cpumask on stack (git-fixes).
- io_uring/sqpoll: retain test for whether the CPU is valid (git-fixes).
- io_uring: check for presence of task_work rather than TIF_NOTIFY_SIGNAL (git-fixes).
- iommu/amd: Allocate the page table root using GFP_KERNEL (git-fixes).
- iommu/amd: Do not set the D bit on AMD v2 table entries (git-fixes).
- iommu/amd: Fix typo of , instead of ; (git-fixes).
- iommu/vt-d: Always reserve a domain ID for identity setup (git-fixes).
- iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices (git-fixes).
- iommufd: Check the domain owner of the parent before creating a nesting domain (git-fixes).
- iommufd: Protect against overflow of ALIGN() during iova allocation (git-fixes).
- irqchip/gic-v3-its: Avoid explicit cpumask allocation on stack (git-fixes).
- jbd2: Move j_transaction_overhead_buffers into a hole (bsc#1234042).
- jbd2: avoid infinite transaction commit loop (bsc#1234039).
- jbd2: avoid memleak in jbd2_journal_write_metadata_buffer (bsc#1234043).
- jbd2: avoid mount failed when commit block is partial submitted (bsc#1234040).
- jbd2: correct the printing of write_flags in jbd2_write_superblock() (bsc#1234045).
- jbd2: correctly compare tids with tid_geq function in jbd2_fc_begin_commit (bsc#1231638).
- jbd2: fix kernel-doc for j_transaction_overhead_buffers (bsc#1234042).
- jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev (bsc#1234044).
- jbd2: fix soft lockup in journal_finish_inode_data_buffers() (bsc#1234046).
- jbd2: make jbd2_journal_get_max_txn_bufs() internal (bsc#1234041).
- jbd2: precompute number of transaction descriptor blocks (bsc#1234042).
- jfs: Fix sanity check in dbMount (git-fixes).
- jfs: Fix uaf in dbFreeBits (git-fixes).
- jfs: Fix uninit-value access of new_ea in ea_buffer (git-fixes).
- jfs: UBSAN: shift-out-of-bounds in dbFindBits (git-fixes).
- jfs: check if leafidx greater than num leaves per dmap tree (git-fixes).
- jump_label: Fix static_key_slow_dec() yet again (git-fixes).
- kABI fix of VM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC) (git-fixes).
- kABI: Restore exported __arm_smccc_sve_check (git-fixes)
- kABI: bpf: enum bpf_{type_flag,arg_type} kABI workaround (git-fixes).
- kABI: bpf: struct bpf_insn_acces_aux kABI workaround (git-fixes).
- kabi, mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling (git-fixes kabi).
- kasan: Fix Software Tag-Based KASAN with GCC (git-fixes).
- kasan: move checks to do_strncpy_from_user (git-fixes).
- kbuild, bpf: Use test-ge check for v1.25-only pahole (bsc#1230414 bsc#1229450).
- kbuild,bpf: Add module-specific pahole flags for distilled base BTF (bsc#1230414 bsc#1229450).
- kbuild,bpf: Switch to using --btf_features for pahole v1.26 and later (bsc#1230414 bsc#1229450).
- kbuild: avoid too many execution of scripts/pahole-flags.sh (bsc#1230414 bsc#1229450).
- kbuild: bpf: Tell pahole to DECL_TAG kfuncs (bsc#1230414 bsc#1229450).
- kconfig: qconf: fix buffer overflow in debug links (git-fixes).
- kernel-binary: Enable livepatch package only when livepatch is enabled (bsc#1218644).
- kexec_file: fix elfcorehdr digest exclusion when CONFIG_CRASH_HOTPLUG=y (git-fixes).
- keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry (git-fixes).
- keys: Fix overwrite of key expiration on instantiation (git-fixes).
- kthread: unpark only parked kthread (git-fixes).
- leds: lp55xx: Remove redundant test for invalid channel number (git-fixes).
- lib/xarray: introduce a new helper xas_get_order (bsc#1231617).
- lib: string_helpers: silence snprintf() output truncation warning (git-fixes).
- mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING (git-fixes).
- macsec: do not increment counters for an unrelated SA (git-fixes).
- mailbox: arm_mhuv2: clean up loop in get_irq_chan_comb() (git-fixes).
- maple_tree: correct tree corruption on spanning store (git-fixes).
- maple_tree: fix alloc node fail issue (git-fixes).
- maple_tree: refine mas_store_root() on storing NULL (git-fixes).
- media: adv7604: prevent underflow condition when reporting colorspace (git-fixes).
- media: amphion: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- media: amphion: Set video drvdata before register video device (git-fixes).
- media: ar0521: do not overflow when checking PLL values (git-fixes).
- media: atomisp: Add check for rgby_data memory allocation failure (git-fixes).
- media: bttv: use audio defaults for winfast2000 (git-fixes).
- media: core: v4l2-ioctl: check if ioctl is known to avoid NULL name (git-fixes).
- media: cx24116: prevent overflows on SNR calculus (git-fixes).
- media: dvb_frontend: do not play tricks with underflow values (git-fixes).
- media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set (stable-fixes).
- media: dvbdev: prevent the risk of out of memory access (git-fixes).
- media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate() (git-fixes).
- media: i2c: dw9768: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- media: i2c: imx335: Enable regulator supplies (stable-fixes).
- media: i2c: tc358743: Fix crash in the probe error path when using polling (git-fixes).
- media: imx-jpeg: Ensure power suppliers be suspended before detach them (git-fixes).
- media: imx-jpeg: Set video drvdata before register video device (git-fixes).
- media: imx335: Fix reset-gpio handling (git-fixes).
- media: mantis: remove orphan mantis_core.h (git-fixes).
- media: mtk-jpeg: Fix null-ptr-deref during unload module (git-fixes).
- media: pci: ipu3-cio2: Initialise timing struct to avoid a compiler warning (git-fixes).
- media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() (git-fixes).
- media: platform: exynos4-is: Fix an OF node reference leak in fimc_md_is_isp_available (git-fixes).
- media: pulse8-cec: fix data timestamp at pulse8_setup() (git-fixes).
- media: s5p-jpeg: prevent buffer overflows (git-fixes).
- media: stb0899_algo: initialize cfr before using it (git-fixes).
- media: ts2020: fix null-ptr-deref in ts2020_probe() (git-fixes).
- media: uvcvideo: Require entities to have a non-zero unique ID (git-fixes).
- media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (git-fixes).
- media: uvcvideo: Stop stream during unregister (git-fixes).
- media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl() (git-fixes).
- media: v4l2-tpg: prevent the risk of a division by zero (git-fixes).
- media: vb2: Fix comment (git-fixes).
- media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() (stable-fixes).
- media: videobuf2: fix typo: vb2_dbuf -> vb2_qbuf (git-fixes).
- media: wl128x: Fix atomicity violation in fmc_send_cmd() (git-fixes).
- mei: use kvmalloc for read buffer (git-fixes).
- mfd: intel_soc_pmic_chtwc: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes).
- mfd: rt5033: Fix missing regmap_del_irq_chip() (git-fixes).
- mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race (git-fixes).
- minmax: avoid overly complex min()/max() macro arguments in xen (git-fixes).
- minmax: scsi: fix mis-use of 'clamp()' in sr.c (git-fixes).
- misc: apds990x: Fix missing pm_runtime_disable() (git-fixes).
- mlx5: avoid truncating error message (git-fixes).
- mlx5: stop warning for 64KB pages (git-fixes).
- mlxbf_gige: disable RX filters until RX path initialized (git-fixes).
- mm/filemap: optimize filemap folio adding (bsc#1231617).
- mm/filemap: return early if failed to allocate memory for split (bsc#1231617).
- mm/hugetlb: fix nodes huge page allocation when there are surplus pages (bsc#1234012).
- mm: avoid unsafe VMA hook invocation when error arises on mmap hook (git-fixes).
- mm: khugepaged: fix the arguments order in khugepaged_collapse_file trace point (git-fixes).
- mm: mmap: no need to call khugepaged_enter_vma() for stack (jsc#PED-10978).
- mm: move dummy_vm_ops out of a header (git-fixes prerequisity).
- mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling (git-fixes).
- mm: refactor map_deny_write_exec() (git-fixes).
- mm: resolve faulty mmap_region() error path behaviour (git-fixes).
- mm: unconditionally close VMAs on error (git-fixes).
- mmc: core: Further prevent card detect during shutdown (git-fixes).
- mmc: mmc_spi: drop buggy snprintf() (git-fixes).
- mmc: sunxi-mmc: Fix A100 compatible description (git-fixes).
- modpost: fix acpi MODULE_DEVICE_TABLE built with mismatched endianness (git-fixes).
- modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host (git-fixes).
- modpost: remove incorrect code in do_eisa_entry() (git-fixes).
- module: abort module loading when sysfs setup suffer errors (git-fixes).
- mtd: rawnand: atmel: Fix possible memory leak (git-fixes).
- mtd: spi-nor: core: replace dummy buswidth from addr to data (git-fixes).
- nbd: fix race between timeout and normal completion (bsc#1230918).
- net/mlx5: Add missing masks and QoS bit masks for scheduling elements (git-fixes).
- net/mlx5: Added cond_resched() to crdump collection (git-fixes).
- net/mlx5: Check capability for fw_reset (git-fixes).
- net/mlx5: Check for invalid vector index on EQ creation (git-fixes).
- net/mlx5: Explicitly set scheduling element and TSAR type (git-fixes).
- net/mlx5: Fix command bitmask initialization (git-fixes).
- net/mlx5: Fix error handling in irq_pool_request_irq (git-fixes).
- net/mlx5: Lag, do bond only if slaves agree on roce state (git-fixes).
- net/mlx5: Lag, do not use the hardcoded value of the first port (git-fixes).
- net/mlx5: Stop waiting for PCI if pci channel is offline (git-fixes).
- net/mlx5: Unregister notifier on eswitch init failure (git-fixes).
- net/mlx5: Update the list of the PCI supported devices (git-fixes).
- net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys (git-fixes).
- net/mlx5e: Add missing link mode to ptys2ext_ethtool_map (git-fixes).
- net/mlx5e: Add missing link modes to ptys2ethtool_map (git-fixes).
- net/mlx5e: Add mqprio_rl cleanup and free in mlx5e_priv_cleanup() (git-fixes).
- net/mlx5e: Correctly report errors for ethtool rx flows (git-fixes).
- net/mlx5e: Do not call cleanup on profile rollback failure (git-fixes).
- net/mlx5e: Fix IPsec tunnel mode offload feature check (git-fixes).
- net/mlx5e: Fix UDP GSO for encapsulated packets (git-fixes).
- net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets (git-fixes).
- net/mlx5e: Require mlx5 tc classifier action support for IPsec prio capability (git-fixes).
- net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion (git-fixes).
- net: mana: Implement get_ringparam/set_ringparam for mana (bsc#1229891).
- net: mana: Improve mana_set_channels() in low mem conditions (bsc#1230289).
- net: mdio-ipq4019: add missing error check (git-fixes).
- net: phy: Remove LED entry from LEDs list on unregister (git-fixes).
- net: phy: bcm84881: Fix some error handling paths (git-fixes).
- net: phy: dp83822: Fix reset pin definitions (git-fixes).
- net: phy: dp83869: fix memory corruption when enabling fiber (git-fixes).
- net: phy: ti: add PHY_RST_AFTER_CLK_EN flag (git-fixes).
- net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() (git-fixes).
- net: qede: use return from qede_parse_actions() (git-fixes).
- net: qede: use return from qede_parse_flow_attr() for flow_spec (git-fixes).
- net: qede: use return from qede_parse_flow_attr() for flower (git-fixes).
- net: relax socket state check at accept time (git-fixes).
- net: stmmac: dwmac-tegra: Fix link bring-up sequence (git-fixes)
- net: sysfs: Fix /sys/class/net/<iface> path for statistics (git-fixes).
- net: test for not too small csum_start in virtio_net_hdr_to_skb() (git-fixes).
- net: usb: lan78xx: Fix double free issue with interrupt buffer allocation (git-fixes).
- net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device (git-fixes).
- net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration (git-fixes).
- net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition (stable-fixes).
- net: usb: usbnet: fix name regression (get-fixes).
- net: usb: usbnet: fix race in probe failure (git-fixes).
- net: wwan: fix global oob in wwan_rtnl_policy (git-fixes).
- net: wwan: t7xx: Fix off-by-one error in t7xx_dpmaif_rx_buf_alloc() (git-fixes).
- net: xfrm: preserve kabi for xfrm_state (bsc#1233754).
- netdevsim: copy addresses for both in and out paths (git-fixes).
- netdevsim: use cond_resched() in nsim_dev_trap_report_work() (git-fixes).
- netfilter: nf_tables: missing iterator type in lookup walk (git-fixes).
- nfs: Fix KMSAN warning in decode_getfattr_attrs() (git-fixes).
- nfs: avoid i_lock contention in nfs_clear_invalid_mapping (git-fixes).
- nfs: fix memory leak in error path of nfs4_do_reclaim (git-fixes).
- nfsd: call cache_put if xdr_reserve_space returns NULL (git-fixes).
- nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net (git-fixes).
- nfsd: enable NFSv2 caused by upstream commit (bsc#1230914).
- nfsd: fix delegation_blocked() to block correctly for at least 30 seconds (git-fixes).
- nfsd: fix refcount leak when file is unhashed after being found (git-fixes).
- nfsd: map the EBADMSG to nfserr_io to avoid warning (git-fixes).
- nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire (git-fixes).
- nfsd: remove unsafe BUG_ON from set_change_info (bsc#1234121).
- nfsd: return -EINVAL when namelen is 0 (git-fixes).
- nilfs2: fix kernel bug due to missing clearing of buffer delay flag (git-fixes).
- nilfs2: fix potential deadlock with newly created symlinks (git-fixes).
- nouveau/dmem: Fix privileged error in copy engine channel (git-fixes).
- nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error (git-fixes).
- nouveau/dp: handle retries for AUX CH transfers with GSP (git-fixes).
- nouveau/gsp: Avoid addressing beyond end of rpc->entries (stable-fixes).
- nouveau: fw: sync dma after setup is called (git-fixes).
- nouveau: handle EBUSY and EAGAIN for GSP aux errors (git-fixes).
- ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).
- ntfs3: Add bounds checking to mi_enum_attr() (bsc#1233207)
- nvme-fabrics: fix kernel crash while shutting down controller (git-fixes).
- nvme-loop: flush off pending I/O while shutting down loop controller (git-fixes).
- nvme-multipath: suppress partition scan until the disk is ready (bsc#1228244).
- nvme-pci: fix freeing of the HMB descriptor table (git-fixes).
- nvme-pci: fix race condition between reset and nvme_dev_disable() (git-fixes).
- nvme-pci: qdepth 1 quirk (git-fixes).
- nvme-pci: reverse request order in nvme_queue_rqs (git-fixes).
- nvme-pci: set doorbell config before unquiescing (git-fixes).
- nvme/host: Fix RCU list traversal to use SRCU primitive (git-fixes).
- nvme: disable CC.CRIME (NVME_CC_CRIME) (jsc#PED-9901).
- nvme: null terminate nvme_tls_attrs (git-fixes).
- nvme: re-fix error-handling for io_uring nvme-passthrough (git-fixes).
- nvme: tcp: avoid race between queue_lock lock and destroy (git-fixes).
- nvmet-auth: assign dh_key to NULL after kfree_sensitive (git-fixes).
- ocfs2: fix UBSAN warning in ocfs2_verify_volume() (git-fixes).
- ocfs2: fix the la space leak when unmounting an ocfs2 volume (git-fixes).
- ocfs2: fix uninit-value in ocfs2_get_block() (git-fixes).
- ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow (git-fixes).
- ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() (git-fixes).
- ocfs2: uncache inode which has failed entering the group (git-fixes).
- of: Add cleanup.h based auto release via __free(device_node) markings (bsc#1232386)
- parport: Proper fix for array out-of-bounds access (git-fixes).
- phy: freescale: imx8m-pcie: Do CMN_RST just before PHY PLL lock check (git-fixes).
- phy: qcom: qmp-combo: move driver data initialisation earlier (git-fixes).
- phy: qcom: qmp-usb: fix NULL-deref on runtime suspend (git-fixes).
- phy: tegra: xusb: Add error pointer check in xusb.c (git-fixes).
- phy: ti: phy-j721e-wiz: fix usxgmii configuration (git-fixes).
- pinctrl: apple: check devm_kasprintf() returned value (git-fixes).
- pinctrl: k210: Undef K210_PC_DEFAULT (git-fixes).
- pinctrl: ocelot: fix system hang on level based interrupts (stable-fixes).
- pinctrl: qcom: spmi: fix debugfs drive strength (git-fixes).
- pinctrl: zynqmp: drop excess struct member description (git-fixes).
- platform/chrome: cros_ec_typec: fix missing fwnode reference decrement (git-fixes).
- platform/x86/amd/pmc: Detect when STB is not available (git-fixes).
- platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug (git-fixes).
- platform/x86: dell-sysman: add support for alienware products (stable-fixes).
- platform/x86: dell-wmi: Ignore suspend notifications (stable-fixes).
- platform/x86: lenovo-ymc: Ignore the 0x0 state (stable-fixes).
- platform/x86: panasonic-laptop: Return errno correctly in show callback (git-fixes).
- platform/x86: touchscreen_dmi: add nanote-next quirk (stable-fixes).
- posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone (bsc#1234098).
- power: reset: brcmstb: Do not go into infinite loop if reset fails (stable-fixes).
- power: supply: bq27xxx: Fix registers of bq27426 (git-fixes).
- power: supply: core: Remove might_sleep() from power_supply_put() (git-fixes).
- power: supply: rt9471: Fix wrong WDT function regfield declaration (git-fixes).
- power: supply: rt9471: Use IC status regfield to report real charger status (git-fixes).
- powercap: intel_rapl: Fix off by one in get_rpi() (git-fixes).
- powerpc/64: Convert patch_instruction() to patch_u32() (bsc#1194869).
- powerpc/64s: Fix unnecessary copy to 0 when kernel is booted at address 0 (bsc#1215199).
- powerpc/atomic: Use YZ constraints for DS-form instructions (bsc#1194869).
- powerpc/boot: Handle allocation failure in simple_realloc() (bsc#1194869).
- powerpc/boot: Only free if realloc() succeeds (bsc#1194869).
- powerpc/code-patching: Add generic memory patching (bsc#1194869).
- powerpc/code-patching: Perform hwsync in __patch_instruction() in case of failure (bsc#1194869).
- powerpc/crypto: do not build aes-gcm-p10 by default (bsc#1230501 ltc#208632).
- powerpc/crypto: fix missing skcipher dependency for aes-gcm-p10 (bsc#1230501 ltc#208632).
- powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init() (bsc#1215199).
- powerpc/fadump: Refactor and prepare fadump_cma_init for late init (bsc#1215199).
- powerpc/kexec: Fix return of uninitialized variable (bsc#1194869).
- powerpc/mm/fault: Fix kfence page fault reporting (bsc#1194869).
- powerpc/mm: Fix boot crash with FLATMEM (bsc#1194869).
- powerpc/mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL (bsc#1194869).
- powerpc/powernv: Free name on error in opal_event_init() (bsc#1194869).
- powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector (bsc#1194869).
- powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore (bsc#1194869).
- powerpc/pseries: Use correct data types from pseries_hp_errorlog struct (bsc#1215199).
- powerpc/vdso: Fix VDSO data access when running in a non-root time namespace (bsc#1194869).
- powerpc/vdso: Inconditionally use CFUNC macro (bsc#1215199).
- powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu (bsc#1194869).
- powerpc/xmon: Fix disassembly CPU feature checks (bsc#1065729).
- printk: Add notation to console_srcu locking (bsc#1232183).
- pwm: imx-tpm: Use correct MODULO value for EPWM mode (git-fixes).
- qed: avoid truncating work queue length (git-fixes).
- rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow (bsc#1226631).
- rcu: Fix buffer overflow in print_cpu_stall_info() (bsc#1226623).
- regmap: detach regmap from dev on regmap_exit (git-fixes).
- regmap: irq: Set lockdep class for hierarchical IRQ domains (git-fixes).
- rpm/check-for-config-changes: add HAVE_RUST and RUSTC_SUPPORTS_ to IGNORED_CONFIGS_RE They depend on SHADOW_CALL_STACK.
- rpm/release-projects: Add SLFO projects (bsc#1231293).
- rpm/scripts: Remove obsolete Symbols.list Symbols.list is not longer needed by the new klp-convert implementation (bsc#1218644).
- rpmsg: glink: Handle rejected intent request better (git-fixes).
- rtc: ab-eoz9: do not fail temperature reads on undervoltage notification (git-fixes).
- rtc: abx80x: Fix WDT bit position of the status register (git-fixes).
- rtc: bbnsm: add remove hook (git-fixes).
- rtc: check if __rtc_read_time was successful in rtc_timer_do_work() (git-fixes).
- rtc: rzn1: fix BCD to rtc_time conversion errors (git-fixes).
- rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- runtime constants: add default dummy infrastructure (git-fixes).
- runtime constants: add x86 architecture support (git-fixes).
- s390/mm: Add cond_resched() to cmm_alloc/free_pages() (bsc#1228747).
- s390/pci: Handle PCI error codes other than 0x3a (git-fixes bsc#1232629).
- s390/sclp: Deactivate sclp after all its users (git-fixes bsc#1232628).
- s390/sclp_vt220: Convert newlines to CRLF instead of LFCR (git-fixes bsc#1232627).
- scsi: NCR5380: Check for phase match during PDMA fixup (git-fixes).
- scsi: NCR5380: Initialize buffer for MSG IN and STATUS transfers (git-fixes).
- scsi: Remove scsi device no_start_on_resume flag (git-fixes).
- scsi: aacraid: Rearrange order of struct aac_srb_unit (git-fixes).
- scsi: cdrom: kABI: fix cdrom_dev_ops change (git-fixes).
- scsi: core: Disable CDL by default (git-fixes).
- scsi: core: Fix handling of SCMD_FAIL_IF_RECOVERING (git-fixes).
- scsi: core: Fix the return value of scsi_logical_block_count() (git-fixes).
- scsi: core: Handle devices which return an unusually large VPD page count (git-fixes).
- scsi: core: alua: I/O errors for ALUA state transitions (git-fixes).
- scsi: fnic: Move flush_work initialization out of if block (bsc#1230055).
- scsi: hisi_sas: Handle the NCQ error returned by D2H frame (git-fixes).
- scsi: hpsa: Fix allocation size for Scsi_Host private data (git-fixes).
- scsi: kABI: restore no_start_on_resume to scsi_device (git-fixes).
- scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed (git-fixes).
- scsi: libsas: Fix the failure of adding phy with zero-address to port (git-fixes).
- scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in lpfc_els_flush_cmd() (bsc#1232757).
- scsi: lpfc: Add cleanup of nvmels_wq after HBA reset (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Call lpfc_sli4_queue_unset() in restart and rmmod paths (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Change lpfc_nodelist nlp_flag member into a bitmask (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Check SLI_ACTIVE flag in FDMI cmpl before submitting follow up FDMI (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Check devloss callbk done flag for potential stale NDLP ptrs (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Copyright updates for 14.4.0.6 patches (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance (bsc#1232757).
- scsi: lpfc: Fix kref imbalance on fabric ndlps from dev_loss_tmo handler (bsc#1232757).
- scsi: lpfc: Modify CGN warning signal calculation based on EDC response (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Prevent NDLP reference count underflow in dev_loss_tmo callback (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Remove NLP_RELEASE_RPI flag from nodelist structure (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Remove trailing space after \n newline (bsc#1232757).
- scsi: lpfc: Restrict support for 32 byte CDBs to specific HBAs (bsc#1232757 bsc#1228119).
- scsi: lpfc: Revise TRACE_EVENT log flag severities from KERN_ERR to KERN_WARNING (bsc#1232757).
- scsi: lpfc: Support loopback tests with VMID enabled (bsc#1232757).
- scsi: lpfc: Update lpfc version to 14.4.0.5 (bsc#1232757).
- scsi: lpfc: Update lpfc version to 14.4.0.6 (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Update lpfc_els_flush_cmd() to check for SLI_ACTIVE before BSG flag (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Update phba link state conditional before sending CMF_SYNC_WQE (bsc#1232757).
- scsi: mac_scsi: Disallow bus errors during PDMA send (git-fixes).
- scsi: mac_scsi: Refactor polling loop (git-fixes).
- scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages (git-fixes).
- scsi: mpi3mr: Avoid IOMMU page faults on REPORT ZONES (git-fixes).
- scsi: mpi3mr: Avoid memcpy field-spanning write WARNING (git-fixes).
- scsi: mpi3mr: Avoid possible run-time warning with long manufacturer strings (git-fixes).
- scsi: mpi3mr: Fix ATA NCQ priority support (git-fixes).
- scsi: mpi3mr: Validate SAS port assignments (git-fixes).
- scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES (git-fixes).
- scsi: pm8001: Do not overwrite PCI queue mapping (git-fixes).
- scsi: pm80xx: Set phy->enable_completion only when we wait for it (git-fixes).
- scsi: qedf: Set qed_slowpath_params to zero before use (git-fixes).
- scsi: scsi_transport_fc: Allow setting rport state to current state (git-fixes).
- scsi: sd: Ignore command SYNCHRONIZE CACHE error if format in progress (git-fixes).
- scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer (git-fixes).
- scsi: smartpqi: correct stream detection (git-fixes).
- scsi: smartpqi: revert propagate-the-multipath-failure-to-SML-quickly (git-fixes).
- scsi: spi: Fix sshdr use (git-fixes).
- scsi: sr: Fix unintentional arithmetic wraparound (git-fixes).
- scsi: wd33c93: Do not use stale scsi_pointer value (git-fixes).
- security/keys: fix slab-out-of-bounds in key_task_permission (git-fixes).
- selftests/bpf: Add a test case to write mtu result into .rodata (git-fixes).
- selftests/bpf: Add a test case to write strtol result into .rodata (git-fixes).
- selftests/bpf: Add test for sign extension in coerce_subreg_to_size_sx() (git-fixes).
- selftests/bpf: Add test for truncation after sign extension in coerce_reg_to_size_sx() (git-fixes).
- selftests/bpf: Add tests for ldsx of pkt data/data_end/data_meta accesses (git-fixes).
- selftests/bpf: Fix ARG_PTR_TO_LONG {half-,}uninitialized test (git-fixes).
- selftests/bpf: Rename ARG_PTR_TO_LONG test description (git-fixes).
- selftests/bpf: test for malformed BPF_CORE_TYPE_ID_LOCAL relocation (git-fixes).
- serial: 8250: omap: Move pm_runtime_get_sync (git-fixes).
- serial: imx: Update mctrl old_status on RTSD interrupt (git-fixes).
- serial: protect uart_port_dtr_rts() in uart_shutdown() too (stable-fixes).
- signal: Replace BUG_ON()s (bsc#1234093).
- soc: fsl: rcpm: fix missing of_node_put() in copy_ippdexpcr1_setting() (git-fixes).
- soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() (git-fixes).
- soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- soundwire: intel_bus_common: enable interrupts before exiting reset (stable-fixes).
- spi: Fix acpi deferred irq probe (git-fixes).
- spi: atmel-quadspi: Fix register name in verbose logging function (git-fixes).
- spi: atmel-quadspi: Fix wrong register value written to MR (git-fixes).
- spi: mpc52xx: Add cancel_work_sync before module remove (git-fixes).
- spi: mtk-snfi: fix kerneldoc for mtk_snand_is_page_ops() (git-fixes).
- spi: s3c64xx: fix timeout counters in flush_fifo (git-fixes).
- spi: spi-fsl-dspi: Fix crash when not using GPIO chip select (git-fixes).
- spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- spi: tegra210-quad: Avoid shift-out-of-bounds (git-fixes).
- splice: always fsnotify_access(in), fsnotify_modify(out) on success (git-fixes).
- splice: fsnotify_access(fd)/fsnotify_modify(fd) in vmsplice (git-fixes).
- splice: fsnotify_access(in), fsnotify_modify(out) on success in tee (git-fixes).
- srcu: Fix callbacks acceleration mishandling (git-fixes).
- staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() (git-fixes).
- sumversion: Fix a memory leak in get_src_version() (git-fixes).
- supported.conf: mark nhpoly1305 module as supported (bsc#1231035).
- supported.conf: mark ultravisor userspace access as supported (bsc#1232090).
- task_work: add kerneldoc annotation for 'data' argument (git-fixes).
- tcp: Fix refcnt handling in __inet_hash_connect() (git-fixes).
- thermal: core: Initialize thermal zones before registering them (git-fixes).
- thermal: int3400: Fix reading of current_uuid for active policy (git-fixes).
- thermal: intel: int340x: processor: Fix warning during module unload (git-fixes).
- thunderbolt: Honor TMU requirements in the domain when setting TMU mode (stable-fixes).
- thunderbolt: Improve DisplayPort tunnel setup process to be more robust (stable-fixes).
- tools/lib/thermal: Fix sampling handler context ptr (git-fixes).
- tools/power turbostat: Fix trailing '\n' parsing (git-fixes).
- tools/power turbostat: Increase the limit for fd opened (bsc#1233119).
- tools: hv: rm .*.cmd when make clean (git-fixes).
- tpm: Lock TPM chip in tpm_pm_suspend() first (bsc#1082555 git-fixes).
- tpm: fix signed/unsigned bug when checking event logs (git-fixes).
- tracing/hwlat: Fix a race during cpuhp processing (git-fixes).
- tracing/osnoise: Fix build when timerlat is not enabled (git-fixes).
- tracing/osnoise: Skip running osnoise if all instances are off (git-fixes).
- tracing/osnoise: Switch from PF_NO_SETAFFINITY to migrate_disable (git-fixes).
- tracing/osnoise: Use a cpumask to know what threads are kthreads (git-fixes).
- tracing/timerlat: Add interface_lock around clearing of kthread in stop_kthread() (git-fixes).
- tracing/timerlat: Add user-space interface (git-fixes).
- tracing/timerlat: Drop interface_lock in stop_kthread() (git-fixes).
- tracing/timerlat: Fix a race during cpuhp processing (git-fixes).
- tracing/timerlat: Fix duplicated kthread creation due to CPU online/offline (git-fixes).
- tracing/timerlat: Move hrtimer_init to timerlat_fd open() (git-fixes).
- tracing/timerlat: Only clear timer if a kthread exists (git-fixes).
- tracing: Consider the NULL character when validating the event length (git-fixes).
- tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler (git-fixes).
- tty: n_gsm: Fix use-after-free in gsm_cleanup_mux (stable-fixes).
- u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file (git-fixes).
- ubifs: Fix adding orphan entry twice for the same inode (git-fixes).
- ubifs: Fix unattached xattr inode if powercut happens after deleting (git-fixes).
- ubifs: add check for crypto_shash_tfm_digest (git-fixes).
- ubifs: dbg_orphan_check: Fix missed key type checking (git-fixes).
- ucounts: fix counter leak in inc_rlimit_get_ucounts() (bsc#1233460).
- unicode: Do not special case ignorable code points (stable-fixes).
- unicode: Fix utf8_load() error path (git-fixes).
- uprobe: avoid out-of-bounds memory access of fetching args (git-fixes).
- uprobes: encapsulate preparation of uprobe args buffer (git-fixes).
- uprobes: introduce the global struct vm_special_mapping xol_mapping (bsc#1231114).
- uprobes: turn xol_area->pages into xol_area->page (bsc#1231114).
- usb: chipidea: udc: enable suspend interrupt after usb reset (stable-fixes).
- usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the Crashkernel Scenario (stable-fixes).
- usb: dwc3: Wait for EndXfer completion before restoring GUSB2PHYCFG (git-fixes).
- usb: dwc3: core: Stop processing of pending events if controller is halted (git-fixes).
- usb: dwc3: gadget: Add missing check for single port RAM in TxFIFO resizing logic (git-fixes).
- usb: dwc3: gadget: Fix checking for number of TRBs left (git-fixes).
- usb: dwc3: gadget: Fix looping of queued SG entries (git-fixes).
- usb: ehci-spear: fix call balance of sehci clk handling routines (git-fixes).
- usb: gadget: core: force synchronous registration (git-fixes).
- usb: gadget: dummy_hcd: Set transfer interval to 1 microframe (stable-fixes).
- usb: gadget: dummy_hcd: Switch to hrtimer transfer scheduler (stable-fixes).
- usb: gadget: dummy_hcd: execute hrtimer callback in softirq context (git-fixes).
- usb: gadget: f_uac2: Replace snprintf() with the safer scnprintf() variant (stable-fixes).
- usb: gadget: f_uac2: fix non-newline-terminated function name (stable-fixes).
- usb: gadget: f_uac2: fix return value for UAC2_ATTRIBUTE_STRING store (git-fixes).
- usb: musb: Fix hardware lockup on first Rx endpoint request (git-fixes).
- usb: musb: sunxi: Fix accessing an released usb phy (git-fixes).
- usb: phy: Fix API devm_usb_put_phy() can not release the phy (git-fixes).
- usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip (stable-fixes).
- usb: typec: altmode should keep reference to parent (git-fixes).
- usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() (git-fixes).
- usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes() (git-fixes).
- usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() (git-fixes).
- usb: xhci: Fix TD invalidation under pending Set TR Dequeue (git-fixes).
- usb: xhci: Fix problem with xhci resume from suspend (stable-fixes).
- usb: xhci: fix loss of data on Cadence xHC (git-fixes).
- usb: yurex: make waiting on yurex_write interruptible (git-fixes).
- usbip: tools: Fix detach_port() invalid port error path (git-fixes).
- usbnet: fix cyclical race on disconnect with work queue (git-fixes).
- vdpa: Fix an error handling path in eni_vdpa_probe() (git-fixes).
- vdpa_sim_blk: Fix the potential leak of mgmt_dev (git-fixes).
- vdpa_sim_blk: allocate the buffer zeroed (git-fixes).
- vduse: avoid using __GFP_NOFAIL (git-fixes).
- vfs: dcache: move hashlen_hash() from callers into d_hash() (git-fixes).
- vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (git-fixes).
- vhost_vdpa: assign irq bypass producer token correctly (git-fixes).
- virtio_console: fix misc probe bugs (git-fixes).
- vmalloc: modify the alloc_vmap_area() error message for better diagnostics (jsc#PED-10978).
- vmxnet3: Add XDP support (bsc#1226498).
- vmxnet3: Fix missing reserved tailroom (bsc#1226498).
- vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame (bsc#1226498).
- vmxnet3: add command to allow disabling of offloads (bsc#1226498).
- vmxnet3: add latency measurement support in vmxnet3 (bsc#1226498).
- vmxnet3: prepare for version 9 changes (bsc#1226498).
- vmxnet3: update to version 9 (bsc#1226498).
- vsock: Update msg_count on read_skb() (git-fixes).
- vt: prevent kernel-infoleak in con_font_get() (git-fixes).
- watchdog: apple: Actually flush writes after requesting watchdog restart (git-fixes).
- watchdog: mediatek: Make sure system reset gets asserted in mtk_wdt_restart() (git-fixes).
- watchdog: rti: of: honor timeout-sec property (git-fixes).
- wifi: ath10k: Fix memory leak in management tx (git-fixes).
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1 (git-fixes).
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2 (git-fixes).
- wifi: ath11k: Fix CE offset address calculation for WCN6750 in SSR (git-fixes).
- wifi: ath11k: Fix invalid ring usage in full monitor mode (git-fixes).
- wifi: ath11k: fix array out-of-bound access in SoC stats (stable-fixes).
- wifi: ath12k: Skip Rx TID cleanup for self peer (git-fixes).
- wifi: ath12k: fix array out-of-bound access in SoC stats (stable-fixes).
- wifi: ath12k: fix crash when unbinding (git-fixes).
- wifi: ath12k: fix warning when unbinding (git-fixes).
- wifi: ath12k: remove msdu_end structure for WCN7850 (git-fixes).
- wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (git-fixes).
- wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() (stable-fixes).
- wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit (stable-fixes).
- wifi: brcm80211: BRCM_TRACING should depend on TRACING (git-fixes).
- wifi: brcmfmac: release 'root' node in all execution paths (git-fixes).
- wifi: cfg80211: Set correct chandef when starting CAC (stable-fixes).
- wifi: cfg80211: clear wdev->cqm_config pointer on free (git-fixes).
- wifi: cw1200: Fix potential NULL dereference (git-fixes).
- wifi: iwlegacy: Clear stale interrupts before resuming device (stable-fixes).
- wifi: iwlegacy: Fix 'field-spanning write' warning in il_enqueue_hcmd() (git-fixes).
- wifi: iwlwifi: allow only CN mcc from WRDD (stable-fixes).
- wifi: iwlwifi: config: label 'gl' devices as discrete (git-fixes).
- wifi: iwlwifi: mvm: Fix a race in scan abort flow (stable-fixes).
- wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() (git-fixes).
- wifi: iwlwifi: mvm: avoid NULL pointer dereference (stable-fixes).
- wifi: iwlwifi: mvm: do not add default link in fw restart flow (git-fixes).
- wifi: iwlwifi: mvm: do not leak a link on AP removal (git-fixes).
- wifi: iwlwifi: mvm: drop wrong STA selection in TX (stable-fixes).
- wifi: iwlwifi: mvm: use correct key iteration (stable-fixes).
- wifi: iwlwifi: remove AX101, AX201 and AX203 support from LNL (stable-fixes).
- wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower (git-fixes).
- wifi: mac80211: fix RCU list iterations (stable-fixes).
- wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys (git-fixes).
- wifi: mt76: mt7915: add dummy HW offload of IEEE 802.11 fragmentation (stable-fixes).
- wifi: mt76: mt7915: disable tx worker during tx BA session enable/disable (stable-fixes).
- wifi: mt76: mt7915: hold dev->mt76.mutex while disabling tx worker (stable-fixes).
- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() (stable-fixes).
- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (git-fixes).
- wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- wifi: rtw88: 8821cu: Remove VID/PID 0bda:c82c (stable-fixes).
- wifi: rtw88: Fix USB/SDIO devices not transmitting beacons (git-fixes).
- wifi: rtw88: select WANT_DEV_COREDUMP (stable-fixes).
- wifi: rtw89: avoid reading out of bounds when loading TX power FW elements (stable-fixes).
- wifi: rtw89: avoid to add interface to list twice when SER (stable-fixes).
- wifi: rtw89: correct base HT rate mask for firmware (stable-fixes).
- wifi: wfx: Fix error handling in wfx_core_init() (git-fixes).
- x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client (bsc#1233443).
- x86/CPU/AMD: Only apply Zenbleed fix for Zen2 during late microcode load (git-fixes).
- x86/Documentation: Indent 'note::' directive for protocol version number note (git-fixes).
- x86/PCI: Check pcie_find_root_port() return for NULL (git-fixes).
- x86/amd_nb: Add new PCI IDs for AMD family 1Ah model 60h (git-fixes).
- x86/apic: Always explicitly disarm TSC-deadline timer (git-fixes).
- x86/apic: Make x2apic_disable() work correctly (git-fixes).
- x86/bugs: Do not use UNTRAIN_RET with IBPB on entry (git-fixes).
- x86/bugs: Skip RSB fill at VMEXIT (git-fixes).
- x86/cpufeatures: Add a IBPB_NO_RET BUG flag (git-fixes).
- x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET (git-fixes).
- x86/entry: Have entry_ibpb() invalidate return predictions (git-fixes).
- x86/entry: Remove unwanted instrumentation in common_interrupt() (git-fixes).
- x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency (git-fixes).
- x86/microcode/intel: Remove unnecessary cache writeback and invalidation (git-fixes).
- x86/mm: Use IPIs to synchronize LAM enablement (git-fixes).
- x86/resctrl: Annotate get_mem_config() functions as __init (git-fixes).
- x86/resctrl: Avoid overflow in MB settings in bw_validate() (git-fixes).
- x86/resctrl: Remove hard-coded memory bandwidth limit (git-fixes).
- x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler (git-fixes).
- x86/syscall: Avoid memcpy() for ia32 syscall_get_arguments() (git-fixes).
- x86/tdx: Dynamically disable SEPT violations from causing #VEs (git-fixes).
- x86/tdx: Enable CPU topology enumeration (git-fixes).
- x86/tdx: Introduce wrappers to read and write TD metadata (git-fixes).
- x86/tdx: Rename tdx_parse_tdinfo() to tdx_setup() (git-fixes).
- x86/traps: move kmsan check after instrumentation_begin (git-fixes).
- x86: Increase brk randomness entropy for 64-bit systems (git-fixes).
- x86: do the user address masking outside the user access area (git-fixes).
- x86: fix off-by-one in access_ok() (git-fixes).
- x86: fix user address masking non-canonical speculation issue (git-fixes).
- x86: make the masked_user_access_begin() macro use its argument only once (git-fixes).
- x86: support user address masking instead of non-speculative conditional (git-fixes).
- xfrm: Export symbol xfrm_dev_state_delete (bsc#1233754).
- xfrm: Fix unregister netdevice hang on hardware offload (bsc#1233754).
- xfs: check opcode and iovec count match in xlog_recover_attri_commit_pass2 (git-fixes).
- xfs: check shortform attr entry flags specifically (git-fixes).
- xfs: convert delayed extents to unwritten when zeroing post eof blocks (git-fixes).
- xfs: fix finding a last resort AG in xfs_filestream_pick_ag (git-fixes).
- xfs: fix freeing speculative preallocations for preallocated files (git-fixes).
- xfs: make sure sb_fdblocks is non-negative (git-fixes).
- xfs: make the seq argument to xfs_bmapi_convert_delalloc() optional (git-fixes).
- xfs: make xfs_bmapi_convert_delalloc() to allocate the target offset (git-fixes).
- xfs: remove a racy if_bytes check in xfs_reflink_end_cow_extent (git-fixes).
- xfs: validate recovered name buffers when recovering xattr items (git-fixes).
- xhci: Add a quirk for writing ERST in high-low order (git-fixes).
- xhci: Fix Link TRB DMA in command ring stopped completion event (git-fixes).
- xhci: Fix incorrect stream context type macro (git-fixes).
- xhci: Mitigate failed set dequeue pointer commands (git-fixes).
- xhci: Use pm_runtime_get to prevent RPM on unsupported systems (git-fixes).
- xhci: tegra: fix checked USB2 port number (git-fixes).
- zonefs: Improve error handling (git-fixes).
Patchnames
SUSE-2024-4318,SUSE-SLE-Module-Basesystem-15-SP6-2024-4318,SUSE-SLE-Module-Development-Tools-15-SP6-2024-4318,SUSE-SLE-Module-Legacy-15-SP6-2024-4318,SUSE-SLE-Module-Live-Patching-15-SP6-2024-4318,SUSE-SLE-Product-HA-15-SP6-2024-4318,SUSE-SLE-Product-WE-15-SP6-2024-4318,openSUSE-SLE-15.6-2024-4318
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).